PDA

View Full Version : Worms, Viruses, and Linux yes they are out there!



Frost
04-26-2002, 10:40 AM
I was at Symantec's web site tonight, and saw the latest on the now dangerous worm that is spreading in e-mails. I also did a search of "Linux" It appears that Norton Anti-Virus will scan Linux, but only if they are running at the moment, and on a network in which the scan is innitiated in a "windows" program. Hmmm does anyone know if they have made an antivirus program that is Linux oriented? It would be knice. *S* when Konqueror roams the Kweb and runs across a Krewl worm or virus and Kattaches itself.. I'm just being funny. lots of things I notice start with the letter "K" in Linux.. odd too you would think they would start with the letter "L" 'Coure Lonqueror web browser sound a bit odd and so does LMail.. although the latter sound a bit French "L' Mail" *grin*

Anyway, back on the serious side, if you look at the symantec web site sometime, www.symantec.com and do a search with just "Linux" you will see all sorts of nasty vermin that Linux systems have and can get. Especially those that are set up as the default sets them up. Problem with a lot of newbie Linux users is that they just haven't acquired the skill level as yet to quickly tweak their distribution to protect them in the best possible means.

New idea guys! With each version there exists certain kinds of things you can configure, and set to moderate the threat of malicious outside threats, right? Why not write a "script" that can be copied and pasted and run from withing your own Linux Distribution? Mandrake 8.2 would take a different script than say SuSe, or RedHat 7.2, or Lycoris.. just at the top of each script would be the version for which it was written for. Wouldn't that make a lot of sense for newbies out there????

Just wondering..

Cheers!

Please pass the Fenn Valley Sweet Harvest Riesling ( my personal favorite...Mmmmm *S*)

Mr. C
04-26-2002, 07:16 PM
Just proves that if it is manmade it is probably broken, if not it soon will be:laugh:
No OS is perfect. (Did I just hear a far-off voice shout BSD?)
Linux has been touted as being more secure than Windows and I believe that is true in as much as the way it functions is much more seperated than the everything-is-tied-together Windows method of doing things.
Go look at a list of security updates for most distro's and you will see a list that will rival anything Microsoft has.:laugh:

I think the big difference is that with Linux anyone with the skills and the interest can try to fix the bug. (unfortunately that long list does not include me)

With Windows only 1 entity has the ability to even attempt it. And a lot of the time they really don't seem to be interested:zzz:

Bern
04-26-2002, 07:21 PM
Symantec (and other anti-virus vendors) have a vested interest in promoting the fear of linux viruses, they can see that outside the USA linux use is growing and they are looking to protect their revenue stream, the truth is thet because of the design of linux (and all the other nixes) that in order for a virus/worm to infect the system it has to be installed/run by root or someone has to crack the box, and if your going to go to that much trouble then you'd install a rootkit not a virus/worm. There will no doubt be some clueless people running as root all the time but it will never aproach the level of the problem that you have with windows security. Even as linux use grows and more viruses/worms are created there is still the built in kernel level security. There is also a great advantage to open source and having such a large community looking at the code, you only have to look at how soon patchs are made available for discovered holes in open source software to see that it's a much better solution to the "features" that allow companies like symantec to make a profit from the windows world.

Frost
04-28-2002, 12:50 AM
Hey there! I copied and pasted the following in homes of getting some clarification here. *S*

Hi.

In an e-mail thread i read about something called a PHP Nuke site. The listing had this: php-nuke. A /. clone

> Cross site scripting is a serious problem, (even if some people
> doesn't believe it), On this second round i'll show 8 new XSS
> vulnerabilities in PHP Nuke (most of them are also path
> disclosure vulns):
>
> http://nuke/modules.php?op=modload&name=Web_Links&file=index&l_op=viewlink&cid=%22%3Ch1%3EI%20Love%20XSS%3C/h1%3E
> http://nuke/modules.php?name=Classifieds&op=ViewAds&id_catg=%22%3Ch1%3ESmelly%20socks%20category%3C/h1%3E&id_subcatg=75
> http://nuke/modules.php?op=modload&name=Guestbook&file=index&entry=%22%3Ch1%3Etest%3C/h1%3E
> http://nuke/modules.php?name=Your_Account&op=userinfo&uname=%22%3Ch1%3Etest%20123%3C/h1%3E
> http://nuke/modules.php?name=Stories_Archive&sa=show_month&year=2002&month=03&month_l=Replugge%20Love%20PHPNuke%20
> http://nuke/modules.php?name=Stories_Archive&sa=show_month&year=Love%20this&month=3&month_l=Replugge
> http://nuke/modules.php?name=Surveys&pollID=%22%3Ch1%3Etest%3C/h1%3E
> http://nuke/modules.php?op=modload&name=WebChat&file=index&roomid=%22%3Ch1%3EBugger%20You%3C/h1%3E
>
>
> That in Addition to the 9 i mentioned last week on my posting to
> vuln-dev:

" Searching on "nuke" in my "security" email folder (which is mostly
the bugtraq mailing list) turns up 31 hits in the last six months,
14 in the last two months. You can consider me biased because I
code a "competing" content management system (Slash), but I would
not use php-nuke on any computer I cared about. I would assume it
would be 0wned quickly.

Here are some of the more serious examples (ignoring Post-Nuke-only
vulnerabilities)."

I cut and pasted some of the e-mail I had gotten, but it leave me wondering exactly what it all means. Any ideas??

Thanks!
and

Cheers!