From owner-freebsd-questions Wed Aug 1 17:21:59 2001 Delivered-To: freebsd-questions@freebsd.org Received: from chmls05.mediaone.net (chmls05.mediaone.net [24.147.1.143]) by hub.freebsd.org (Postfix) with ESMTP id 80E5A37B401 for ; Wed, 1 Aug 2001 17:21:54 -0700 (PDT) (envelope-from leblanc@smtp.ne.mediaone.net) Received: from canada.acadia.ne.mediaone.net (acadia.ne.mediaone.net [65.96.185.189]) by chmls05.mediaone.net (8.11.1/8.11.1) with ESMTP id f720LpX19055 for ; Wed, 1 Aug 2001 20:21:52 -0400 (EDT) Received: (from leblanc@localhost) by canada.acadia.ne.mediaone.net (8.11.5/8.11.5) id f720HPT60418; Wed, 1 Aug 2001 20:17:25 -0400 (EDT) (envelope-from leblanc) Date: Wed, 1 Aug 2001 20:17:25 -0400 From: Louis LeBlanc To: freebsd-questions@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG Subject: Re: just how many known viruses are there for FreeBSD? Message-ID: <20010801201725.R56755@acadia.ne.mediaone.net> Reply-To: freebsd-questions@FreeBSD.ORG Mail-Followup-To: freebsd-questions@FreeBSD.ORG References: <20010801193228.P56755@acadia.ne.mediaone.net> <20010801170447.A85109@xor.obsecurity.org> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20010801170447.A85109@xor.obsecurity.org> User-Agent: Mutt/1.3.19i X-bright-idea: Lets abolish HTML mail! Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 08/01/01 05:04 PM, Kris Kennaway sat at the `puter and typed: > On Wed, Aug 01, 2001 at 07:32:29PM -0400, Louis LeBlanc wrote: > > Precisely. This is why your average Windows virus will not run on any > > OS. Wether it is written in C, C++, or VB, it is going to use the OS > > interface to screw up your stuff. If you have one written entirely in > > assembly, you can access low level routines that get around the OS > > interface. This is the whole idea between a multi-OS program or > > virus. If you don't rely on the OS, you can run on any OS as long as > > the hardware is right. > > No, under UNIX the kernel enforces strict access control mechanisms > which prevent non-root code from doing destructive operations. Except > for flaws in the security model or the implementation, user code *can > not* get around these restrictions, no matter what language it's > written in. You are probably right there. I would then assume the whole race becomes one of finding the chinks in a particular unix kernel and exploiting it. I'm under the impression that Linux will be easier than other Unices, though I could be wrong. > Under Windows there are no such enforcements, which is why viruses can > take out your system just because of one user running an infected > program. In other words, under Windows everything "runs as root", but > under UNIX, only the ignorant or the lazy run dangerous operations > (like running untrusted code) as root. Under FreeBSD, sysadmins can > even enforce this by compartmentalizing the machine using jail(8), so > that even code which runs as root in the jail can't damage the > machine. By isolating things inside a jail, your system can be as > impregnable to malicious code as you want to make it (again, modulo > implementation bugs). Hmm. I'll have to study that. > There are other factors, perhaps the most relevant today being that > mail-reading software under UNIX isn't "feature-enhanced" with > convenient security vulnerabilities which allow email viruses to > self-replicate, like they do when using Microsoft LookOut! > > Kris Although more and more MUAs are integrating mailcap handling and will eventually be able to run incoming code in a M$ fashion. The real protection from this will be making these bells and whistles completely optional, unlike what M$ has done. I still think there will be some pretty heavy swingers looking for the holes in the Unix OSs, that is probably somewhat of a holy grail for the virus hacker community. Then again, maybe I'm just paranoid. I'll try not to bother everyone with this thread any longer. I fear I have dragged it too far off topic. Sorry. Lou -- Louis LeBlanc leblanc@acadia.ne.mediaone.net Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://acadia.ne.mediaone.net ԿԬ Don't take life so serious, son, it ain't nohow permanent. -- Walt Kelly To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message