Date: Sat, 04 Aug 2001 13:03:09 -0400 From: Jim Conner <jconner@enterit.com> To: "Jerry Murdock" <jmurdock@itraktech.com> Cc: "Ted Mittelstaedt" <tedm@toybox.placo.com>, "Matthew Hagerty" <mhagerty@voyager.net>, "Patrick Simon" <patsimon12@yahoo.com>, <freebsd-questions@FreeBSD.ORG> Subject: Re: just how many known viruses are there for FreeBSD? Message-ID: <5.1.0.14.0.20010804125924.02c11200@mail.enterit.com> In-Reply-To: <004201c11b73$057aafc0$0201a8c0@bellsouth.net> References: <004501c11b1c$88ac1de0$1401a8c0@tedm.placo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At 12:47 PM 08.02.2001 -0400, Jerry Murdock wrote: >----- Original Message ----- >From: "Ted Mittelstaedt" <tedm@toybox.placo.com> >To: "Matthew Hagerty" <mhagerty@voyager.net>; "Patrick Simon" ><patsimon12@yahoo.com>; <freebsd-questions@FreeBSD.ORG> >Sent: Thursday, August 02, 2001 2:29 AM >Subject: RE: just how many known viruses are there for FreeBSD? > > > > > This is NOT the reason that people don't waste their time writing UNIX > > worms. There's 2 reasons that the crackers don't write them: > > > > 1) Most UNIX systems are run by administrators that have a brain and as a > > result when security holes are discovered, everyone patches almost > > immediately. By contrast, most NT servers are run by morons who can't > > even patch their own servers even when Microsoft puts a link on the front > > of their website to the patch. > > > > As a result a Windows virus will live for years because there's always more > > systems available that haven't been patched. UNIX viruses, like the > > Internet Worm, have a life of perhaps 2 days tops before the holes that > > they exploit are closed. > > > > 2) Writing UNIX code takes someone with at least half a brain. The > crackers > > writing stuff like Code Red don't have the intelligence to write a UNIX > > virus. > > > >Actually Code Red is one of the more clever ones. It is not a simple VBScript >hack. If a new unchecked buffer/remote execution exploit was found in an >Apache module then something similar could be constructed without need for >root access, using many of the same concepts. This is not entirely true. The apache server would have to be running as root which if exploited then allows the malicious code to do things as root. AFAIK, the Apache webserver by default runs as the user 'nobody' which then the malicious code may only be run as that unprivileged user. I admit that some admin run the server as root (not wise...of course. Even the configs for the server state its not wise) which in this case I could see where said virus could cause harm. >But, I would add two more reasons to the above: > >3: Windows is the biggest, most homogenous target out there, largely because >of M$ enable everything by default install practices. I am willing to bet 90% >of the Code Red victims out there should not have had the .ida filter enabled >at all. Code Red wasn't an issue for my boxes with or without the patch. > >It would be hard for a *nix virus to proliferate and find an opening was as >widely installed. About the only thing that would be comparable is if an >Apache exploit was found that was present in all versions of Apache, and on >all platforms. The *nix world is too diverse for that to happen very often if >at all. > >4: Everyone loves to hate M$. Including me. They are unethical. - Jim >Jerry > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message - Jim -~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~- http://www.perlmonks.org/index.pl?node_id=67861&lastnode_id=67861 -----BEGIN PERL GEEK CODE BLOCK----- ------BEGIN GEEK CODE BLOCK------ Version: 0.01 Version: 3.12 P++>*@$c?P6?R+++>++++@$M GIT/CM/J d++(--) s++:++ a- >++++$O!MA->++++E!> PU-->+++BD C++++(+) UB++++$L++++$S++++$ $C-@D!>++++(-)$S++++@$X?WP+>++++MO!>+++ P++(+)>+++++ L+++(++++)>+++++$ !E* +PP+++>++++n-CO?PO!o >++++G W++(+++) N+ o !K w--- PS---(-)@ PE >*(!)$A-->++++@$Ee---(-)Ev++uL++>*@$uB+ Y+>+++ PGP t+(+++)>+++@ 5- X++ R@ >*@$uS+>*@$uH+uo+w-@$m! tv+ b? DI-(+++) D+++(++) G(++++) ------END PERL GEEK CODE BLOCK------ ------END GEEK CODE BLOCK------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.0.20010804125924.02c11200>