Author Topic: A Good Start at Eliminating Virus Attacks Against Your Computer.  (Read 2163 times)

choasforages

  • VIP
  • Member
  • ***
  • Posts: 1,729
  • Kudos: 7
    • http://it died
but as the fortune file goes, lindows is whats gonna take off
x86: a hack on a hack of a hackway
alpha, hewlett packed it A-way
ppc: the fruity way
mips: the graphical way
sparc: the sunny way
4:20.....forget the DMCA for a while!!!

beltorak0

  • Member
  • **
  • Posts: 223
  • Kudos: 0
    • http://www.angelfire.com/realm/beltorak
If a stupid linux user runs a "cute" program sent by a "friend", said program can exploit a bug in the kernel and gain root privilages.... see  http://www.ryanspc.com/index.pl?page=exploits
 under the link "ptrace24.c Shieze.  Time to update my kernel...

-t.
from Attrition.Org
 
quote:
Like many times before, Microsoft is re-inventing the wheel and opting for something other than round.

-t.


voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
Ok, what kernel am I running?  Right, you don't know. It would be *very* unlikely that a virus is going to make any headway on Linux systems because Linux is extremely diverse.  Each distribution runs different patch kernel versions and patch levels.  It's "highly" unlikely that a stupid user is going to run such a program, and if they do the system be configured in such a way that the program is lucky enough to be able to exploit it.  Go ahead and write a virus using this exploit and see how far you get.  BTW, kernels <2.4.9 are now fairly old.  RedHat 7.3 is at 2.4.18+.

Sure it is not impossible, but highly unlikely that a virus will ever do a lot of damage because of the combination of good security and diversity in configuration.  With Windows it is easy, low security, every system is virtually the same.
Someone please remove this account. Thanks...

choasforages

  • VIP
  • Member
  • ***
  • Posts: 1,729
  • Kudos: 7
    • http://it died
yeah, like my kernel versin is 2.4.19-ChoasNETOS-JMK-try3

thank god for gentoo's kernel patch
x86: a hack on a hack of a hackway
alpha, hewlett packed it A-way
ppc: the fruity way
mips: the graphical way
sparc: the sunny way
4:20.....forget the DMCA for a while!!!

DC

  • Member
  • **
  • Posts: 211
  • Kudos: 0
quote:
Originally posted by VoidMain:
Viruses run in Linux as a normal user can *not* scramble system files and executables without root access. Only root has access to the binary executables on a Linux system.  Hence a virus can not propogate itself by the definition of a virus in Linux.  That is, it can not attach itself to other executable files, it has no permissions to do so. Most (not all) of the Oulook problems are actually "worms" or a combination of worms and viruses.


My point is that it can access user files - like documents etc - and damage those. Plus, it can make it so it excutes on login or whatever.
In business world, who do you think owns the most important files? Root, with system files that keeps the system running, or the users, who own the actual data that keeps the business running?

And normal users CAN own binaries. They just usually don't. Or not the important ones, anyways (I own a few files on my computer - "hello" for example  :D  )

Viruses may change in a Linux-world, and they may very well be much less dangerous. But they WILL exist and do damage.

 
quote:

Now, having said that, the new Lindows OS (ick) will be *very* susceptible to viruses because it defaults to having everyone use the system as "root" and the "root" user has no password (duh! duh! duh! duh!).  Lindows will probably be the worst thing that has ever happened to Linux since it began.  Hell, at least Apple was smart enough with OSX not to have normal users log on to the system as root.  Why Lindows and it's brain dead CEO ever had this brain cramp I'll never know.  It completely goes against the most basic security rule of UNIX.

Unfortunatly, this is true.
GS/CS d- s-: a--- C++ UL+ P+ L++>+++ E W++ N>+ o K- w-- O- M V? PS+>++ PE- Y+ PGP t+ 5+ X R tv+ b+++ DI+ D+ G++ e>++++ h! r- y
A quantummechanical wavefunction describing an unknown amount of bottles of beer on the wall
A quantummechanical wavefunction describing an unknown amount of bottles of beer on the wall
We take a measurement, the wavefunction will collapse, and one of the bottles of beer will fall

voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
I disagree, assuming Lindows does not become a "standard", god help us. As long as the most basic security rules are followed I do not believe that "viruses" (by the definition of virus) will ever become a problem in Linux/UNIX.  Of course we will have to wait and see.  

I've been waiting 10 years now and have yet to see a single virus outside of M$.  On the other hand I have seen thousands in M$. Remember, a virus has to be able to attach itself to other programs, replicate and propogate itself, or it is not a virus. If you get an email with an attachment, and you save that attachment, make it executable, run it, and it deletes all of your personally owned files, that is not a virus, it's just malicious code.

[ July 24, 2002: Message edited by: VoidMain ]

Someone please remove this account. Thanks...

DC

  • Member
  • **
  • Posts: 211
  • Kudos: 0
Well, then maybe my defenition of a virus is flawed. Maybe what I described was a worm, not a virus. Not that normal people will know the difference (after all, by this description, most current viruses are worms as well).

Besides, to see viruses outside MS (the ones you define), search for 'linux virus' on Google. The first one I found, 'Bliss', is a cool one - it has it's own antivirus   . This virus will indeed need root access (or at least writeble executables) though. There are loads more.
GS/CS d- s-: a--- C++ UL+ P+ L++>+++ E W++ N>+ o K- w-- O- M V? PS+>++ PE- Y+ PGP t+ 5+ X R tv+ b+++ DI+ D+ G++ e>++++ h! r- y
A quantummechanical wavefunction describing an unknown amount of bottles of beer on the wall
A quantummechanical wavefunction describing an unknown amount of bottles of beer on the wall
We take a measurement, the wavefunction will collapse, and one of the bottles of beer will fall

KernelPanic

  • VIP
  • Member
  • ***
  • Posts: 1,878
  • Kudos: 222
I use this really good virus checker combination on all my windows PC's.
The first tools is called fdisk (great tool) and the other is this thing i use called linux which clears it up nicely    
Jokes aside you have to be careful with windoze, i only use it for gaming compatibility but i always have my trusty virus checkrer by my side.

[EDIT] Missed something, pull out that pesky RJ45 from the back of your PC and disable you CD-ROM and floppy drives. Trust no-one and sing happy songs.

[ July 24, 2002: Message edited by: Tux ]

Contains scenes of mild peril.

voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
quote:
Originally posted by DC:
Well, then maybe my defenition of a virus is flawed. Maybe what I described was a worm, not a virus. Not that normal people will know the difference (after all, by this description, most current viruses are worms as well).

Besides, to see viruses outside MS (the ones you define), search for 'linux virus' on Google. The first one I found, 'Bliss', is a cool one - it has it's own antivirus    . This virus will indeed need root access (or at least writeble executables) though. There are loads more.



Sure, anyone can write a virus, but in order for it to be effective it has to have the ability to spread. Generally in *NIX it does not have that ability. Maybe one day it will happen but like I said, I haven't seen it in the last 10 years, nor have I heard of *anyone* who has actually had a virus problem in *NIX.

You are correct, your definition of virus is flawed. And a lot of "worms" now days are incorrectly listed as viruses, although a lot of them are accompanied by a virus. The worm does help it along.  But of course it seems these worms are only a problem in M$ Lookout.  Who's dumb fuck idea was it to allow a mail program to have the ability to automatically execute code contained within an email message????
Someone please remove this account. Thanks...

Calum

  • Global Moderator
  • Member
  • ***
  • Posts: 7,812
  • Kudos: 1000
    • Calum Carlyle's music
well i have to use windows for internetting, as you know, due to duff hardware. I use AVG antivirus since it is free for personal use and is as good as its pay alternatives (i used to use another free one which was swiped from under me by a lying company). HOWEVER i have only had about 4 viruses in my time and none of them have ever caused any noticable problems. Why? windows fucks up so much and gets reinstalled so much on its own that the viruses have never made themselves known to me.

Much more important to me is my firewall. I use zonealarm, which is also free for home use, and is excellent and simple to use. Why people worry about "viruses" when there are real people out there trying to break into your machine i'll never know.

As for viruses in unix, Lindows can fucking suck cock and die for all i care. The more i hear about this "system" the more it pisses me off. It's Microsoft windows' younger brother. ANd it will be even worse than M$Windows, since it is dressed in sheep's clothing.

A binary being run by somebody only has access to files owned by somebody, and so if they only have write access to files, for example in /home/somebody then the WORST that can happen is that those files get wiped. That is the worst, end of story. If somebody backs up their files, then no sweat. Of course, if the admin is dumb, then a lot more could happen. I hear of people saying "oh i just run everything as root, i never got around to making any new users, and it's easier for me anyway" but then i also hear of people saying "this lindows looks like the easiest way for me to switch, i think i'll BUY it"...

Re: bugs and holes, unlike windows, the linux kernel is open source, get it? many people do not realise the knock on effects of this. When somebopdy says "new hole in windows 2000, then hundreds of thousands of computers are vulnerable at a stroke, since they all use the same kernel. Also, windows is so fucking crap that even if all copies of windows 2000 get the new service update installed, some copies are just going to cack up and need reinstalled pretty quick anyway, and who can be arsed applying new updates to their cruddy windows box when it'll just need reinstalled soon anyway? (not me, last time i installed an M$ update it fucked my cdwriter program and i needed to reinstall, how "ironic") HOWEVER, since linux (and BSD i think) uses open source kernels, you can literally write your own modifications, and many do, and many more include their modified versions in distributions, plus the kernel gets updated a shitload more frequently than windows' kernel does, and this adds up to a fuckload more kernels out there. Out of a thousand linux users, all with versions of linux from the last six months, you could easily find a couple of hundred different kernels, yes? am i right, or have i missed something? get that many windows xP users, and count how many different kernels you get, and then find one of the holes in the kernel and bingo, point proven.

[ July 24, 2002: Message edited by: Calum ]

visit these websites and make yourself happy forever:
It's my music! | My music on MySpace | Integrational Polytheism

KernelPanic

  • VIP
  • Member
  • ***
  • Posts: 1,878
  • Kudos: 222
Calum, we can always rely on you to 'set the score'
Contains scenes of mild peril.

tratan

  • Member
  • **
  • Posts: 27
  • Kudos: 0
    • http://home.nc.rr.com/jordanweb
It's sad how often new Linux users will do everything as root.  It's not a *large* problem yet, and it's better than them using Windows, but if Windows starts failing than it'll become more of a problem.

What would be ideal I suppose is a way to easily run programs with limited privileges, such as restrictions on network access (stop worms), overwriting/deletion (but allow new file creation), and limits on CPU and disk-space usage.  Otherwise, a user just downloads what he/she thinks is a benevolent program, runs it, and loses his data.  Perhaps Root should be able to only let certain users run certain approved programs.
Anything I state, unless I say otherwise, is my opinion.  If I say I observed something then I observed it, if I say something is true than that's an opinion.

voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
You can already do most of what you are asking. On RedHat if you look at the "/etc/security/limits.conf" file you can see how you can limit users in many ways. I'm sure this is part of all distros but not sure what config directory it would be in (do a "locate limits.conf"). Also for on a standard distribution install (it's called "ulimit"). Do a man "bash" and search for "ulimit".  Also you can limit how much disk space a user can have with "quota".

Although I have not tried any of them I believe there are kernel security enhancement patches that will allow more control over who/what/when/where/how a user or program can access the network.

[ July 29, 2002: Message edited by: VoidMain ]

Someone please remove this account. Thanks...

tratan

  • Member
  • **
  • Posts: 27
  • Kudos: 0
    • http://home.nc.rr.com/jordanweb
*nod* I know that users can be limited in those ways (though I didn't know the name of the file, thank you Voidman   ).  The problem I see though is that users have full access to their private files, so anything they download and run will have full access to those files (unless they do something akin to sudo).  Basically I was considering putting further restrictions on certain files, beyond the restrictions on the users that run the files.  A model that could help I suppose is 2 accounts for every user, one with the user's full rights and a testing account that doesn't have access to the user's important files.  It's just that it's hard to prevent the user from hurting themself.  Unless they're only allowed to execute programs in /usr and /bin, they'll probably just keep downloading and running malware.  Note that this is unlikely to compromise the security of the entire system (except for those fools who constantly use root), it's just that non-system files can be important, too.
Anything I state, unless I say otherwise, is my opinion.  If I say I observed something then I observed it, if I say something is true than that's an opinion.

voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
Unlike Windows, there are several steps that a user must take to run a program (even it is only in his/her personal space).  It takes coherent thought. If you trust the user enough to even use the system at all then the default limits put in place are more than enough in my opinion.  If a user knows enough about how to download and run a program and they still get burned then it's their own damn fault.

In Windows however, it is not the user's fault in most cases because it is the design flaws of the operating system that allows such an easy mutilation of not only the user's personal area but the rest of the system in most cases.

If you want to put such heavy restrictions on the user then you should run them under a restricted shell (rbash). Do a "man bash" and search for "RESTRICTED SHELL".

Or see:
http://www.gnu.org/manual/bash-2.05a/html_node/bashref_75.html

With this you can set their path in such a way that they can not run executables except for specific directories that they do not have permission to write to. That includes denying them the ablility to run a command in a local directory with a "./" in front of it.

[ July 29, 2002: Message edited by: VoidMain ]

Someone please remove this account. Thanks...