Fear of a Linux virus
Fear of a Linux virus
Posted Apr 13, 2006 5:14 UTC (Thu) by nlucas (guest, #33793)Parent article: Fear of a Linux virus
People sometimes forget that one doesn't need to compromise a system (meaning, becoming root) to make enough damage.
A simple user-mode trojan can (as long as someone decides to run it) setup a keylogger, have a IRC bot running in the background, send spam (even if not using Outlook contact list, they can get the contacts from a webpage, or even google), etc.
In my opinion, the only reason there are not much treats in the *nix world is just because there are easier platforms to exploit (and, luck for the hackers/script kiddies, they are the majority).
Off course, the fact Joe "HaveNoIdeaOfComputers" Smith is mostly using that other platforms has a big role on this.
Posted Apr 13, 2006 6:34 UTC (Thu)
by tzafrir (subscriber, #11501)
[Link] (3 responses)
UNIX/Linux desktops were designed with that in mind.
Posted Apr 13, 2006 7:41 UTC (Thu)
by nlucas (guest, #33793)
[Link] (2 responses)
The point is that the fact users don't run with administrator rights doesn't make them free from having malware running, as malware doesn't need to run as root to do damage to the user data (even if the OS is protected from being infected).
It just get's easier to remove the malware, nothing more.
Posted Apr 13, 2006 15:32 UTC (Thu)
by martinfick (subscriber, #4455)
[Link] (1 responses)
I try to (and I suspect others will more and more) keep my data in a repository. Without root, you really would have a hard time destroying my data. I am sure that plenty of people have scripts and what not that run as root to back up user data with the idea that if the user account is compromised, at least an admin can restore most user data.
Posted Apr 13, 2006 19:31 UTC (Thu)
by nlucas (guest, #33793)
[Link]
If you managed to get your code executed on a remote system, you've already compromised it.Fear of a Linux virus
Yes, but that is not the point (Microsoft also said the same thing at start, as it's defense about the majority of the security problems).Fear of a Linux virus
Why is it so common for 'security naysayers' to assume that people running linux have the same myopic habits as people in the single workstation / single user world of windows? Most linux users understand the idea of trying to protect their data against compromises and just plain user error. They typically do not inherently trust just storing their valuable data only in their home directories.Fear of a Linux virus
Why is it so hard for people to learn security by user education only works _AFTER_ the fact?Fear of a Linux virus
Just go to a linux noobs IRC channel and look how people swap scripts and run them without any care.
Mostly they are using their own PCs, so no chance of having an admin to correct their's mistakes.
If they get rooted, as with any window machine in a botnet, they will do as much damage to all of us as any other in the botnet.