[OS:N:] Virus Protection?

Fri Sep 16 13:43:54 UTC 2005

Sitki 
try for 72 chars wide - (using Yahoo mail dilutes your message :)
Thank god for par!

On Thu, Sep 15, 2005 at 12:51:57PM -0700, Sitki Yurekli wrote:
> 
> As Jeremy points out, Linux designed in a different way of thinking
>.........SNIPPED
> So, if you take the case like that, I think, it's really easy to
> understand why those try to "hack" or "damage" windows. It's not it's
> popularity, it's a matter of being open to everybody or "hidened" from
> everyone, I think.
>
> I'm thinking like that, If some-thing/body is open to everybody,
> immediately loses the point of attractivity (There should be some
> though reasoning beyond this but I'm not this one who can analyse
> it :)) Respect to this point, If everybody can know and learn about
> something which is easilly and fully accesible to all, it is not as
> much attactive as the one which's been hidened from everyone..

In summary, I think what Sitki is saying here is that people desire to
hack Windows rather than Linux because Windows is "Hidden" and "Secret".

In other words people want to do it because its "not permitted" or
Naughty and therefore attractive.

And he claims this explains why Windows has so many more people/tools
attacking it compared to Linux?

IFF my understanding of what Sitki has written is correct then
then what Rick Moen has written here:
http://linuxmafia.com/~rick/faq/index.php?page=virus

is something should be read, especially this passage:

Questioner:

Isn't Microsoft Corporation's market dominance, making Linux an
insignificant target, the only reason it doesn't have a virus problem?

Rick response:
Not at all. This question is virus pundits' pons asinorum: If they can't
think past this fallacy, don't even try to reason with them, as they're
hopelessly mired in rationalisation.

The speaker's supposition is that virus writers will (like
himself/herself) ignore anything the least bit unfamiliar, and attack
only the most-common user software and operating systems, thus
explaining why Unix viruses are essentially unknown in the field. This
is doubly fallacious: 1. It ignores Unix's dominance in a number of
non-desktop specialties, including Web servers and scientific
workstations. A virus/trojan/worm author who successfully targeted
specifically Apache httpd Linux/x86 Web servers would both have an
extremely target-rich environment and instantly earn lasting fame, and
yet it doesn't happen.

2. Even aside from that, it completely fails to account for observed
fact: Assume that only 1% of Internet-reachable hosts run x86 Linux (a
conservative figure). Assume that only one virus writer out of 1000
targets Unixes. Then, given the near-instant communication across the
Net that at this writing is blitzing my Linux Web server with dozens of
futile probes for the Microsoft "Nimda" vulnerability per second, the
product of that one virus writer's work should be a nagging problem on
Linux machines everywhere ? and he/she will be working very hard to
achieve that, given the bragging rights he/she would gain. Yet, it's not
there. Where is it?

The answer is that, for various reasons discussed in prior essays, such
code is very easy to write, but ? given minimally competent system
maintenance (including the automated kind, cited below) ? completely
impractical to propagate. And likely to remain so.

Questioner:
But how can you say there's no virus problem, when there have been
several dozen Linux viruses?

Rick response:
First of all, that's not what I said. (People keep failing to heed what
these essays actually say.) I said that Linux systems' architecture and
culture, by design, resist such petty nuisances, and create sufficient
default protections that anyone careless enough to be exposed to Linux
"malware" (viruses and such) has bigger and more fundamental worries: By
and large, you can be hit at all only by being really dumb. By and
large, you can suffer system (root) compromise from malware only by
being mind-bogglingly dumb.

End of passage

I realize this does not directly address what I think is Sitki's point.

Sitki's point has some merit (I Think), but it applies
equally well to both Win and Linux - People are motivated to break
security on ALL platforms because of the challenge.  This actually
equally to Win and Lin, but Win is simply much easier to break into.

This is similar to why so many more people climb Mt Marcy than climb Mt
Everest.  (Marcy Elevation: 5,344 ft , Everest Elevation: 29,035 feet)

http://en.wikipedia.org/wiki/Mount_Marcy
http://en.wikipedia.org/wiki/Mt_Everest

>
> As a daily matter of life-experience, which one is right and
> attractive for you? (and possibly the right one and the attractive one
> can come to in a contraversial state)
>
> - He/she declares ownself without any secrets and misorientations
>
> or
>
> - The one who tries to hide everything in order to exist????
>
> and, guess for which one of these you can be a "virus", which means
> malicious for its being???
>
> So, cheers,
>
> Sitki
>
>
> --- Jeremy Hogan <jeremy.hogan at gmail.com> wrote:
>
> > On 8/25/05, Jay Scherrer <jay at scherrer.com> wrote: > > Linux has
> been designed with security in mind. But > don't let that catch > >
> you off guard. One of my Windows users tells me > that the reason
> Windows > > has more viruses is because Windows is more > popular over
> Linux. If that > > is true, we should always be ready, just in case
> > Linux starts getting > > more popular. > > You should always be
> ready. Period. But I should > point out that UNIX > has been around
> longer than Windows, and people have > had plenty of > opportunity
> to hack it. Good hackers and bad > hackers. Linux is built > like
> UNIX in many ways, and is just plain old not as > vulnerable. > >
> The *real* reason Windows is attacked more often is > that it is
> easy. > Do more people dig tunnels under Fort Knox, or steal > candy
> bars from > the local store? > > The majority of WIndows attackes
> are written to > exploit design issues > not present in Linux, but
> more importantly are > spread by "script > kiddies" who are the
> 'Nets equivalent of Halloween > pranksters. They're > not smart,
> they're bored and easily amused. Point > them at a box where > they
> have to think about it, and they're quickly > swept off. > > > There
> have been several viruses unleashed against > Linux > > such as
> rootkit, where these are designed to > attack via sudo. The best > >
> practice is to watch your logs and possibly use a > file logger like
> > > bastille, or tripwire. One area of security are > core files.
> Core files > > are created when a program or daemon crashes do to
> > some unexpected > > operation or bug. This core file is used for
> > debugging and can contain > > information about your system and
> even your > passwords. A Cracker might > > try to crash any number
> of programs such as Apache > or Sendmail, just to > > get a hold of
> a core file. There are many scripts > available that can > > check
> file directories for core dumps and zero > length files. > > Once a
> hacker is on your machine, they can run all > sorts of nasty > stuff.
> And if you run as root and execute programs > you can be tricked >
> into installing every little chigger they rolled > into it. This
> is not > a flaw of either system in and of itself so much as > a
> by product of > "crunchy on th eoutside, soft and gooey on the >
> inside" security > policies. > > The big distinction is that on a
> Linux machine, darn > little can be > done to root processes with a
> breached user account, > and an even > bigger distinction is can the
> virus/worm propagate > itself without user > intervention. In the
> past a hacker has been able to > have an easier > time escalating
> their privileges within a "ring" of > access, due to > what's called
> "discretionary access control". Under > SELinux, for > example, it's
> "mandatory access control" and the > rings are cut into > slices,
> so gaining access to Apache, does not mean > you can get access >
> to anything at Apache's access level. If the service > does not
> ever > need to read a file, you can never read taht file if > you
> are running > as that service, same for writing, etc. > > > A good
> source for learning about Linux security is > the book "Hack > >
> Proofing Linux" by James Stanger and Patrick Lane. > This discusses
> > > everything from the common tools you can use to > how to protect
> against > > packet sniffers, Those pesky little programs that >
> watch your every key > > stroke over the web. > > Also check out
> "Hacking Linux Exposed", stop running > Windows, and get > a firewall.
> > > --jeremy > > _______________________________________________
> > Subscription and Archive: >
> https://www.redhat.com/mailman/listinfo/open-source-now-list/
> > - > For K12OS technical help join K12OSN: >
> <https://www.redhat.com/mailman/listinfo/k12osn> >
>
>
> __________________________________________________ Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
> _______________________________________________ Subscription and
> Archive: https://www.redhat.com/mailman/listinfo/open-source-now-list/
> - For K12OS technical help join K12OSN:
> <https://www.redhat.com/mailman/listinfo/k12osn>
>

-- 
speech recognition software was used in the composition of this e-mail
Jeff Kinz, Emergent Research, Hudson, MA.
Â¡Ya no mas!