[PLUG] Dealing with security

alan alan at clueserver.org
Mon Feb 3 15:29:01 UTC 2003


On 3 Feb 2003, Ed Sawicki wrote:

> In this case, the discussion was about Linux servers.
> 
> 
> 
> On Mon, 2003-02-03 at 14:17, Wil Cooley wrote:
> > On Mon, 2003-02-03 at 12:19, Ed Sawicki wrote:
> > > I was asked by two people recently about Linux virus
> > > scanning. One asked why there doesn't seem to be many
> > > or any virus scanning software for Linux that a business
> > > can use. The other wondered why Linux was less susceptible
> > > than Windows.
> > 
> > For one thing, there are almost as many virus-scanners for Linux as
> > there are for Windows.  All of the "store brands" have Linux versions of
> > their scanners:  McAfee, Symantec, etc., as do most of the more focused
> > brands like Sophos, F-PROT, etc.

And you need them for scanning Windows files and documents.  (FTP servers 
and SMB shares used by marketing people are a prime target for this sort 
of scanning need.)

I have found that the Linux versions are usually more expensive because 
they assume that if you are using Linux, you will be doing "corporate 
work", therefore they can suck more money out of you.

> > He's also right that in many ways, a Linux workstation is as susceptible
> > as a Windows workstation.  Sure, we do have privileges, chroot jails and
> > whatnot--but a user-level virus (say, from downloading a binary or
> > trojaned source) which did nasty things would be equally as devastating
> > from a user's standpoint--it could delete all your (user-owned) data
> > files and/or send porn web sites to your entire addressbook, including
> > your grandmother and customers.  It would no doubt be less effective
> > because of the heterogeneity of our systems and lack of standardization
> > and sharing among applications.  (E.g., every mail application has its
> > own addressbook.)

But Linux does not have anything as wide-open as Outlook.  (Where the 
features have been pushed through by the S&M department, without reguard 
to common sense.)

> > And let's face it, there's a lot of crappy code out there, particularly
> > in user-level applications.  And with StarOffice being so compatible
> > with MS Office, it wouldn't surprise if some of the same Word macro
> > viruses would work.

Actually we are starting to see some of the same things working, but not 
from OpenOffice as much as Wine.  (Wine is set to run .exe files by 
default with some configurations.)

> > We like to think we're safer, but the fact is once we've become
> > comfortable with that and cease vigilance--we too will fall prey.
> > 
> > The arguments about popularity hold some water, but like most
> > unqualified generalisations, are not necessarily true.  Using a
> > rarely-used distro, OS, application means most of the time the
> > proof-of-concept or skript-kiddie exploits won't work.  It doesn't mean
> > you're not vulnerable to the flaw in general, but there may not be
> > active exploits on the net for it.

Actually we are much less vulnerable now.  The question is if we can stay 
that way.

>From what i have seen, the answer is "yes".  The question of if anyone 
will use it is still to be determined...





More information about the PLUG mailing list