From owner-freebsd-questions Thu Aug 2 8:52:15 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mail3.mx.voyager.net (mail3.mx.voyager.net [216.93.66.202]) by hub.freebsd.org (Postfix) with ESMTP id 57E9F37B401 for ; Thu, 2 Aug 2001 08:52:09 -0700 (PDT) (envelope-from mhagerty@voyager.net) Received: from thunderbird.voyager.net (216-93-124-123.mdmmi.voyager.net [216.93.124.123]) by mail3.mx.voyager.net (8.10.2/8.10.2) with ESMTP id f72Fpbf21424; Thu, 2 Aug 2001 11:51:37 -0400 (EDT) Message-Id: <5.0.2.1.2.20010802113633.027ed8d0@pop.voyager.net> X-Sender: mhagerty@pop.voyager.net X-Mailer: QUALCOMM Windows Eudora Version 5.0.2 Date: Thu, 02 Aug 2001 11:53:12 -0400 To: "Ted Mittelstaedt" , "Patrick Simon" , From: Matthew Hagerty Subject: RE: just how many known viruses are there for FreeBSD? In-Reply-To: <004501c11b1c$88ac1de0$1401a8c0@tedm.placo.com> References: <5.0.2.1.2.20010801183730.018f6610@pop.voyager.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG At 11:29 PM 8/1/2001 -0700, Ted Mittelstaedt wrote: > >-----Original Message----- > >From: owner-freebsd-questions@FreeBSD.ORG > >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Matthew Hagerty > > > > >Patrick, > > > >There are not really any "viruses" on UN*X systems, simply due to the > >nature of how a UN*X system works. > >This is the most naieve thing I've ever read. The most famous virus in >history, the Morris Internet Worm, was written for UNIX systems, in >particularly BSD! The GAO estimated between $100,000 and 10 million dollars >of damage was done by it. And this was in 1988!!!!! > >see http://classes.cec.wustl.edu/~cs423/FL2000/MorrisWorm.html if you never >heard of the Worm. > > >around on the box. The security model that UN*X systems are built on makes > >it almost impossible for a program [virus] to do any kind of damage, > >Absolute rubbish. In fact the superuser account is a giant headache and >hole for people trying to protect against virus/worm programs because once you >have access to root the entire security on the system becomes worthless. > > >so > >people don't waste their time trying to write UN*X viruses and simply > >concentrate on an easier platform... enter Windows. > > > >This is NOT the reason that people don't waste their time writing UNIX >worms. There's 2 reasons that the crackers don't write them: > >1) Most UNIX systems are run by administrators that have a brain and as a >result when security holes are discovered, everyone patches almost >immediately. By contrast, most NT servers are run by morons who can't >even patch their own servers even when Microsoft puts a link on the front >of their website to the patch. > >As a result a Windows virus will live for years because there's always more >systems available that haven't been patched. UNIX viruses, like the >Internet Worm, have a life of perhaps 2 days tops before the holes that >they exploit are closed. > >2) Writing UNIX code takes someone with at least half a brain. The crackers >writing stuff like Code Red don't have the intelligence to write a UNIX >virus. > > >Ted Mittelstaedt tedm@toybox.placo.com >Author of: The FreeBSD Corporate Networker's Guide >Book website: http://www.freebsd-corp-net-guide.com Ted, I don't think you let me complete my thoughts before picking me apart. Parts of my post (which you left out) point out the "root" account and that having such an account /dev/nulls the need for most UN*X viruses. If you have root, you don't need a virus, and most UN*X viruses are mostly cracks that give the user root. I also mentioned that most UN*X systems would not be run by, average, brainless users who would run an unknown binary as root. As for the worm, yes, I am very aware of it and the story. I also know that is succeeded in a time when the Internet as we know it did not exist, when most of the system connected to it were Government organizations and Universities that were set up in a *VERY* trusting manner. I do not believe that today such a worm could travel from UN*X system to UN*X system as easily as it did, and if it did, certainly not as long as it did before being noticed and stopped. Not saying it could not be done, but if it did, most of the systems affected would most likely *not* be properly configured modern UN*X systems. All this leads back to the original post where the user asked what viruses existed for FreeBSD. While you and a few other people have pointed out 2, maybe 3 UN*X viruses (in the truest form, not cracker tools or script-kiddie scripts), I can think of literally 100s that affect DOS and Windows based platforms. So much that companies make a good living selling protection for those platforms. I'll bet the Melissa and Love virus caused more damage in $$ and system down time than all the UN*X based viruses combined. Matthew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message