• Next message: : "Linux-Activists Digest #624"
• Previous message: Kari T. Salmela: "HD: read_intr: status =0x59?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

From: jbb@gec-epl.co.UK (John Burton)
Subject: linux viruses
Date: 30 Jun 1993 11:14:10 GMT

>The only Security hole, where a (DOS) might swap in is while
>booting with a floppy since floppies are easy to get infected,
>a friend just got a nasty Virus, which put itself into a hook
>which is available on AMI BIOS . It somehow got itself moved
>into the cmos RAM (SETUP) and got into rum prior any Bootsektor
>was loaded. After this he removed all DOS from his Harddisk
>put at DOS place a linux Partition and changed booting priority
>to C: (HD), and installed lilo so everything is safe now, He only
>can boot now if he tells lilo to read the Floppy Bootsektor
>but it cannot happen by accident (this is how his machine got
>infected on the DOS Side.)

There is NO WAY a virus could store itsself in the CMOS ram. Apart from
the fact that there are only a few bytes, it is not possible to execute
code from the CMOS RAM.

>: Bootsector viruses won't be able to affect Linux, because
>: a) they won't survive :) (all memory will be set to zero)

Are you sure linux couldn't be fooled into thinking there is less memory
that there really is, and not zeroing it all...

>They can survive if they are quick enough to catch alle
>interups and getting a timer to move them back again :-)

>: b) Linux catches ALL interrupt vectors, so there is no way
>: one of the non-existant viruses could be activated

This makes little sense. What are you trying to say.

>: There is no way for a Linux virus to hide (all active processes
>: are registered in the process table, so ps will display all of
>: them). It is impossible for viruses to manipulate the memory
>: management to hide, they can't duplicate, if you write protect
>: your files.

So what. MSDOS only allows one process, the one you have run, and you
know what that is. If the program you are running has been modified, it
doesn't need to 'hide' anywhere. You can't write protect the whole disk.
(Well, you could but you wouldn't want to).

The point is that is would be possible to write a virus that run under linux,
or indeed any unix, but it would only be able to spread where security
was poor (or exploiting a bug). All this talk about viruses hiding in the
CMOS RAM is just a waste of time.

-- John Burton

• Next message: : "Linux-Activists Digest #624"
• Previous message: Kari T. Salmela: "HD: read_intr: status =0x59?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]