From owner-freebsd-questions Thu Aug 2 23:27:25 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mail.freebsd-corp-net-guide.com (mail.freebsd-corp-net-guide.com [206.29.169.15]) by hub.freebsd.org (Postfix) with ESMTP id A929937B406 for ; Thu, 2 Aug 2001 23:27:19 -0700 (PDT) (envelope-from tedm@toybox.placo.com) Received: from tedm.placo.com (nat-rtr.freebsd-corp-net-guide.com [206.29.168.154]) by mail.freebsd-corp-net-guide.com (8.11.1/8.11.1) with SMTP id f736RF890636; Thu, 2 Aug 2001 23:27:15 -0700 (PDT) (envelope-from tedm@toybox.placo.com) From: "Ted Mittelstaedt" To: "Matthew Hagerty" , "Patrick Simon" , Subject: RE: just how many known viruses are there for FreeBSD? Date: Thu, 2 Aug 2001 23:27:14 -0700 Message-ID: <001d01c11be5$55b6f940$1401a8c0@tedm.placo.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 In-Reply-To: <5.0.2.1.2.20010802113633.027ed8d0@pop.voyager.net> X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG >-----Original Message----- >From: Matthew Hagerty [mailto:mhagerty@voyager.net] >Sent: Thursday, August 02, 2001 8:53 AM >To: Ted Mittelstaedt; Patrick Simon; freebsd-questions@FreeBSD.ORG >Subject: RE: just how many known viruses are there for FreeBSD? > > >Ted, > >I don't think you let me complete my thoughts before picking me >apart. Sorry I picked on you - there were a lot of people posting that posted similar things and they should have gotten a crack across the knuckles too. >Parts of my post (which you left out) point out the "root" account >and that having such an account /dev/nulls the need for most UN*X >viruses. If you have root, you don't need a virus, and most UN*X viruses >are mostly cracks that give the user root. Your arguing semantics here. If you go back to the definition of what a Virus is the Morris worm fits it. Manually-operated cracks by script kiddies are not as they lack the self-replicating feature that is one of the requirements of the definition. You can have replication WITHOUT access to the root account. There's such a thing as a benign virus that does no damage. If the virus doesen't need to delete things on the Unix system or need to bother covering it's tracks, why bother getting the root account? The point I was making is that while you can argue, as I did, that because of the superior administration on most UNIX systems that virus authoring for them is pointless, the statement that Unix doesen't have viruses because of how it works isn't correct. Unix doesen't have viruses because of other reasons, not because of any innate property in Unix. If roles were reversed and all of the NT servers were run by clueful people, and all the Unix systems were run by clueless idiots, you would probably see a new Unix virus born every day and people would be claiming that NT was invulnerable to viruses because of some innate property of NT. :-) >As for the worm, yes, I am very aware of it and the story. Then you really deserved that smack on the knuckles because you knew better now didn't you. :-) >I also know >that is succeeded in a time when the Internet as we know it did not exist, The Internet had an estimated 600,000 nodes on it at that time. It looked a lot like a minature version of what the Internet is today, and the systems on it were all Real Men's systems not these Microsoft written toys of today, but there wasn't anything fundamentally different about the Internet that helped the success of the Great Worm. In fact, if anything there was far less redundancy and so when a site got overloaded due to the Worm, it tended to wreck propagation of the Worm from that site. A lot different than today where the pipes are so big that a single infected Celery 400 sitting in a colocate shelf with 6 DS3's coming into the colocate facility can trash a half-million machines in a night. >when most of the system connected to it were Government organizations and >Universities that were set up in a *VERY* trusting manner. I do not >believe that today such a worm could travel from UN*X system to UN*X system >as easily as it did, and if it did, certainly not as long as it did before >being noticed and stopped. Not saying it could not be done, but if it did, >most of the systems affected would most likely *not* be properly configured >modern UN*X systems. > I disagree that today a Great Worm couldn't propagate as fast across the Internet simply because of the lower level of trust. But, I do think that a Great Worm would propagate slower today among Unix systems simply because there are a LOT more varied Unix systems out there. In the Windows world it's very homonegenous. There's only 2 kinds of Windows servers - Windows NT and Windows 2K. This was the situation back in 1988 where there were only a few different kinds of UNIX systems on the Internet. Today there's dozens of different kinds of Unix systems out there. It's like when they plant forests of all one kind of tree instead of a lot of different kinds of trees. Disease gets in there and wipes out the entire forest. Whenever you have a situation where a critical mass of identical version/software OS of hosts is reached on the Internet, you have a breeding ground for a virus. Back in 1988, we got that critical mass with Sun and VAX boxen, today Code Red proved that we have that with NT and 2K. Today in addition to the different OS versions of Unix we have out there we also have different packages on Unix. Back in 1988 everyone ran Sendmail, today while Sendmail still dominates, there's a lot more hosts that run something else. We have a heterogenious network of Unix hosts on the Internet today, not this boring dull wasteland that looks the same everywhere on the Windows hosts. >All this leads back to the original post where the user asked what viruses >existed for FreeBSD. While you and a few other people have pointed out 2, >maybe 3 UN*X viruses (in the truest form, not cracker tools or >script-kiddie scripts), I can think of literally 100s that affect DOS and >Windows based platforms. So much that companies make a good living selling >protection for those platforms. I'll bet the Melissa and Love virus caused >more damage in $$ and system down time than all the UN*X based viruses >combined. > I'll bet it did too. Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message