vulnerability of Linux

Fri Nov 25 23:47:48 UTC 2005

Rodolfo Alcazar wrote:
> On Fri, 2005-11-25 at 14:48 +0000, Joao Paulo Pires wrote:
> 
>>'Linux may not be as vulnerable as Windows, but if you think Linux
>>viruses don't exist, you'd better think again. Virus writers have any
>>number of possibilities'
>>
>>I have just read this sentence and I'm concerned because I have only
>>firewall(from router a from FC4) working on FC4. Could you explain to
>>me wich actions I should take? Note: I have Toshiba laptop, FC4, Gnome
>>and Thunderbird. The only programs I know are Clamav and Spamassassin.
>>Is it enough? Although I know FC4 has SELinux. Best regards, Joao. 
> 

Windows viruses depend on a large number of users all using the same 
broken software. If you step outside the norm, even on Windows, you 
reduce the likelihood of infection enormously. Use the Mozilla suite 
instead of Internet Exploder and Lookout (Express), and viruses relying 
on the vulnerabilities in MS malware.

In Linux, you don't
a) Have the numbers (as a proportion of all Intentet users)
b) Have a large proportion all using the same software.

If you check email headers, you will see people here using kmail, 
mozilla, tbird, evolution, mutt, pine and probably others, and a few 
using Windoes and OS X clients.

The likelihood of someone writing a single virus attacking more than one 
(counting Mozilla ant tbird as one) _and_ getting it to spread is fairly 
small.

Years ago (I was using the then recent RHL 7.3) , Kaspersky released a 
virus scanner client for Linux. I pressed them for a catalogue of known 
Linux viruses. They came up with a list of five, some of which I'd 
heard. At least one was a worm (doesn't spread in email), one was maybe 
a problem in RHL 6.2.

> 
> - Have updated systems! update your system daily. Yum must program your
> yum or apt updates to run at least daily.

That is plain stupidity. It is worse than securing your system sensibly 
and applying _no_ updates.

If you blindly apply updates as they appear, you will get a broken 
system, nothing surer.

I'm on a list where folk discuss Linux on IBM zSeries. These are serious 
folks running serious computer systems supporting serious businesses. 
Businesses such as Boeing, Wells Fargo, EDS, Citygroup, Bank of America. 
Where people here sometimes think about running a virtual computer, 
lotsa those folks run 100 or so in a real box: one maniac became 
infamous a few years ago by running 40,000 or so of them. Lots run 
virtual networks (and worry about security between them).

These folk don't apply every patch as it arrives, they look at it, see 
what it fixes, evaluate how it applies to them, the risk of not applying 
it, the risk of applying it and probably don't apply it until next patch 
day. Which might be the next refresh of Nahant.

In my case, I only look after little systems and I do update regularly, 
and I do download updates automatically, but I always update manually, 
after seeing what's affected. That way, if something breaks as a result, 
I will know that something changed.

If you run yum daily to keep the system up2date and something breaks, 
you will have no idea whether something changed, what changed or when. 
That's a pretty serious matter if your business depends on it, if you 
have a dozen or a hundred staff sitting round talking coz the server's 
down again, if you're filing client's email as spam or turning them away 
because your website's down. Again.

-- 

Cheers
John

-- spambait
1aaaaaaa at computerdatasafe.com.au  Z1aaaaaaa at computerdatasafe.com.au
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/

do not reply off-list