Date: Sat, 04 Aug 2001 12:24:31 -0400 From: Jim Conner <jconner@enterit.com> To: freebsd-questions@FreeBSD.ORG Cc: "'freebsd-questions@FreeBSD.ORG'" <freebsd-questions@FreeBSD.ORG>, freebsd-questions@FreeBSD.ORG Subject: Re: just how many known viruses are there for FreeBSD? Message-ID: <5.1.0.14.0.20010804121235.03437c78@mail.enterit.com> In-Reply-To: <20010801193228.P56755@acadia.ne.mediaone.net> References: <BBDEEDD2EB67D311A0240008C74B9345129C52@ntxmidcity.sdccd.cc.ca.us> <BBDEEDD2EB67D311A0240008C74B9345129C52@ntxmidcity.sdccd.cc.ca.us>
next in thread | previous in thread | raw e-mail | index | archive | help
It still doesn't matter. The reason that virii are so uncommon for *nix based systems is because of the WORKING security model of Unix. Plain and simple. The only time a virus will work for Unix is when the virus is run on a system that is not particularly administered well (ie permissions on devices and other root oriented commands are made writable by the normal user) or the administrator makes a careless decision and runs some kind of install script as root that just happens to be for the the virus or the carrier of the said virus. No, its not impossible. In fact, I can think of how this winux virus you are talking about may work. This is my thoughts on it...I have no idea if this is how it works. The virus is activated in Windows. It has the ability to read ufs or ext2fs. It then finds the nix partitions and trojans a simple command like ps or cat or something (since you said that it is only a 'proof of concept' virus). This has to be how it works since the windows is the OS running and Linux/Unix is not therefore the security model is not really running for the *nix system and is therefore bypassed. Since it has already been mentioned that this virus cannot live on a non-dua-bootable machine this is the only explanation for how can work and in that case, imo, its not a real nix virus. It is still a windows virus. Heh, gives people a really good reason why not to run dual-bootable machines. OTH, there is a virus or three out there for unix but none of them work until you can install them as root...which usually requires some cracker to get on the machine and find an exploit, exploit that exploit, and then install the virus (most common is rewtkit). The rewtkit is nothing more than a bunch of trojaned binaries (source is included). I don't consider this rewtkit to be a virus in the sense that we all know viruses from the windows world. Just my echo "\$$(echo "scale=2;1.00 - .98" | bc) cents" - Jim At 07:32 PM 08.01.2001 -0400, Louis LeBlanc wrote: >Precisely. This is why your average Windows virus will not run on any >OS. Wether it is written in C, C++, or VB, it is going to use the OS >interface to screw up your stuff. If you have one written entirely in >assembly, you can access low level routines that get around the OS >interface. This is the whole idea between a multi-OS program or >virus. If you don't rely on the OS, you can run on any OS as long as >the hardware is right. > >There's my $0.02 >L >On 08/01/01 04:34 PM, Erin Fortenberry sat at the `puter and typed: > > > So, why doesn't M$ word run on my FreeBSD machine without an emulator? > > > :) > > > > uh, because it is looking for lib's and an API the just doesn't exist on > > UNIX without said emulator. Don't forget there is a big difference between > > c:\ and /. > > > > > > Just my $.02 > > > > > > Erin > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > > >-- >Louis LeBlanc leblanc@acadia.ne.mediaone.net >Fully Funded Hobbyist, KeySlapper Extrordinaire :) >http://acadia.ne.mediaone.net ԿԬ > >Weinberg's Second Law: > If builders built buildings the way programmers wrote programs, > then the first woodpecker that came along would destroy civilization. > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message - Jim -~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~- http://www.perlmonks.org/index.pl?node_id=67861&lastnode_id=67861 -----BEGIN PERL GEEK CODE BLOCK----- ------BEGIN GEEK CODE BLOCK------ Version: 0.01 Version: 3.12 P++>*@$c?P6?R+++>++++@$M GIT/CM/J d++(--) s++:++ a- >++++$O!MA->++++E!> PU-->+++BD C++++(+) UB++++$L++++$S++++$ $C-@D!>++++(-)$S++++@$X?WP+>++++MO!>+++ P++(+)>+++++ L+++(++++)>+++++$ !E* +PP+++>++++n-CO?PO!o >++++G W++(+++) N+ o !K w--- PS---(-)@ PE >*(!)$A-->++++@$Ee---(-)Ev++uL++>*@$uB+ Y+>+++ PGP t+(+++)>+++@ 5- X++ R@ >*@$uS+>*@$uH+uo+w-@$m! tv+ b? DI-(+++) D+++(++) G(++++) ------END PERL GEEK CODE BLOCK------ ------END GEEK CODE BLOCK------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.0.20010804121235.03437c78>