Survival Time for Unpatched Systems Cut by Half
Monty J. Harder
lists at kc.rr.com
Thu Aug 19 19:00:33 CDT 2004
"Brian Densmore" <DensmoreB at ctbsonline.com> wrote:
> So I guess the pertinent question is, are Linux IM clients susceptible
> to this kind of <spellingnazi> virii </spellingnazi>? That is of course
> assuming some enterprising young cracker writes one for Linux systems?
> Of course if I was a cracker, I'd write cross-platform virii, and have
friendly
> download pop-ups letting the user choose the proper poison pellet.
In theory, a Linux IM client with any kind of hooks for plugins would be
vulnerable to this sort of thing, but you have the additional hoops to jump
through of getting the user to download the malware, make it executable, and
then execute it. (Think back to the discussion of automounting removable
filesystems; as long as they are mounted noexec, there are no serious
security issues.) Even the Windows version required you to install the
plug-in.
More information about the Kclug
mailing list