Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 09 Jul 2000 23:21:04 GMT
From:      Salvo Bartolotta <bartequi@inwind.it>
To:        Jeroen Ruigrok van der Werven <jruigrok@via-net-works.nl>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Viruses for Unix (was Re: Virus alert, was: Re: SCSI Question)
Message-ID:  <20000709.23210400@bartequi.ottodomain.org>
In-Reply-To: <20000709225658.A39960@lucifer.bart.nl>
References:  <20000709221220.A39448@lucifer.bart.nl> <Pine.BSF.4.21.0007092237030.2764-100000@bagabeedaboo.security.at12.de> <20000709225658.A39960@lucifer.bart.nl>

next in thread | previous in thread | raw e-mail | index | archive | help
>>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<

On 7/9/00, 9:56:58 PM, Jeroen Ruigrok van der Werven=20
<jruigrok@via-net-works.nl> wrote regarding Re: Virus alert, was: Re:=20
SCSI Question:


> -On [20000709 22:40], Paul Herman (pherman@frenchfries.net) wrote:
> >On Sun, 9 Jul 2000, Jeroen Ruigrok van der Werven wrote:
> >
> >> -On [20000709 21:20], Leif Neland (leifn@neland.dk) wrote:
> >> >These messages are infected with the kak virus. See
> >> >http://www.cai.com/virusinfo/encyclopedia/descriptions/wscript.htm=

> >>
> >> Am I the only one to NOT see this?
> >
> >Probably not.  It wasn't in the "Content-Type: text/plain" part of=20
the
> >attachment, just the "text/html" part.

> Ah right.  Spotted it.

> Which brings us back to a few good rules:

> - do NOT post in HTML

> - do not configure your mailer to mail lame virus warnings back to=20
lists
>   where precedence is set to bulk.

> Thanks for reminding me of the text/html.  I looked there before but
> failed to spot it.  *sigh*



Dear Jeroen,

On the 'Net, I have had a look at a few articles about Unix viruses at=20
large, which articles cover a number of topics: from the plausibility=20
of viruses for Unix to actual pieces of code; "Internet worms" for=20
Unix; the potential widespread diffusion of viruses for Unix thanks to=20
the increasing popularity of Linux, etc.

However, my current understanding is that "viruses" canNOT damage=20
FreeBSD (or, more generally, a Unix system), provided the following=20
conditions (The Three Laws of Good Administration(tm)) are met:=20

axiom I: Never execute untrusted binaries as root;=20
axiom II: Never execute untrusted binaries as root;
axiom III: Never execute untrusted binaries as root. :-)=20

Corollaries: only install software from well-known sites (e.g. the=20
ports collection can be thought of as reasonably secure); **always**=20
execute applications as an ordinary user (or, at most, a user=20
belonging to the network group); if one has to execute something as=20
root (e.g., nmap), it MUST be a trusted binary; pay attention to what=20
libraries you make [explicit] use of/link; never put "." in your PATH,=20
etc.=20

Thus, the only way a virus/worm/anything could work its way through=20
e.g. FreeBSD is a bug. If such a problem occurred, it would be quickly=20
spotted -- because of the Open Source nature of the OS -- and fixed.

Furthermore, FreeBSD's centralized development model would provide=20
even far more rapid fixes if such situations ever arised.




Am I too optimistic ? Am I missing anything ? Are there any *real*=20
threats  nowadays ?

By the way, I read the "infected" mail with StarOffice under FreeBSD=20
3.5-STABLE (as a normal user), but I am afraid the kak virus could not=20
find a C:\Windows directory ...

Best regards,
Salvo





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000709.23210400>