The great virus debate

Printable View

Show 40 post(s) from this thread on one page

March 29th, 2003, 08:49 AM
problemchild

The great virus debate

http://www.pcadvisor.co.uk/index.cfm...view&news=3192

Quote:

US security firm Central Command got short shrift from UK security and Linux specialists this week after it released a statement stressing the need for virus protection on Linux systems. The statement warned that as Linux becomes more popular as a desktop operating system, inexperienced users will fall victim to the increased attention it will receive from virus writers.

Quote:

However, Eddie Bleasdale, director of consultancy netproject, yesterday roundly dismissed Central Command's advice, saying it was as good as impossible to conduct a virus attack on a Linux system or desktop. Indeed, he said he would pay £10,000 to anyone who could infect a well-configured Linux system with a virus.

Quote:

"Because Windows is so infested with viruses, we advise our clients to run three checks at a network central point and one on each desktop. With Linux systems we don't bother with virus checks because we know the system is secure."

OK folks, time for me to get up on my soapbox for a minute..... this really rubs me the wrong way because it's a recipe for disaster. The comments made by the Linux defenders in this piece are at best simplistic, and at worst outright ignorant.

First of all, yes, Linux is far more resistant to system-wide virus damage than Windows. Anybody who knows anything about OS design and user privilege levels understands that. However, that in no way means that Linux is impervious to virii, and to think that it does is severely short-sighted. Just because a virus or other piece of malicious code doesn't have write access to /etc or the MBR doesn't mean that it can't hurt anything. A virus executed with normal user permissions still has unfettered access to that user's home directory. :eek: I don't know about you guys, but I can reinstall the system in 15 minutes from a CD, but my /home data is what I value. Putting /home on a partition mounted with the noexec option will certainly help, but virus authors are a very clever bunch and I would never dare to assume that it couldn't be done.

Secondly, the comment that a well-configured system is impossible to infect completely misses the point that CC's concern is expressly for inexperienced users who don't know how to properly configure a system. Those of us who do any amount of work at all with Linux newbies know that the single most common mistake they make is working from the root account, which completely invalidates the argument about Linux's user privilege levels. As long as the Linux community was populated by sysadmins and IT professionals who took knew how to secure a box, Linux wasn't a very good prospect for authors. But as more and more people who don't understand the danger come on board, Linux will become an increasingly attractive target.

I think this is a dangerous attitude for security professionals to take. It's exactly this kind of "it can't happen here" attitude that will allow it to happen, and when it does, these guys will get their asses handed to them and they will deserve it.
March 29th, 2003, 09:10 AM
Shadowmeld

Intresting article, but I fail to see why he believes there is no need for virus protection on a linux box. IMHO I think that a virus could easily be spread through linux/unix flavours if the person knows what they are doing.
What is one off the biggest security risks with *nix that allows pops up on every distro?

Buffer overflows. If a person where to compermise on server to start with and had a sophisticated enough scanner, he/she could easily exploit several other servers. The possiblities are aboslutely endless. If the payload consisted of code variations for needed for core programs halting system processes or completely garbleing files via encryption ran on the filesystem. That would only be one half of the payload, the otherhalf could easily be a worm that propagates itself through the windows boxes (more than likely the other OS running on the network), it spells catastrophy. If it spread quick enough it could cause a global shutdown.

Just my two cents. If this seems a little off, I may not have expained it well enough, or I'm completely retarded, each is very possible ;) Hope this stimulated some thought processes.

ps. Sorry if spelling is off, I can't run spell check on work's current net config.
March 29th, 2003, 09:41 AM
CyberSpyder

Anyone knows that any computer without proper protection can be broken and even with proper protection if someone wants to break in and or plant a virus they'll probably find a way... Don't quote me on that though.
March 29th, 2003, 11:10 AM
instronics

Hello everyone.

This is a very interesting subject indeed. I have many different views and aspects on this. One important thing is that many people dont think about responsibility. Let us just assume that a virus cant damage a linux system, that does not mean that a file cannot be/stay infected. What if this file is sent/forwarded to other people. Linux users must have some sort of AV aswell, just so they dont spread virii which they might have gotten as an attachment or by any other means.

Also:

Quote:

However, Eddie Bleasdale, director of consultancy netproject, yesterday roundly dismissed Central Command's advice, saying it was as good as impossible to conduct a virus attack on a Linux system or desktop. Indeed, he said he would pay £10,000 to anyone who could infect a well-configured Linux system with a virus.

I find that is a very poor statement, and it's narrow minded thoughts like this which actually will get a big ugly suprise one day. Do not misunderstand me on this point though. Im sure that a WELL CONFIGURED linux system with a KNOWLEDGABLE USER can be safe from virii. To make this a bit more clear for linux newbies or people who do not have a clue about a *nix system, someone who just puts in a linux boot disk, and installs a simple default linux setup for the first time and has no idea about the sytstem itself may well be in great danger from virii. This again can be explained in many steps. One of these steps is that i disagree that linux should be used the same way windows is being used. My opinion is that linux should be used by people who know exaclty what they are doing (not counting people who really want to learn how to use linux correctly). Using linux correctly also means security. Security means backups, no messing about as root unless really needed, correct file permissions, properly configured applications/servers etc..... All this is important for a linux system. So to be safe from virii in linux it takes alot of knowledge. If this knowledge exists, then virii are not such a serious threat. One of the biggest mistakes is that many people think that linux (or even unix) is immune to virii. They are not. Its the person who administrates the computer to make it safe. So let me quote problemchild here for a sec:

Quote:

A virus executed with normal user permissions still has unfettered access to that user's home directory. I don't know about you guys, but I can reinstall the system in 15 minutes from a CD, but my /home data is what I value.

To keep your data safe from this situation, the security knowledge needed is called backups to another account. With its own permissions (owner, groups, rwx etc..). So if setup correctly, the system may be safe, but in the end its the value of the /home data that is very important.

Bottom line is, linux should be used by people who actually pay attention to the things i have mentioned above. If its used the same way windows is used, then the system can be screwed up easily (I know atleast 20 people who love to BitchX as root, or who run their ircD as root, now thats madness), just like many people on windows who go online as administrator. Do not rely on the system or the applications to protect you. Its you who has to protect your systems. I find it bad that linux distros are now orientating towards deafult security by default setup. Thats what windows is doing, and that is pathetic. Linux cannot be safe by default. By default linux is very vurnable. (Best example is the inetd that is activated by default). But once configured properly and tightend the way it can be, its VERY secure.

I hope i have made sense (i just woke up 20 mins ago and im still half asleep) :p

Cheers.
March 29th, 2003, 12:30 PM
Zonewalker

it is an interesting subject I agree... and I do agree wiith practically everyone here that says comments such as Eddie Bleasdales are short sighted, narrow minded and actually not very well thought out. I think, like all of you, especially Problemchild that the 'it can't happen here' attitude is particularly stupid.

having said all of that can I just add that in all the years I've been online .... over 9 years which compared to some ain't many I know...... I have only once been accidentally infected by a virus.... but to be honest the viri didn't actually get past the realtime virus scanner. Anyone who read the 'new spyware' thread a week or so back, might recall I've found a keylogger on my XP box recently... but this was installed as part of a legit program so I'm not counting that in the above assessment (and anyone who did read that thread... no I haven't heard back from the program makers yet... needless to say their software has been removed from the system for the time being)

yeah sure I've had people send me viri through email but i've been savvy enough not to blindly open every attachment someone sends me without scanning it first ... and even then I tend to be cautious opening it if it's an .exe or similar.

I think what I'm trying to point out is that it doesn't really matter what OS you have... there ALWAYS exists the chance that some clever bugger is going to be able to bypass software on any system. What is needed is mass education of how people can and should keep an eye on what they are doing as individuals. After all the weakest part of any computer system whether it's running, windows, *nix or anything else is the user.

oh instronics... I can send you some 'damn fine coffee' if you like - works for me :D

Z
March 29th, 2003, 12:40 PM
instronics

LOL, thanks zonewalker, might be a great idea :)

Cheers.
March 29th, 2003, 01:06 PM
IKnowNot

Zonewalker, you missed the fun :cool: ( so far )

I remember before there was ANY anti-virus software.
I remember the days ( contentious marathons ) to rebuild a system.
You need to get infected.

How else would someone learn to make regular back-ups???
How else would someone learn to update their software on a regular basis??
How else would someone learn to close ports??
How else would someone learn to set group policies??
How else would someone learn to set file permissions correctly??

Sorry, I don't remember the source, but I remember the quote:

" An Intelligent man learns from his mistakes, but the truly wise learn from the mistakes of others"

Is not that what A.O. is all about??
March 29th, 2003, 01:28 PM
Zonewalker

oh....... *$%#! I had replied to this once... but a glitch on the system just wiped out about 15mins of writing :( - too many smileys apparently

instronics... lemme find the matter transporter

IKnowNot... really sorry but can't be arsed retyping it all.... but the main point without all the rest of it... I did say I'd only been accidentally infected once... deliberatly infected machines before just to see how these things work and to 'have fun' :D including infecting an old system with CIH just to see if it would flash the BIOS... it did <wipes tear away> - the system died thereafter - but it was in a good cause

nice quote... yeah I agree....

Z

PS you would have liked the original text much better.. far more prosaic and humourous than this... sorry all... maybe another time
March 29th, 2003, 03:54 PM
tonybradley

I agree that the Linux OS is more stable and less vulnerable to attack when configured properly. On the other hand- it is also possible to patch and harden Windows in such a way that you can eliminate most virus threats.

As has already been pointed out, the problem with saying that a "properly configured" Linux box has no risk is that there are people all over the world running Linux who don't necessarily have a clue how to "properly configure" it- I'm one of them.

I have a box with Redhat Linux 8.0 on it to dabble and learn. Linux is becoming more popular because not only do many believe it to be a better, more stable, more secure, etc., etc. operating system, but the price tag (FREE in most cases, cheap in others) fits in people's budgets better than $200 or $300 for a Windows OS.

One of the reasons so many viruses exploit Windows, Internet Explorer and Outlook / Exchange is that it presents a target-rich environment. If I am going to write a virus with the intent of maximum damage, would I write it for OS2 or Windows?? The more Linux machines pop up around the world, and more companies adopt Linux servers as their core system hardware, the more virus writers will see Linux as a viable target. Then we will find out just how many people know how to "properly configure" Linux.
March 30th, 2003, 12:04 PM
shadowslip

They said the Titanic was unsinkable, it sank. They said "This is the war to end all wars," we are still battling.

The audacity of posting such comments on anything that is man-made is wreckless and fool hardy. After reading the quotes from the article the only thing I want to do is prove them wrong. The real harm comes from all the other individuals that feel the same, moreover the few that do take up the challenge. I think it was meant solely as a sales pitch but I suspect it has opened Pandora's Box.

SHDSLP

Show 40 post(s) from this thread on one page