Stop Microsoft

Operating Systems => Linux and UNIX => Topic started by: H_TeXMeX_H on 19 April 2006, 05:50

Title: Linux and Win virus
Post by: H_TeXMeX_H on 19 April 2006, 05:50
Just got this in the mail ... good thing I didn't unsubscribe to the AVERT newsletter

http://www.techworld.com/security/news/index.cfm?newsID=5752&pagtype=all (http://www.techworld.com/security/news/index.cfm?newsID=5752&pagtype=all)

http://vil.nai.com/vil/content/v_139173.htm (http://vil.nai.com/vil/content/v_139173.htm)
Title: Re: Linux and Win virus
Post by: Refalm on 19 April 2006, 09:33
Anyone tried ClamAV (http://www.clamav.net/) yet?
Title: Re: Linux and Win virus
Post by: piratePenguin on 19 April 2006, 17:12
Linus Torvalds showed that the virus doesn't work with Linux 2.6.16, and released a patch for Linux so it does, lol.
http://linux.slashdot.org/linux/06/04/18/2046203.shtml
http://software.newsforge.com/article.pl?sid=06/04/18/1941251
Title: Re: Linux and Win virus
Post by: Jack2000 on 19 April 2006, 17:56
Quote
and released
Quote
a patch for Linux so it does, lol.

he released a pach to allow the virus to work !??
wtf
Title: Re: Linux and Win virus
Post by: H_TeXMeX_H on 19 April 2006, 19:30
Quote
 Linus Torvalds has had an opportunity to examine the testing and analysis by Hans-Werner Hilse which we reported on yesterday, and has blessed it as being correct. The reason that the virus is not propagating itself in the latest kernel versions is due to a bug in how GCC handles specific registers in a particular system call. He has coded a patch for the kernel to allow the virus to work on even the latest Linux kernel.

Well, I suppose it makes some sense ... if you fix the gcc bug the virus can get in ...

I just tried clamav and it seems to work very fast ... it's command line and quite simple to use.
Title: Re: Linux and Win virus
Post by: Orethrius on 19 April 2006, 21:38
The problem isn't the proof-of-concept (and for now, that's all it is), it's the fact that the register is mishandled in the first place.  Assuming that only virii will ever use specific register values and subsequently locking them out closes the door on legitimate applications as well.  The worst thing that can possibly happen is a mass infection from a million users all running as root - except that kind of single-user thinking is widely being phased out of UNIX-based systems altogether, and especially the "newbie-friendly" distros like Ubuntu don't allow root privs at all.  At worst, the user loses his or her files in the most unfortunate event.  Not that I'm not running Clam, but I can understand how a sysop could make a case for security based on ACLs rather than obscurity.  On the lighter side of things, as has been stated, now even Windows virii can execute on Linux.  Reciprocate THAT Gates. ;)
Title: Re: Linux and Win virus
Post by: GenuineAdvantage on 20 April 2006, 11:34
I'm shaking in my boots. :thumbdwn: Who runs as root anyways? If I get seriously infected on linux by a 'virus' and I can publically prove it, I figure I'll be a little famous. win-win.
Title: Re: Linux and Win virus
Post by: Refalm on 20 April 2006, 11:52
Quote from: GenuineAdvantage
Who runs as root anyways?

Newbie Gentoo users and Linspire users.
Title: Re: Linux and Win virus
Post by: H_TeXMeX_H on 20 April 2006, 19:06
Oh well ... they probably deserve it
Title: Re: Linux and Win virus
Post by: piratePenguin on 20 April 2006, 19:37
Quote from: Refalm
Newbie Gentoo users and Linspire users.
Linspire users? Jesus Christ, I thought that looked like an OK newbie distro but then they go and do a Microsoft.
Title: Re: Linux and Win virus
Post by: H_TeXMeX_H on 20 April 2006, 19:40
Linspire or Lin$pire is by far in no way a newbie distro ... it is complete bullshit that noone should EVER use ... not newbies, not anyone. It is probably even worse than Window$ or at least as bad ... worthless, useless, retarded ... don't use it or recommend it to anyone unless you really really hate them.
Title: Re: Linux and Win virus
Post by: Refalm on 21 April 2006, 11:16
Quote from: piratePenguin
Linspire users? Jesus Christ, I thought that looked like an OK newbie distro but then they go and do a Microsoft.

Linspire now gives you a choice to either run root as default or use the user account.
Most people will select the first version.
Title: Re: Linux and Win virus
Post by: mobrien_12 on 22 April 2006, 07:58
Quote from: Orethrius
The problem isn't the proof-of-concept (and for now, that's all it is), it's the fact that the register is mishandled in the first place.  


Yeah.  I think a slashdot poster phrased it best.

"Linus did not create a patch for the virus. Linus created a patch for the Linux kernel, to fix a bug which happened to have been discovered by looking at the virus."
Title: Re: Linux and Win virus
Post by: Jack2000 on 22 April 2006, 13:17
I think he should add an option to "swich off"
that fix and/or the  way register is handled
Title: Re: Linux and Win virus
Post by: mobrien_12 on 23 April 2006, 01:42
Jack, the option is simply not to apply the patch.  

Even then, why would you not want to apply the patch?

It's not like this damn thing is even a threat.

I'd rather have a working kernel than a broken one that won't run a virus that would never be a threat to me anyway.