Date: Sun, 09 Jul 2000 23:21:04 GMT From: Salvo Bartolotta <bartequi@inwind.it> To: Jeroen Ruigrok van der Werven <jruigrok@via-net-works.nl> Cc: freebsd-questions@FreeBSD.ORG Subject: Viruses for Unix (was Re: Virus alert, was: Re: SCSI Question) Message-ID: <20000709.23210400@bartequi.ottodomain.org> In-Reply-To: <20000709225658.A39960@lucifer.bart.nl> References: <20000709221220.A39448@lucifer.bart.nl> <Pine.BSF.4.21.0007092237030.2764-100000@bagabeedaboo.security.at12.de> <20000709225658.A39960@lucifer.bart.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<< On 7/9/00, 9:56:58 PM, Jeroen Ruigrok van der Werven=20 <jruigrok@via-net-works.nl> wrote regarding Re: Virus alert, was: Re:=20 SCSI Question: > -On [20000709 22:40], Paul Herman (pherman@frenchfries.net) wrote: > >On Sun, 9 Jul 2000, Jeroen Ruigrok van der Werven wrote: > > > >> -On [20000709 21:20], Leif Neland (leifn@neland.dk) wrote: > >> >These messages are infected with the kak virus. See > >> >http://www.cai.com/virusinfo/encyclopedia/descriptions/wscript.htm= > >> > >> Am I the only one to NOT see this? > > > >Probably not. It wasn't in the "Content-Type: text/plain" part of=20 the > >attachment, just the "text/html" part. > Ah right. Spotted it. > Which brings us back to a few good rules: > - do NOT post in HTML > - do not configure your mailer to mail lame virus warnings back to=20 lists > where precedence is set to bulk. > Thanks for reminding me of the text/html. I looked there before but > failed to spot it. *sigh* Dear Jeroen, On the 'Net, I have had a look at a few articles about Unix viruses at=20 large, which articles cover a number of topics: from the plausibility=20 of viruses for Unix to actual pieces of code; "Internet worms" for=20 Unix; the potential widespread diffusion of viruses for Unix thanks to=20 the increasing popularity of Linux, etc. However, my current understanding is that "viruses" canNOT damage=20 FreeBSD (or, more generally, a Unix system), provided the following=20 conditions (The Three Laws of Good Administration(tm)) are met:=20 axiom I: Never execute untrusted binaries as root;=20 axiom II: Never execute untrusted binaries as root; axiom III: Never execute untrusted binaries as root. :-)=20 Corollaries: only install software from well-known sites (e.g. the=20 ports collection can be thought of as reasonably secure); **always**=20 execute applications as an ordinary user (or, at most, a user=20 belonging to the network group); if one has to execute something as=20 root (e.g., nmap), it MUST be a trusted binary; pay attention to what=20 libraries you make [explicit] use of/link; never put "." in your PATH,=20 etc.=20 Thus, the only way a virus/worm/anything could work its way through=20 e.g. FreeBSD is a bug. If such a problem occurred, it would be quickly=20 spotted -- because of the Open Source nature of the OS -- and fixed. Furthermore, FreeBSD's centralized development model would provide=20 even far more rapid fixes if such situations ever arised. Am I too optimistic ? Am I missing anything ? Are there any *real*=20 threats nowadays ? By the way, I read the "infected" mail with StarOffice under FreeBSD=20 3.5-STABLE (as a normal user), but I am afraid the kak virus could not=20 find a C:\Windows directory ... Best regards, Salvo To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000709.23210400>