Linux users warned of new Trojan danger

**cybergal** · 02-06-2002, 03:12 AM

Am I to understand that Netscape, which I use, could transfer a virus only if I enter the Net as root, which I do only rarely? What about those email attachments that look like they have been sent by a friend but aren't?

**kenshi** · 02-06-2002, 04:29 AM

Am I to understand that Netscape, which I use, could transfer a virus only if I enter the Net as root, which I do only rarely? What about those email attachments that look like they have been sent by a friend but aren't?

I'm not sure of the details of e-mail viruses, but in Linux, a virus cannot hurt anything it doesn't have permission to. If you run it as a regular user, it could reak havoc in your home directory. If you run it as root, it could completely wipe all your software and even possibly damage your hardware (though that would be hard in Linux).

**Feztaa** · 02-06-2002, 04:33 AM

Am I to understand that Netscape, which I use, could transfer a virus only if I enter the Net as root, which I do only rarely? *What about those email attachments that look like they have been sent by a friend but aren't?

Just as long as you never do anything as root unless you absolutely have to (ie, editing system config files), you should be just fine. And email viruses can't hurt you, either.

Well, I don't know about some of the other mail clients, but mutt certainly won't run any malicious email code like some popular windows mail clients constantly do.

**Killer_Penguin** · 02-06-2002, 11:59 AM

Neither will moz or most modern mail clients... I think it's mostly the older clients, like nutscrape 4.x and the like, that havn't had updated in years. Netscape 4.x on a windows box was the main infection point last time our Corp was hit with Nimda. IE users didn't contract the virus (suprise suprise!). So, if you want a newer style client, capable of html content and whatnot, use an updated one.

**imported_Psycho** · 02-07-2002, 01:05 AM

Or don't enable html in your email client. If anyone I know mails me an html email, I will politly ask them to send in text. HTLM email from anyone I don't know I just delete after seeing a few lines to recognize html. I'm not wading through it, and I'm not enabling html email!

But that's just me. HTML email is just wrong IMHO. I may have to deal with it at work, but I ticks me off when my system pops up about a cookie when I open an email.

**kenshi** · 02-07-2002, 02:54 AM

Just use Yahoo mail. You don't have to worry about virii (it has built-in virus detection), it's easily accessible from anywhere, and you don't lose the address when you switch ISP's. I think it even has pop3 abilities. Plus it has a spam filter which gets about 90% of spam and does a damn good job. I've never seen it put anything in spam that didn't belong. (Well, after a while I stopped checking.)

**Compunuts** · 02-07-2002, 04:42 AM

I think HTML email was the main problem for this type of Trojan. There were those mails sent to Debian-security list with infected messages and that it render on my machine as text only. It also required you to run that attachment plus super user. I mean if I screw up the mail client, it will only affect my current user with only to those files that I have write permission to and that's it.

But like I said before, there are growing numbers of those who use "root" all the time. I see a lot of them in IRC lately.

??? root@isp.com :

**Feztaa** · 02-07-2002, 12:20 PM

But like I said before, there are growing numbers of those who use "root" all the time. I see a lot of them in IRC lately.

Hack their boxes and teach them a lesson. I mean, there's a reason that BitchX won't run if you are the superuser, so whatever kind of IRC exploit BitchX is trying to avoid, you should use against IRC root lusers