I want to know if my thoughts on linux virus defense are accurate so I can post said thoughts on another forum.
A virus in linux should cause fairly little damage (compared to Windows) due to permissions. If user doesn't have the permission to do something in a directory and the virus is executed as user would that still be true?
[quote author=ASCI_Blue link=board=2;threadid=5987;start=0#57076 date=1041496735]
I want to know if my thoughts on linux virus defense are accurate so I can post said thoughts on another forum.
A virus in linux should cause fairly little damage (compared to Windows) due to permissions. If user doesn't have the permission to do something in a directory and the virus is executed as user would that still be true?
[/quote]
As far as I'm aware, thats true. The most you could lose is $home while running as the default user. Thats part of the reason why you should never log in as root.
it also depends on your definition of a virus. some applications could be trojaned or have backdoors that one can manipulate. these could be considered viruses too.
a good point sarah, and I was considering those virii too. Also boot loader/boot partition virii (stuff that destroys the mbr since I don't remember the proper name).
security is good in linux. if im user foo and i get a really nasty virus, it can destroy my homedir but not even touch anyone elses. it could start using 100% cpu power, but root gets priority and could kill it.
so since virii arent useful we have worms. worms seek root access by exploiting a vulnerability in some service. so make sure your daemons are up to date and you should be okay. netstat -anp --inet will tell you what ports are open to the world. make sure you need all those.
Everybody here knows that a virus on linux could destroy the whole installation.
SAY WHAT?
Yes. If you think about it, it's pretty damn obvious. What is the hardest part of hacking a computer? Most sources would seem to say getting user level access. From there you use whatever root kit and get root, and from there you do whatever the hell you want to. Therefore, a virus which has user level access need only be programed to attempt several rootkits, and if one suceeds it has your whole system. So, virii on linux could be a threat. Now, if you run a recent distribution, the odds are probably a rootkit wouldn't work on your system -- yet. Surely sometime one of the thousand packages modern distributions seem to install for a local utility could have a root exploit and a rootkit could make use of it.
a root kit is setup after root is gotten, to keep that access
you mean a local root exploit. that is a possibility but again keep your software recent and you should be okay
Indeedy that is what I mean, but see... It could happen!
Its far less likely to happen than under Windows though. Its not like you know that the layout of every system is the same and they all have X and Y software installed (Like Outlook, IE, etc)
Anyone really concerned about virii/trojans/worms/ whatever could always go to www.datafellows.com and download F-Prot for Linux for free - it gets updated fairly frequently (sometimes more than once a day) and it is very straightforward in operation. Go to their free tools page when you get there.
Later On,
horus 8)
Posting Permissions
Reply With Quote
Bookmarks