Date: Wed, 1 Aug 2001 20:17:25 -0400 From: Louis LeBlanc <leblanc+freebsd@acadia.ne.mediaone.net> To: freebsd-questions@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG Subject: Re: just how many known viruses are there for FreeBSD? Message-ID: <20010801201725.R56755@acadia.ne.mediaone.net> In-Reply-To: <20010801170447.A85109@xor.obsecurity.org> References: <BBDEEDD2EB67D311A0240008C74B9345129C52@ntxmidcity.sdccd.cc.ca.us> <20010801193228.P56755@acadia.ne.mediaone.net> <20010801170447.A85109@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 08/01/01 05:04 PM, Kris Kennaway sat at the `puter and typed: > On Wed, Aug 01, 2001 at 07:32:29PM -0400, Louis LeBlanc wrote: > > Precisely. This is why your average Windows virus will not run on any > > OS. Wether it is written in C, C++, or VB, it is going to use the OS > > interface to screw up your stuff. If you have one written entirely in > > assembly, you can access low level routines that get around the OS > > interface. This is the whole idea between a multi-OS program or > > virus. If you don't rely on the OS, you can run on any OS as long as > > the hardware is right. > > No, under UNIX the kernel enforces strict access control mechanisms > which prevent non-root code from doing destructive operations. Except > for flaws in the security model or the implementation, user code *can > not* get around these restrictions, no matter what language it's > written in. You are probably right there. I would then assume the whole race becomes one of finding the chinks in a particular unix kernel and exploiting it. I'm under the impression that Linux will be easier than other Unices, though I could be wrong. > Under Windows there are no such enforcements, which is why viruses can > take out your system just because of one user running an infected > program. In other words, under Windows everything "runs as root", but > under UNIX, only the ignorant or the lazy run dangerous operations > (like running untrusted code) as root. Under FreeBSD, sysadmins can > even enforce this by compartmentalizing the machine using jail(8), so > that even code which runs as root in the jail can't damage the > machine. By isolating things inside a jail, your system can be as > impregnable to malicious code as you want to make it (again, modulo > implementation bugs). Hmm. I'll have to study that. > There are other factors, perhaps the most relevant today being that > mail-reading software under UNIX isn't "feature-enhanced" with > convenient security vulnerabilities which allow email viruses to > self-replicate, like they do when using Microsoft LookOut! > > Kris Although more and more MUAs are integrating mailcap handling and will eventually be able to run incoming code in a M$ fashion. The real protection from this will be making these bells and whistles completely optional, unlike what M$ has done. I still think there will be some pretty heavy swingers looking for the holes in the Unix OSs, that is probably somewhat of a holy grail for the virus hacker community. Then again, maybe I'm just paranoid. I'll try not to bother everyone with this thread any longer. I fear I have dragged it too far off topic. Sorry. Lou -- Louis LeBlanc leblanc@acadia.ne.mediaone.net Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://acadia.ne.mediaone.net ԿԬ Don't take life so serious, son, it ain't nohow permanent. -- Walt Kelly To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010801201725.R56755>