lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040117095345.GA11111@pacific.net.au>
From: david at luyer.net (David Luyer)
Subject: Re: January 15 is Personal Firewall Day, help the cause

On Fri, Jan 16, 2004 at 01:57:15PM -0500, David F. Skoll wrote:
> On Fri, 16 Jan 2004, Exibar wrote:
> 
> >  Will any of these do?  Will you still think you don't need AV on Linux now?
> > here's a partial list..... don't choke too hard now!
> 
> Those are all proof-of-concept.  I'm unaware of a single production
> Linux machine anywhere in the world succumbing to one of them.  Perhaps
> you can provide evidence to the contrary?
> 
> Furthermore, most of them are not self-propagating, but require active
> cooperation from the recipient.
> 
> I do not need nor use AV on Linux.

But what about ye evil polymorphic .sig virus?  To my knowledge it's the most
prolific virus to infect Linux users to date, see below for evidence of three
infections!

+== Begin quote: Gregory Maxwell on linux-kernel, 20 May 1999 ===
+
+  On Wed, 19 May 1999, Thomas Wouters wrote:
+  > > Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread!
+  >
+  > Excellent signature :-)
+  >
+  > --
+  > Thomas Wouters <thomas@...all.net>
+  >
+  > Hi! I'm a .signature virus! copy me into your .signature file to help me spread!
+
+  Wow! It's polymorphic!
+  --
+  Gregory Maxwell <gmaxwell@...tin.fl.us>
+
+  Hi! I'm a .signature virus! cp me into your .signature file to help me spread!
+
=== End quote ===

Seriously - while there are no prolific Linux "viruses", there is still a place
for "scanners" - eg. chkrootkit; it's also potentially useful to use something
to check your system hasn't accidentally ended up with eggdrops and other things
installed.  The chance of a Linux "virus" propogating and remaining valid for
an extended period of time against updated systems may be extremely low, but
the chance of an uneducated user's Linux system with full net access getting
compromised is non-zero.

David.
--
Hi!  I'm a .sig virus.  Copy me into your .signature file to help me spread!


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ