| |||||||||||||
|
| |||||||||||||
How to write a Linux virus in 5 easy stepsHow to write a Linux virus in 5 easy stepsPosted Feb 11, 2009 22:54 UTC (Wed) by jengelh (subscriber, #33263)In reply to: How to write a Linux virus in 5 easy steps by drag Parent article: How to write a Linux virus in 5 easy steps
>The _Linux_system_ is relative secure, but as far as user accounts on the desktop there isn't much protections.
And don't forget the PEBKAC. Telling users to rm -Rf still yields an occassionall hit.
(Log in to post comments)
How to write a Linux virus in 5 easy steps Posted Feb 12, 2009 2:36 UTC (Thu) by drag (subscriber, #31333) [Link]
Well ya.
but you don't want to hang the users out to dry.
My biggest pet peeve, for example, is when people tell other people that they are stupid for double clicking on a attachment in a email that ran a program that installed a virus.
It's very irritating because double clicking is about the only way to interact with the system. And _no_shit_ attachments in email can be dangerous, but why does the system react to double click in the most dangerous manner possible?
Users are trained by the UI to double click on everything and see what happens. So it's like it's a trap... extremely bad UI design.
So probably the policy for the UI is not to do anything automatically unless it's safe.
The unfortunate problem is that programs react the same if it's safe data vs having untrusted data.
------------------
Of course you shouldn't go out of your way to protect stupid users. If they insist on doing something potentially stupid then you should let them. Just don't do it automatically for them.
Something like that.
How to write a Linux virus in 5 easy steps Posted Feb 12, 2009 12:43 UTC (Thu) by epa (subscriber, #39769) [Link] It's very irritating because double clicking is about the only way to interact with the system. And _no_shit_ attachments in email can be dangerous, but why does the system react to double click in the most dangerous manner possible?Absolutely right. Double-clicking on an icon should and must be a safe operation. It should *open* the file, not execute it. The only things that can be safely executed are programs specifically installed as executable, either through the system package manager or by the user (or desktop environment) marking them as such.
How to write a Linux virus in 5 easy steps Posted Feb 12, 2009 17:08 UTC (Thu) by drag (subscriber, #31333) [Link]
Well don't forget that opening malicious documents in applications can have the same effect as executing a binary.
For example a common attack vector is to use HTML email to exploit flaws in Microsoft's HTML rendering technology. Using javascript or other things like that to exploit weaknesses that were discovered and 'patched' in Internet Explorer.
Another one is using built in languages for applications to execute virus-like things. For example Word Macro viruses were very very popular.
-------------------------
So... say in Linux there is a flaw in Envice's PDF rendering method some were. So you could send a legal PDF over email that when executed by Evince it would exploit that flaw and run some shell code.
Since there is no security internal to a user account or desktop any program, even the most trivial and unimportant, with a exploitable flaw can be used to gain full access to anything and everything on that user's desktop..
This example is just targeting Nautilus or Konquerer to do a oversight in the .desktop standard... but any program that is commonly used to handle files downloaded from the internet has the same potential problems.
------------------------------
With Linux having a generic attack like with Word Macros or Win32 HTML rendering flaws probably won't work.
So worms and viruses won't spread. The environments are to diverse and are patched too quickly for a generic attack to work in that manner.
This is, in fact, what makes Linux resistant to viruses even though the Linux binary formats makes it very easy to write viruses.
HOWEVER this does not make Linux resistant against focused attacks. If a attacker knows what desktop your using and knows that there are flaws in some of the software your using on your desktop then they could create a focused attack that, if they are targeting a corporate desktop install (for example) with hundreds of users, then they can have a very high probability of success.
How to write a Linux virus in 5 easy steps Posted Feb 12, 2009 9:03 UTC (Thu) by renox (guest, #23785) [Link]
Not only a PEBKAC.. 'rm -Rf' works because the command name is obscure, telling users to type 'delete -recurse -noconfirm' would be far less successful..
I'd argue that a sensible designer should choose meaningful name for dangerous actions.
How to write a Linux virus in 5 easy steps Posted Feb 12, 2009 15:43 UTC (Thu) by jhardin (guest, #3297) [Link]
> telling users to type 'delete -recurse -noconfirm' would be far less successful.
You're assuming that they know what "recurse" means. :)
delete --subfolders --noconfirm
How to write a Linux virus in 5 easy steps Posted Feb 12, 2009 16:13 UTC (Thu) by jengelh (subscriber, #33263) [Link]
Directories, directories. Shitty Windows "folder" terminology, even Microsoft once knew better during DOS times.
How to write a Linux virus in 5 easy steps Posted Feb 13, 2009 8:04 UTC (Fri) by muwlgr (guest, #35359) [Link]
What about that thing called "Active" Directory ? :>
How to write a Linux virus in 5 easy steps Posted Feb 13, 2009 9:49 UTC (Fri) by jengelh (subscriber, #33263) [Link]
That's probably a circumscription for a reiser-backed data storage, because normal directories are pretty much static and inactive by themselves.
(SCNR-reiser-joke-after-everybody-else-had-theirs-already.)
|
|
||||||||||||