[ Date Index ][
Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
On Tue, Jan 29, 2002 at 08:17:43PM +0000, Neil Williams wrote:
Oh come on, there's only one reason for the concern and we all know it - Windows executes arbitrary binaries with full system privileges.
Trying to get people off Windows off of the back of a virus issue is just going to get nowhere. Windows is rooted in people's lives and is just not going to change.
If the virus/worm/trojan didn't have system wide access, it wouldn't be anywhere near as dangerous.
I LOVE YOU didn't need system privs to cause denial of service through masses of email. Removing ones own files is enough to cause a big pile of poop, without touching other system stuff. To me ... rm -rf / and rm -rf /home/steve are ust about as annoying as eachother.
The only exploits of Linux that have received any serious attention all relate to programs that run as root, are SUID'd to root
You don't need root to get on people's tits, a decent flood ping will be enough. Hacking root is not that hard on vanilla systems, I'm not sure people are secure enough. OK, so you have to execute arbitrary commands to see this work, and we all know that's not an issue on linux, generally. However, does anyone remember the lm bug that let you runs commands for people? Having said that, who really knows what users are capable of. Give someone a program that tempts them and they might run it. "Run this to see if yuor boss has any porn", for instance.
or provide root access through mangled input data.
pardon?
The ordinary user is completely useless for virus writers.
I beg to differ. Virus writers are not just coders, they are psychologists. Give everyone in the universe linux and the virus market will just change. We're more secure, but we're not perfect. If linux was the world's only OS, then some prat would write something stupid which could be exploited. It's a game, and it will always be so. The rules will simply change. Steve -- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe.