LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

There may not be any viruses yet...

There may not be any viruses yet...

Posted Feb 20, 2003 15:58 UTC (Thu) by hazelsct (guest, #3659)
Parent article: Lindows sells virus protection

...but with the increasing complexity of end-user software, they are bound to come around at some point. For example, a buffer overflow in OpenOffice could be exploited by an email attachment, which would look for address books for Mozilla, KMail and Evolution and mail itself to everyone on them. And it doesn't need to be root to do damage, stealing cookies is sufficient. It's not that hard.

Furthermore, as software becomes componentized to allow attachments to open inline, this requires minimal user interaction -- just open the email for viewing, and it's propagated. Consider, for example, this post to the AbiWord list and screenshot...

(Log in to post comments)

There may not be any viruses yet...

Posted Feb 20, 2003 19:32 UTC (Thu) by dbreakey (guest, #1381) [Link]

Nice.

However, Evolution does not, and will not (according to what I've read a while ago, anyway; don't have the time to track down the reference—sorry), include the automated scripting support necessary to make e-mail viruses the serious threat that they are on Windows.

Granted, this doesn't mean that the embedded component itself can't include such capabilities, nor does it preclude the possibility of quiet installation of a component that will permit even worse nastiness…

Anyone know if these kinds of possibilities have been raised to the appropriate developers and, if so, whether a potential solution has been posited? My guess would be some sort of administrator-sanctioned control of whether new components can be activated or not; perhaps a config file somewhere that explicitly lists what components may be safely run, and maybe another list where the application will be required to obtain approval from the user before activating the component.

Whatever the solution ends up being, we can't rely on the old Microsoft saw-horse of hard-coded security (eg: Outlook containing a hard-coded list of what attachments are "safe" or not). Whatever we settle on needs to be configurable by the administrator, including whether or not regular users can decide what's safe or not.

There may not be any viruses yet...

Posted Feb 20, 2003 20:26 UTC (Thu) by iabervon (subscriber, #722) [Link]

In that case, though, you should update your OpenOffice, fixing the actual bug rather than using a virus scanner to stop a particular exploit of that bug. After all, if there's a virus which exploits a bug (or feature) in your software, a scanner might catch that virus, but it won't catch a different exploit for the bug or an exploit which arrives in a different fashion (you might download it by ftp or get it from an NFS mount, perhaps).

The reason to have a virus scanner is to try to deal with a bad design, where an exploit cannot be prevented by bug fixing; DOS viruses exploited the inability of DOS to prevent programs from modifying each other, Word viruses exploit the inability of Word to restrict macros to safe actions, etc. Linux as a whole is better designed (the user can't write to most programs) and Linux software is generally better designed.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds