Date: Wed, 1 Aug 2001 17:04:47 -0700 From: Kris Kennaway <kris@obsecurity.org> To: freebsd-questions@FreeBSD.ORG Subject: Re: just how many known viruses are there for FreeBSD? Message-ID: <20010801170447.A85109@xor.obsecurity.org> In-Reply-To: <20010801193228.P56755@acadia.ne.mediaone.net>; from leblanc%2Bfreebsd@acadia.ne.mediaone.net on Wed, Aug 01, 2001 at 07:32:29PM -0400 References: <BBDEEDD2EB67D311A0240008C74B9345129C52@ntxmidcity.sdccd.cc.ca.us> <20010801193228.P56755@acadia.ne.mediaone.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--Qxx1br4bt0+wmkIi Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Wed, Aug 01, 2001 at 07:32:29PM -0400, Louis LeBlanc wrote: > Precisely. This is why your average Windows virus will not run on any > OS. Wether it is written in C, C++, or VB, it is going to use the OS > interface to screw up your stuff. If you have one written entirely in > assembly, you can access low level routines that get around the OS > interface. This is the whole idea between a multi-OS program or > virus. If you don't rely on the OS, you can run on any OS as long as > the hardware is right. No, under UNIX the kernel enforces strict access control mechanisms which prevent non-root code from doing destructive operations. Except for flaws in the security model or the implementation, user code *can not* get around these restrictions, no matter what language it's written in. Under Windows there are no such enforcements, which is why viruses can take out your system just because of one user running an infected program. In other words, under Windows everything "runs as root", but under UNIX, only the ignorant or the lazy run dangerous operations (like running untrusted code) as root. Under FreeBSD, sysadmins can even enforce this by compartmentalizing the machine using jail(8), so that even code which runs as root in the jail can't damage the machine. By isolating things inside a jail, your system can be as impregnable to malicious code as you want to make it (again, modulo implementation bugs). There are other factors, perhaps the most relevant today being that mail-reading software under UNIX isn't "feature-enhanced" with convenient security vulnerabilities which allow email viruses to self-replicate, like they do when using Microsoft LookOut! Kris --Qxx1br4bt0+wmkIi Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7aJkfWry0BWjoQKURApYZAKDCYuDBBdYKFIAEUKcaubqqt5kHqgCdEr/K wqGyDiE9Ek5J364Nz7gUG2A= =2wuV -----END PGP SIGNATURE----- --Qxx1br4bt0+wmkIi-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010801170447.A85109>