[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[OT] Re: WILD Level Worm/Virus Warning... GET yourAnti-VirusesSoftwareUpdated NOW!



> too funny, but Mac and *nix OS's have their own problems.  I think I saw
> that Julies linux/Unix box had a root-kit on it recently, those are
> always fun.  There just tends to be less stuff out there for mac and
> *nix because winblows is so much easier to screw with and it's whats on
> most ppl's desktop.  There for the impact is much greater in the script
> kiddiez eyez.
>
> William

Viruses tend to not be a problem for Unices because their overall design
makes it very difficult to write a virus that is effective. First let me
clarify that I'm talking about viruses, which spread on their own, not
trojan horses (such as a program that deletes your files when you run it)-
when it comes to trojans, most operating systems are equally vulnerable
(depending on what software you run on them).

A Unix virus has to target some arbitrary user-land program, as none are
"built in" to the OS like Internet Exploder is built in to Microsoft's
products. It would be naive to call the kernel 'immune' to viruses, but
it's damn close since it's usually compiled from source (and thus
different at a binary level; whereas microsoft products are 100% binary
identical on everyone's machine), stored in one file and only
write-accessable by the root user. Any intelligent Unix sysadmin will use
the root user for maintainance only; not running unverified binaries, etc.

User privileges are strongly enforced (not just what a user can do; but
what programs run by that user can do); so while it's entirely possible
that just one user on a Unix system could get a virus through some
buggy user-land program (ie. Unix Netscape or something), it wouldn't
spread very far because it's contained to that user; and the only programs
it could infect would be ones installed by that user (in most cases; 99%
of software on a unix machine is owned and installed by root but
executable by all). There's a good chance they have installed zero
programs on their own; so the virus would not spread. Its kind of like
trying to grow plants in a dark closet; you don't get very far.

In the Windows world, security was an afterthought.. and that's why it has
become such a nightmare.

Unix has vulnerabilities elsewhere - mainly resulting from poorly set-up
systems or bugs in software that runs as root (such as mail servers). But
these require specific action and knowledge to exploit. Someone has to
seek out the opportunity to hack your machine, basically. So it doesn't
spread the same way a virus does, not at all.

There is something called portscanning, however, which can be used to
audit a large number of machines (over the internet) to check for
vulnerabilities. If your IP address is in a range that someone decides to
portscan and shows up as having a vulnerability; they might be inclined to
try to hack you.

If you stay on top of patching userland programs (sendmail, sshd, etc)
for the big exploits (infrequent), run a recent kernel, and restrict ports
you are not using to run servers, you will have almost eliminate your
chances of being randomly hacked. Also, staying away from the mainstream
distributions will eliminate a whole group of wannabe script kiddies
trying to take your box. It's just the determined hackers you have to
worry about at that point; and plenty more can be done.
Port-scan/intrusion detection software, firewalls, etc.

...

Why am I writing this? Sheesh.

'blahblah blah'

-Toby