regarding security on Linux

Brian Densmore DensmoreB at ctbsonline.com
Wed Dec 26 19:54:54 CST 2001 

> -----Original Message-----
> From: DCT Jared Smith [mailto:jared at dctkc.com]
> Sent: Wednesday, December 26, 2001 1:05 PM
> To: kclug at kclug.org
> Subject: regarding security on Linux
> 
> 
> >My opinion is that you don't need an antivirus package for Linux. I
> >haven't actually seen any Linux "viruses". I have seen some 
> worms [none
> >on my box, just CERT advisories], but if you don't use the 
> root account
> >and you haven't given your account special privileges you 
> have nothing
> >to worry about. This may change in the future.
> 
> Mmm. Never a wise approach to think you're immune.

Well, true said! But I was mainly stating that I haven't seen any
viruses yet. Secondly, in order to get infected with a virus, you must
first execute it. Whether your OS executes it for you [nice OS, friendly
OS, yessss precious so friendly and triksy precious] or you click on it
and execute doesn't really matter. I haven't seen a need for a virus
scanner, yet. I do make a habit of pulling down security patches, as I
recommended.

> 
> I think the main reason there are more MS viruses is because there
> are more users (thus more crackers, although per capitas may 
> be similar), 
go figure ;)

> the line about needing root access is a ruse; both OSes have 
> plenty of 
> viruses and firewall breaches.
Umm, no. If you don't run as root and your account doesn't have root
access and you don't have some slick way of getting root access, you can
only damage your own account and directory and programs with a "virus".
You should have read his post more carefully, he selected "paranoid".
Mandrake's "paranoid" and Bastille hardening on the OS will have removed
many services and disabled all those nice little "su" utilities. He has
crippled his system for security's sake. Many things on his menu may not
work now because of not being able to "su" via a program [at least that
was my experience with Mandrake 7.x]. I could be wrong, it has been
known to happen.
And yes there are abundant bad guys out there writing bad code, but some
system are more resilient and protect friendly.

> 
> If Linux were as popular as MS, there would be as many viruses,
> you can count on it. They would simply be handled more efficiently:
> that's the valid argument for Linux (i.e. not blind trust).
Umm, wrong again. You are unlikely to ever see the same quantity of
viruses. Because many M$ viruses pray on the stupidity of the OS. [i.e.
USE web browser to view e-mail, link in all other programs to browser,
allow browser to launch programs without the users knowledge, etc, etc,
etc]

> 
> What's the point of making a virus for a system which everyone
> loves to patch? Well, whoever said there was a point to viruses? :-)
Windoze is not a virus. Viruses are frequently updated and well
documented by their authors.
:)
> 
> A simple Google search on the words 'Linux virus' brought up
> some things which you may want to know about:
> 
> http://linux.oreillynet.com/pub/a/linux/2001/09/18/insecurities.html
I didn't see very many viruses [granted a quick scan]. Mostly exploits
and worms. I distinguish between the two. Viruses can be prevented by
not executing them. Worms and exploits are much more difficult to
control and virus scanners don't usually help here.

Thanks for the link and stimulating conversation,
Brian

P.S.

Hopefully this will help our friend in deciding what to do.

BTW, I forgot to include a link for a scanner in case anyone want to use
one. It has been posted to the list before. It is (IMHO) mostly useful
for removing M$ viruses, but also is useful for those pesky Linux
viruses. ;)
http://www.amavis.org/amavis.html

More information about the Kclug mailing list