From: "Patrick O'Callaghan" <pocallaghan@xxxxxxxxx> Sent: Friday, 2010/April/16 22:49 > On Fri, 2010-04-16 at 19:43 -0700, jdow wrote: >> From: "Patrick O'Callaghan" <pocallaghan@xxxxxxxxx> >> Sent: Friday, 2010/April/16 16:51 >> >> >> > On Fri, 2010-04-16 at 13:47 -0700, jdow wrote: >> >> From: "Patrick O'Callaghan" <pocallaghan@xxxxxxxxx> >> >> Sent: Thursday, 2010/April/15 13:31 >> >> >> >> >> >> > On Thu, 2010-04-15 at 13:02 -0700, Michael Miles wrote: >> >> >> Is Fedora really that secure? >> >> > >> >> > Even if we limit the discussion to email viruses, that's a very >> >> > complex >> >> > and difficult question (to which the answer is "yes" :-). It's not >> >> > an >> >> > attribute exclusive to Fedora as such, but to all Unix-based >> >> > systems, >> >> > mainly for three reasons: >> >> > >> >> > 1) The mail client isn't running as root. >> >> > 2) Even when running as root, Linux mail clients won't blindly >> >> > execute >> >> > attachments. >> >> > 3) Even for executable attachments, the virus is written for Windows >> >> > and >> >> > won't run on Linux. >> >> > >> >> > Of course it's in principle possible to get past all the above >> >> > barriers, >> >> > so *in theory* you can have a Linux virus, assuming the user is >> >> > stupid >> >> > enough to run an unknown executable. As I say, I've never seen one >> >> > in >> >> > the wild. >> >> > >> >> >> I come from windows and I am amazed at how not secure windows is. >> >> > >> >> > See (3) above. Most viruses are written for Windows as it's the most >> >> > popular platform. MS likes to pretend that's the only reason it gets >> >> > all >> >> > the grief, but there are other factors. >> >> >> >> Patrick, the best AV tool of all is a savvy user given the number of >> >> social engineering attacks of late. And, at least historically, 'ix >> >> users >> >> have been quite savvy about security. That makes a huge difference. A >> >> single mistake running something you should not have because it looks >> >> important can bust your whole day. Based on the security forums I read >> >> I'd not consider Linux bullet-proof "today" - kernel null pointer >> >> dereferences and mmap are your enemy du jour. >> > >> > Again, you're answering the wrong question. This thread is not about >> > the >> > general security or otherwise of Linux. It's about vulnerability to >> > viruses. >> >> If you are being picky regarding "virus", "trojan", etc then begone >> little >> boy, you bother me. It does not matter one bit the means of transmission >> if the system is compromised in a manner than a piece of what is >> conventionally called "anti-virus software" would have prevented the >> problem? > > Which of the vulnerabilities discussed on the kernel list is > communicable via an email message in such a way as to compromise the > security of the target system without manual intervention on the part of > its user? Please be specific. Here is a non-LKML reference with a full explanation of the problem: Some background: http://blog.ksplice.com/2010/03/null-pointers-part-i/ How to exploit it: http://blog.ksplice.com/2010/04/exploiting-kernel-null-dereferences/ The exploit can be delivered through email and introduced into the machine via targeted social engineering. If you can be tricked into allowing it to run, you're toast. ANY means of getting into the machine and having code execute is sufficient to allow the exploit to run within the kernel at kernel privilege. Such means have existed in the past. I've read about the victims' problems here on this and predecessor lists. That's why chkrootkit and rkhunter exist. If somebody wishes to make Linux his main computing environment something which traps intrusions and malware as it enters the machine and before it's executed can probably save a world of hurt. I've lost disk drives and suffered the hurt of discovering the first level backup was bad. I lost some work and emails. If your machine becomes compromised, what can you save? What can you trust? You have to make an executive decision and hope your backup is from before the attack. Then maybe you can recover more recent data and email, if you can trust your backup to be safe. I prefer to spend some money to protect valuable data and save valuable recovery time. What you actually said was, "Clamav is usually installed by people running mail servers for users who access them from Windows. If all you're doing is reading mail in Linux, it's extremely unlikely that you even need it." The first sentence is true. The second one is true but limiting beyond belief. Computer users do not only use the machine for email. It leaves an implication that it's probably safe for email. The null pointer dereference issue makes you vulnerable within email if you can be tricked into running a program send in the email. If this is not closed up VERY quickly I expect a nasty problem problem for Linux, shortly. The wakeup call will have the good effect of waking up the community to the little detail that "nothing's perfect". As for running other things on the 'ix system, it seems a wine install so that a person can run something not available for Linux can lead you into problems. Seems somebody here mentioned an infected Wine install. I'd not bet all 7 were false alarms. And, if one could manage to escape the wine cellar.... {^_^} -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines