thoughts on "how to write a linux virus in 5 easy steps"

[Tim]

On Sat, 2009-04-04 at 18:49 -0700, Globe Trotter wrote:
> The following article has created quite some discussion, so I wanted
> to hear what all the real experts (here) thought about it.
>  
>  http://www.geekzone.co.nz/foobar/6229
>  
> The article raises quite a few good points. Whether they have merit,
> and whether remedies are in-built is what I am wondering.

Firstly, it's not a virus.  The author acknowledges this, then carries
on as if it is.  So minus ten points for talking about an elephant to
explain the engineering behind how the Apollo 11 spacecraft works.  For
it to be a virus is *HAS* to be able to do its trick without any human
assistance by the victim.

All systems are vulnerable to users deliberately doing stupid things, so
it's *NO* revelation that Linux is, too.  Likewise for any other
software flaws.  The author is trying redefine virus just so they can
claim its vulnerable to viruses.  The author is just attention seeking.

Plonkers who do that sort of thing should be made to read "The boy who
cried wolf," and "Chicken Little," until they get the point.

Part way through I find one thing that I (also) see wrong with the Linux
desktops:  Those launcher files *should* require an executable bit to be
executable.  And it'd probably be a good idea if launchers could only be
set up in some known locations.  SELinux, and its ilk, could go some way
towards disallowing the creation of runnable scripts.

And issues that I've not liked with Linux, in general:  That /home
and /tmp are generally mounted, by default, in a manner that allows
execution.  I'd suggest that only a programmer may need to allow file
execution from their homespace.  Most users, who don't write scripts,
won't need it.

-- 
[tim at localhost ~]$ uname -r
2.6.27.21-78.2.41.fc9.i686

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.