[SATLUG] Scarry stuff...How to write a linux virus in 5 easy steps

Don Wright satlug at sbcglobal.net
Thu Feb 19 15:20:43 CST 2009


On Thu, 19 Feb 2009 14:13:07 -0600, James Tiner <jtiner at satx.rr.com>
wrote:

>OK, I read them (quickly) and still stand by my assertion that it is an
>example of a trojan. 

Yes, the author agrees. He specifically mentions that in part two. So
what? Putting a different name on it does not change the situation.

> ... There is no
>way to make an OS completely safe...

Now that is directly from the Microsoft songbook. It can't be done (so
don't blame us.) Many things exist because the inventor took "it can't
be done" as a starting point, not a destination.

> The only way to
>counter these kinds of attacks is not to approach it as an exploit
>vector but to approach it as a training issue. 

From the original author's follow-up:
"These kinds of comments completely miss the point. The necessity of the
execute bit for normal execution is a big and useful security feature of
*nix OSs, such as Linux. ... So, anything that can take 'difficult'
extra steps off the chain of events towards a successful infection
greatly increases its chances. That's what this article was about: How
to infect a user who just knows how to click with the mouse and has
never heard of permissions or execute flags before. If he had, he
probably wouldn't fall for this anyway."

>In fact, the best way for a home user to mitigate the issues caused by
>this is to tell them to Backup (good advice no matter what system is
>used), Don't open attachments unless you were expecting it and it comes
>from a trusted source (good advice no matter what system is used), and
>Backup (I know, I said it twice but it's the part everyone forgets!!!)

Yes, I teach that too. I still install anti-malware (on Windows) and
promote strong passwords (everywhere). This article was about
strengthening a software product to make it more resistant to exploit.
If you'd like to breed better users, that's a different discussion.
  --Don

-- 
Be well - or at least have interesting symptoms!


More information about the SATLUG mailing list