Good anti-virus programs for Linux
Jerry Feldman {75562}
gzf at gbr.msd.ray.com
Fri Aug 27 16:13:24 EDT 1999
Massimo Morin wrote:
>
> Hi,
> sorry, perhaps I don't get it, or perhaps I'm not up to date with the
> "virus technology & OS" science but virus on Unices sounds VERY weird to
> me.
>
> As far as I know a virus (in the general sense of it) is a program that
> replicate itself, spread it around and a certain point it activates
> itself for doing some "action" (writing "Marry Christmas" and destroyng
> your FS).
Au Contrere. Writing an effective virus for Unix may be a bit more challenge
than Windows, but the technology is there. To do serious damage to a Unix
system, one needs to be root, but a not too sophisticated virus can do a lot
of damage to an individual user. Let's just take the case where the virus
wants to become root. While in user mode, it might check the user's path,
and then create a user mode sudo command. This "sudo" command would sit
around until the user used the real sudo command. If the virus sudo was in
the path before sudo, it could then appear to be like sudo, parse the
command line, issue the password prompt, get the user's password, store the
password somewhere, execute the real sudo and erase itself. Now we have the
user's password squirreled away, so the virus can execute the sudo command
itself. (or even worse, su). Once it gains a way to get root priviledge
anything goes. One of the oldest hacks around is to log into a terminal,
install a login program. The login program simply collects passwords, and
passes through the user. Unix and Linux may require a bit more
sophistication than a Windoz or Mac virus, but they do exist, and we shall
be seeing more of them as people start running Linux on their desktops.
While viruses, trojan horses and worms are related, they all are dangerous.
--
Jerry Feldman (HP On-Site Consultant) http://gbrweb.msd.ray.com/~gzf/
+-------------------------------------------------------+-----Note: ------+
| Raytheon Electronic Systems (W) (781)999-1837/1-1837 | My views may not|
| Mail Stop: S3SG10 (F) (781)999-4030/1-4030 | reflect the |
| 180 Hartwell Road (W) gzf at gbr.msd.ray.com | views of my |
| Bedford, MA 01730-2498 (FWD:H+W) gaf at blu.org | employer. |
+-------------------------------------------------------+-----------------+
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).
More information about the Discuss
mailing list