Re: OT: anti-malware progs ineffective
From: Fred Abse (excretatauris_at_cerebrumconfus.it)
Date: 02/01/05
- Next message: Pat Ford: "Re: OT: anti-malware progs ineffective"
- Previous message: Bob Brogan: "LED output help"
- In reply to: Robert Monsen: "Re: OT: anti-malware progs ineffective"
- Next in thread: Pat Ford: "Re: OT: anti-malware progs ineffective"
- Reply: Pat Ford: "Re: OT: anti-malware progs ineffective"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 01 Feb 2005 19:08:12 +0000
On Mon, 31 Jan 2005 18:33:44 -0800, Robert Monsen wrote:
> Fred Abse wrote:
>> [quoted text muted]
> If you have root access, anything is possible. Preventing root access has
> always been the problem with unix systems. Replacing kernel modules would
> be trivial with root access.
True, the name of the game is preventing unauthorized people getting root
access. Easier said than done, sometimes.
> The real problem with linux, however, is the complexity of what runs in
> the kernel. The number of developers whose hands are in there is
> enormous,
OTOH, there's a large amount of peer review. Closed-source can by its
nature not get the same scrutiny.
> when you consider networking, file systems, scheduler, and
> devices. Any of these subsystems could have a (possibly unrecognized)
> backdoor that could be exploited.
This has happened, and will continue to happen. However the likelihood of
its being spotted is much greater, and, once spotted, patches appear in
days, sometimes hours.
Hell, Microsoft are still releasing fixes for such basic things as buffer
overruns on Win2K. We're now in 2K5
This leads to allowing users root
> access, leanding to security holes. A microkernel is far less likely to
> allow this sort of exploit.
I agree about microkernels. Sadly, as you said yourself, nobody has yet
made a usable system out of one.
>
> I spent time helping to secure a linux network appliance, and
> applications that act as servers usually require root privs.
I'll concede that some server apps need to be suid root. Good ones won't
even install for userid 0.
> That means
> they are susceptible to inadvertently allowing root access.
Not per se.
You might be
> suprised at how easy this sort of problem is to overlook.
Believe me, I'm not.
> Again, this is
> a big problem with unix. You might recall the issues that sendmail and
> bind have had. Most of these are user setup problems, as the developers
> are quick to point out, but that doesn't really help if your system is
> compromised. There are so many knobs on a typical linux app that people
> tend to tweak the knobs just to see what's up. Disaster waiting to
> happen. Often, they don't even need user access to use your system for
> no good.
That's down to poor quality administration.
>
> Once the hacker gets root access, and installs a root kit, you will
> never know he is there, even while you are using the system. You think
> you own the machine, but you really don't... It could be sending spam,
> being used as a platform for denial of service attacks, etc. There was a
> raft of problems in the last few years with spammers using improperly
> installed sendmails as relays. They use it till your ISP turns off your
> account, or you get blacklisted, in which case your email is then
> forever dropped at most major hubs.
Most major ISPs are actvely probing their address space for open relays,
now. Should have happened five years ago.
> However, the spyware sickos are a whole different breed. They don't need
> to hack the kernel on Windows. They trick users into installing
> malicious applications, and later start up these malicious applications
> which then monitor what's going on. There is nothing stopping somebody
> from doing this with linux as well. User programs can almost always
> write into their own bins, modify their startup files, edit their .kde
> or .gnome files, etc. They can read any file the user owns, monitor
> network traffic, etc.
At least that approach will only screw up one account. It won't take the
system down.
> The fact that it takes somebody who knows a bit to set up and maintain a
> linux box means that most linux users are probably somewhat less
> oblivious to the risks, and secure their boxes more carefully, and are
> thus less prone to problems. Let's see what happens when everybody's
> mother is running linux, and the support for the 200 million users is
> Linus Torvolds and 100 teenage undergrads.
I hope that day never comes. I like being in a minority. However, if it
ever does, support will be much the same as it is now with Windows. The
big box-shifters provide support to their customers. OEMs provide support.
Linux distros provide support. How many end users, other than large
corporates get support direct from Microsoft?
Linus Torvalds does provide (expensive) support, mainly to distros. I
doubt there are many teenage undergrads on his team. Postgrads in their
twenties, perhaps. Linux is a business, now.
> The hope that linux will help in any way with spyware or adware is just
> more wishful thinking.
I don't think we disagree about that.
--
Then there's duct tape ...
(Garrison Keillor)
- Next message: Pat Ford: "Re: OT: anti-malware progs ineffective"
- Previous message: Bob Brogan: "LED output help"
- In reply to: Robert Monsen: "Re: OT: anti-malware progs ineffective"
- Next in thread: Pat Ford: "Re: OT: anti-malware progs ineffective"
- Reply: Pat Ford: "Re: OT: anti-malware progs ineffective"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
