> The Anti-virus programs that are made to run on > GNU/Linux and *BSD servers, are to filter out, and > protect, computers that operate Microsoft window > products, possibly connected to our POSIX system > server. Anti-virus programs are NOT for POSIX > compliant Operating Systems. I know at least one AV products contain virus sigs for *nix only viruses, and I'll bet several more do as well. If you have f-prot, look at the "-virno" output once. > > There are about 14 exploits for POSIX compliant OSes. You'll have to elaborate on what you mean by "14 exploits". There have been thousands of exploits for POSIX compliant OSes over the years, so I'm not sure what you mean. There are definitely more than 14 mal-ware programs in existence for POSIX compliant OSes. > The automatic execution of a program, due to the macro > program that is called up by the filename extension in > Microsoft windows OSes, does not function in that > manner in any POSIX variant OS. Several applications that operate in "POSIX compliant" OSes have file associations, whether it's by mime type or file extension, that have the same effect as "automatic execution" under a windows OS. These associations are usually within the application and have little to do with the "POSIX compliant" OS. As an example, Netscape was often setup by people with a file association that would cause any file ending in ".sh" to be executed by a local shell. Can you imagine the security implications of this? Thankfully, most people know better by now, and no longer do this. Imagine a script that simply had: rm -rf / in it. While a non-root user wouldn't wipe out the OS, any file that is contained in a directory that the user has write access to would be wiped out (assuming no additional file attributes have been set on it -- chattr +i, etc). > > So, there is no automatic exploit in any POSIX > compliant system. I think that needs to be elaborated on. As your statement stands now, it isn't true. POSIX is a standard, a spec, and while most *nix OSes try to follow it, none are 100% compliant. Read the LKML archives, you'll see what Linus' opinion is on POSIX (i.e. it shouldn't be followed where it doesn't make sense to follow it). I tend to agree with him too. > do, they need root access! That is why there will > never be any virus, and few w0rm exploits, in > GNU/Linux. That is simply naive. To say there will never be any viruses in GNU/Linux is just plain wrong. If you really believe this, please cross post this to a few of the well known security mailing lists and see what kind of response you get. All it takes is a remote exploit in any program to create a successful worm. Any one who pays attention to security knows that there have been thousands of remote exploits in POSIX compliant OSes over the years. > There are some potential threats from applications > which are permitted some range of access to system > processes, and open up a vulnerability. The concept That's the problem. There are several applications that require privileges beyond the standard user. And since most "standard" POSIX compliant OSes only have 2 levels of security (root and non-root), these programs must run with some root privs in order to operate. So, almost any bug in a program running with those privileges can be used to "own" the system. The traditional *nix security model isn't as great as many think. In it's basic form, it's a simple binary model: you either have all privs (root), or no privs (non-root). That is why there are so many other OS research projects out there that are trying to create a better security model (plan 9 is one of the more well known research projects). It's also why there are so many projects that are trying to retrofit Linux with a more secure security model: SE Linux, LIDS, Grsecurity, RSBAC, Medusa, the list goes on. While *nix security isn't the best, it's generally a lot better than the alternatives. > caught very quickly. If you monitor any of the major > distribution websites for any of the Open Source > software and OSes, you will see these patches. Yes, but most of the worms in the past have exploited flaws where patches have already been available, and yet they were still able to spread quite successfully because too many systems weren't patched. I recommend viewing a lot more than the your vendor's web site for patches. In many cases, you can pick up news of a new security bug long before a vendor comes out with a fix. In a perfect world with a perfect GNU/Linux OS, no virus or worm would exist because there would be no security bugs to exploit. Unfortunately, that just isn't the case. If these "simple notes" are supposed to be for newbies, please be careful in what you post to the list. The last thing we need is to mis-inform our Linux newbies on the list and give them a false sense of security while using Linux (or any *nix). That will simply lead to a lot more *nix boxes being owned. For those newbies on the list, please remember that "Security is a process, not a product." -- Bruce Schneier -- Steve Bremer RHCE,CCNA -- Real Men don't make backups. They upload it via ftp and let the world mirror it. -- Linus Torvalds -- GnuPG Key fingerprint = 7F06 4D73 7963 BE96 5189 953A E285 CB2C BA03 2746 Available on key servers. ---- Husker Linux Users Group mailing list To unsubscribe, send a message to huskerlug-request@xxxxxxxxxxxxx with a subject of UNSUBSCRIBE