From owner-freebsd-questions Sun Jul 9 15:20:44 2000 Delivered-To: freebsd-questions@freebsd.org Received: from relay2.inwind.it (relay2.inwind.it [212.141.53.73]) by hub.freebsd.org (Postfix) with ESMTP id BD09337B9E6 for ; Sun, 9 Jul 2000 15:20:24 -0700 (PDT) (envelope-from bartequi@inwind.it) Received: from bartequi.ottodomain.org (212.141.78.18) by relay2.inwind.it; 10 Jul 2000 00:20:16 +0200 From: Salvo Bartolotta Date: Sun, 09 Jul 2000 23:21:04 GMT Message-ID: <20000709.23210400@bartequi.ottodomain.org> Subject: Viruses for Unix (was Re: Virus alert, was: Re: SCSI Question) To: Jeroen Ruigrok van der Werven Cc: freebsd-questions@FreeBSD.ORG Reply-To: bartequi@neomedia.it In-Reply-To: <20000709225658.A39960@lucifer.bart.nl> References: <20000709221220.A39448@lucifer.bart.nl> <20000709225658.A39960@lucifer.bart.nl> X-Mailer: SuperCalifragilis X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG >>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<< On 7/9/00, 9:56:58 PM, Jeroen Ruigrok van der Werven=20 wrote regarding Re: Virus alert, was: Re:=20 SCSI Question: > -On [20000709 22:40], Paul Herman (pherman@frenchfries.net) wrote: > >On Sun, 9 Jul 2000, Jeroen Ruigrok van der Werven wrote: > > > >> -On [20000709 21:20], Leif Neland (leifn@neland.dk) wrote: > >> >These messages are infected with the kak virus. See > >> >http://www.cai.com/virusinfo/encyclopedia/descriptions/wscript.htm= > >> > >> Am I the only one to NOT see this? > > > >Probably not. It wasn't in the "Content-Type: text/plain" part of=20 the > >attachment, just the "text/html" part. > Ah right. Spotted it. > Which brings us back to a few good rules: > - do NOT post in HTML > - do not configure your mailer to mail lame virus warnings back to=20 lists > where precedence is set to bulk. > Thanks for reminding me of the text/html. I looked there before but > failed to spot it. *sigh* Dear Jeroen, On the 'Net, I have had a look at a few articles about Unix viruses at=20 large, which articles cover a number of topics: from the plausibility=20 of viruses for Unix to actual pieces of code; "Internet worms" for=20 Unix; the potential widespread diffusion of viruses for Unix thanks to=20 the increasing popularity of Linux, etc. However, my current understanding is that "viruses" canNOT damage=20 FreeBSD (or, more generally, a Unix system), provided the following=20 conditions (The Three Laws of Good Administration(tm)) are met:=20 axiom I: Never execute untrusted binaries as root;=20 axiom II: Never execute untrusted binaries as root; axiom III: Never execute untrusted binaries as root. :-)=20 Corollaries: only install software from well-known sites (e.g. the=20 ports collection can be thought of as reasonably secure); **always**=20 execute applications as an ordinary user (or, at most, a user=20 belonging to the network group); if one has to execute something as=20 root (e.g., nmap), it MUST be a trusted binary; pay attention to what=20 libraries you make [explicit] use of/link; never put "." in your PATH,=20 etc.=20 Thus, the only way a virus/worm/anything could work its way through=20 e.g. FreeBSD is a bug. If such a problem occurred, it would be quickly=20 spotted -- because of the Open Source nature of the OS -- and fixed. Furthermore, FreeBSD's centralized development model would provide=20 even far more rapid fixes if such situations ever arised. Am I too optimistic ? Am I missing anything ? Are there any *real*=20 threats nowadays ? By the way, I read the "infected" mail with StarOffice under FreeBSD=20 3.5-STABLE (as a normal user), but I am afraid the kak virus could not=20 find a C:\Windows directory ... Best regards, Salvo To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message