From owner-freebsd-questions@FreeBSD.ORG  Tue Jul  6 10:37:02 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id DD17B16A4CE
	for <freebsd-questions@freebsd.org>;
	Tue,  6 Jul 2004 10:37:01 +0000 (GMT)
Received: from av8-1-sn2.hy.skanova.net (av8-1-sn2.hy.skanova.net
	[81.228.8.110])	by mx1.FreeBSD.org (Postfix) with ESMTP id 76A4A43D4C
	for <freebsd-questions@freebsd.org>;
	Tue,  6 Jul 2004 10:37:00 +0000 (GMT)
	(envelope-from ertr1013@student.uu.se)
Received: by av8-1-sn2.hy.skanova.net (Postfix, from userid 502)
	id B2BD937E48; Tue,  6 Jul 2004 12:36:54 +0200 (CEST)
Received: from smtp2-2-sn2.hy.skanova.net (smtp2-2-sn2.hy.skanova.net
	[81.228.8.178])
	by av8-1-sn2.hy.skanova.net (Postfix) with ESMTP id A30B337E43
	for <freebsd-questions@freebsd.org>;
	Tue,  6 Jul 2004 12:36:54 +0200 (CEST)
Received: from falcon.midgard.homeip.net (h201n1fls24o1048.bredband.comhem.se
	[212.181.162.201])
	by smtp2-2-sn2.hy.skanova.net (Postfix) with SMTP id 285F737E48
	for <freebsd-questions@freebsd.org>;
	Tue,  6 Jul 2004 12:36:58 +0200 (CEST)
Received: (qmail 541 invoked by uid 1001); 6 Jul 2004 10:36:57 -0000
Date: Tue, 6 Jul 2004 12:36:57 +0200
From: Erik Trulsson <ertr1013@student.uu.se>
To: Matthew Seaman <m.seaman@infracaninophile.co.uk>,
	Giorgos Keramidas <keramida@ceid.upatras.gr>,
	Phil Schulz <ph.schulz@gmx.de>,
	Mark Jayson Alvarez <jay2xra@yahoo.com>,
	freebsd-questions@freebsd.org
Message-ID: <20040706103657.GA489@falcon.midgard.homeip.net>
Mail-Followup-To: Matthew Seaman <m.seaman@infracaninophile.co.uk>,
	Giorgos Keramidas <keramida@ceid.upatras.gr>,
	Phil Schulz <ph.schulz@gmx.de>,
	Mark Jayson Alvarez <jay2xra@yahoo.com>,
	freebsd-questions@freebsd.org
References: <20040705162320.11141.qmail@web51604.mail.yahoo.com>
	<40E99786.5000005@gmx.de> <20040705210817.GB4560@gothmog.gr>
	<20040706094303.GA9617@happy-idiot-talk.infracaninophile.co.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20040706094303.GA9617@happy-idiot-talk.infracaninophile.co.uk>
User-Agent: Mutt/1.5.6i
Subject: Re: A few simple questions(...if you don't mind)
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Jul 2004 10:37:02 -0000

On Tue, Jul 06, 2004 at 10:43:03AM +0100, Matthew Seaman wrote:
> On Tue, Jul 06, 2004 at 12:08:17AM +0300, Giorgos Keramidas wrote:
>  
> > Remember, this is not Windows, where everything is free and you have to
> > share your personal data with the world :P
> 
> ITYM "nothing is free, except other people's access to your data."
>  
> > In short, I've heard of no viruses that affect BSDs during the last 7-8
> > years that I'm using a BSD Unix at home and work.
> 
> The only malware that ever achieved any sort of world prominence was
> the Scalper worm, which exploited the "chunked transfer encoding"
> vulnerability in versions of Apache earlier than 1.3.24 or 2.0.36 on
> i386 FreeBSD:
> 
>     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE+CAN-2002-0392
> 
>     http://securityresponse.symantec.com/avcenter/venc/data/freebsd.scalper.worm.html
> 
> As I remember there were only a few hundred infections, and an Apache
> patch was available within hours.  Hardly the sort of Internet
> destroying scale we've become accustomed to with all those Windows
> worms recently.

If you go back a bit further in time there was the Great Worm of 1988,
which targeted VAX and Sun3 systems running BSD code, and which
actually did bring down most of the Internet at the time.  That was the
incident that got people in the Unix community to start thinking seriously
about security.

As for actual viruses, they are very rare in the Unix world.  I have
heard of one or two proof-of-concept viruses created for Linux, but I
don't think any have ever been found in the wild.

Trojan horses of course exist (as they do on all systems), but in a
world where lots of people compile from source instead of downloading
binaries this kind of code is much harder to hide, and thus less
popular.


One advantage the Unix world enjoys, is that people are running so many
different versions of programs, and many different programs even, on
different kinds of hardware, that it becomes very difficult for any
kind of malware (which almost always contains some system-dependent
binary code) to affect more than a relatively small fraction of the
systems out there, which prevents the rapid infection and spreading
that Windows-based worms tend to have.



-- 
<Insert your favourite quote here.>
Erik Trulsson
ertr1013@student.uu.se