Posted by: Anonymous Coward
on February 27, 2007 12:04 AM
Contrary to the boasts of imperviousness, I am absolutely certain that when the Linux userbase reaches a point that makes the platform a target, we will see viruses/worms and spyware ruin our antivirus free lives. I'll go a step further and suggest that Flash or Javascript will likely be the first infection vector for spyware. I can already see a couple of likely routes but, I don't have the inclination or the desire to be labeled a pariah for writing a proof of concept.
On the contrary, this is exactly what you should do. I would not argue linux is impossible to infect either. If you know a real way, you should most certainly implement it and send it to bugtraq ASAP. If it's a proof of concept and doesn't do anything really nasty, you will not be labelled a pariah, any more than guys who currently report bugs in the kernel, browsers, etc.
In terms of the article, it would be more accurate to say that linux is a substantially harder target than windows due to the restrictions Joe mentions. It's certainly not impossible though. It just requires a lot more work as you have to start off by compromising security flaws on the user's system, rather than just get them to execute an attachment.
This happens all the time though and it has happened on linux (though not all that recently -- the Ramen worm being an example). Good advice for users who are worried about their security would be to:
make sure security updates are downloaded automatically and promptly applied.
do not install network services (eg web server, file sharing) unless you know what you're doing and need them.
look into setting up a firewall, eg firestarter <a href="http://www.fs-security.com/" title="fs-security.com">http://www.fs-security.com/</a fs-security.com>
Learn about Linux
Download Linux
Get Linux help
Re:Yet!
Posted by: Anonymous Coward on February 27, 2007 12:04 AMOn the contrary, this is exactly what you should do. I would not argue linux is impossible to infect either. If you know a real way, you should most certainly implement it and send it to bugtraq ASAP. If it's a proof of concept and doesn't do anything really nasty, you will not be labelled a pariah, any more than guys who currently report bugs in the kernel, browsers, etc.
In terms of the article, it would be more accurate to say that linux is a substantially harder target than windows due to the restrictions Joe mentions. It's certainly not impossible though. It just requires a lot more work as you have to start off by compromising security flaws on the user's system, rather than just get them to execute an attachment.
This happens all the time though and it has happened on linux (though not all that recently -- the Ramen worm being an example). Good advice for users who are worried about their security would be to:
GMC
#