On 04/17/2010 12:41 AM, jdow wrote: > From: "Patrick O'Callaghan"<pocallaghan@xxxxxxxxx> > Sent: Friday, 2010/April/16 22:49 > > > >> On Fri, 2010-04-16 at 19:43 -0700, jdow wrote: >> >>> From: "Patrick O'Callaghan"<pocallaghan@xxxxxxxxx> >>> Sent: Friday, 2010/April/16 16:51 >>> >>> >>> >>>> On Fri, 2010-04-16 at 13:47 -0700, jdow wrote: >>>> >>>>> From: "Patrick O'Callaghan"<pocallaghan@xxxxxxxxx> >>>>> Sent: Thursday, 2010/April/15 13:31 >>>>> >>>>> >>>>> >>>>>> On Thu, 2010-04-15 at 13:02 -0700, Michael Miles wrote: >>>>>> >>>>>>> Is Fedora really that secure? >>>>>>> >>>>>> Even if we limit the discussion to email viruses, that's a very >>>>>> complex >>>>>> and difficult question (to which the answer is "yes" :-). It's not >>>>>> an >>>>>> attribute exclusive to Fedora as such, but to all Unix-based >>>>>> systems, >>>>>> mainly for three reasons: >>>>>> >>>>>> 1) The mail client isn't running as root. >>>>>> 2) Even when running as root, Linux mail clients won't blindly >>>>>> execute >>>>>> attachments. >>>>>> 3) Even for executable attachments, the virus is written for Windows >>>>>> and >>>>>> won't run on Linux. >>>>>> >>>>>> Of course it's in principle possible to get past all the above >>>>>> barriers, >>>>>> so *in theory* you can have a Linux virus, assuming the user is >>>>>> stupid >>>>>> enough to run an unknown executable. As I say, I've never seen one >>>>>> in >>>>>> the wild. >>>>>> >>>>>> >>>>>>> I come from windows and I am amazed at how not secure windows is. >>>>>>> >>>>>> See (3) above. Most viruses are written for Windows as it's the most >>>>>> popular platform. MS likes to pretend that's the only reason it gets >>>>>> all >>>>>> the grief, but there are other factors. >>>>>> >>>>> Patrick, the best AV tool of all is a savvy user given the number of >>>>> social engineering attacks of late. And, at least historically, 'ix >>>>> users >>>>> have been quite savvy about security. That makes a huge difference. A >>>>> single mistake running something you should not have because it looks >>>>> important can bust your whole day. Based on the security forums I read >>>>> I'd not consider Linux bullet-proof "today" - kernel null pointer >>>>> dereferences and mmap are your enemy du jour. >>>>> >>>> Again, you're answering the wrong question. This thread is not about >>>> the >>>> general security or otherwise of Linux. It's about vulnerability to >>>> viruses. >>>> >>> If you are being picky regarding "virus", "trojan", etc then begone >>> little >>> boy, you bother me. It does not matter one bit the means of transmission >>> if the system is compromised in a manner than a piece of what is >>> conventionally called "anti-virus software" would have prevented the >>> problem? >>> >> Which of the vulnerabilities discussed on the kernel list is >> communicable via an email message in such a way as to compromise the >> security of the target system without manual intervention on the part of >> its user? Please be specific. >> > Here is a non-LKML reference with a full explanation of the problem: > Some background: > http://blog.ksplice.com/2010/03/null-pointers-part-i/ > How to exploit it: > http://blog.ksplice.com/2010/04/exploiting-kernel-null-dereferences/ > > The exploit can be delivered through email and introduced into the > machine via targeted social engineering. If you can be tricked into > allowing it to run, you're toast. ANY means of getting into the > machine and having code execute is sufficient to allow the exploit > to run within the kernel at kernel privilege. > > Such means have existed in the past. I've read about the victims' problems > here on this and predecessor lists. That's why chkrootkit and rkhunter > exist. If somebody wishes to make Linux his main computing environment > something which traps intrusions and malware as it enters the machine and > before it's executed can probably save a world of hurt. > > I've lost disk drives and suffered the hurt of discovering the first level > backup was bad. I lost some work and emails. If your machine becomes > compromised, what can you save? What can you trust? You have to make an > executive decision and hope your backup is from before the attack. Then > maybe you can recover more recent data and email, if you can trust your > backup to be safe. I prefer to spend some money to protect valuable data > and save valuable recovery time. > > What you actually said was, "Clamav is usually installed by people running > mail servers for users who access them from Windows. If all you're doing > is reading mail in Linux, it's extremely unlikely that you even need it." > > The first sentence is true. The second one is true but limiting beyond > belief. Computer users do not only use the machine for email. It leaves > an implication that it's probably safe for email. The null pointer > dereference issue makes you vulnerable within email if you can be tricked > into running a program send in the email. If this is not closed up VERY > quickly I expect a nasty problem problem for Linux, shortly. The wakeup > call will have the good effect of waking up the community to the little > detail that "nothing's perfect". > > As for running other things on the 'ix system, it seems a wine install > so that a person can run something not available for Linux can lead you > into problems. Seems somebody here mentioned an infected Wine install. > I'd not bet all 7 were false alarms. And, if one could manage to escape > the wine cellar.... > > {^_^} > > Wow, That was my machine with the Wine virtual drive infected. I will run it again and post the virus results Michael Miles -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
