[ Date Index ][
Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
Gemma Peter wrote:
(MyDoom didn't exploit any flaw in the code).
Urm - no it utilises several design flaws - which is to execute attachments that are executables too readily, and not to display clearly what an attachment is. Mozilla will execute "virus.sh" attachment if you tell it to use "/bin/bash" as the program to open the file with. However by default ".sh" is not mapped to "/bin/bash", and if you tried to introduce it as a default the Mozilla development team would deride your lack of clear thinking. Also Mozilla clearly displays the file name, and tells you what it is opening the attachment with. Salutory lesson in just how little stands between GNU/Linux users and viruses. All that is needed is one of the common applications used for reading attachments to allow arbitary code execution, either deliberately or through flaws. Whilst I think there are structural reasons why GNU/Linux has less malware, it is a long way from being even vaguely secure against knowledgable attackers. Of course on a well secured system the malware shouldn't find anywhere to store itself away, so if the user realises what has happened he can just kill the processes. But typically a users .profile can be modified allowing a virus to restart when the user next logs in, or .bashrc, for the next shell launched etc. We all sure that executables are read only for general users on our systems? find / -perm -003 ....finds very few files on my system, but quite a lot of /usr/local is owned by srw, and used by other users (well Faye).... bad Simon.... Perhaps it is time to redo the Kuang analysis tools - and to start harden GNU/Linux properly. 'tripwire' is not enough.
Attachment:
signature.asc
Description: OpenPGP digital signature