[linux-elitists] Comprehensive list of Linux malware

Aaron Sherman ajs@ajs.com
Thu Dec 2 14:36:30 PST 2004


On Sat, 2004-11-20 at 11:05, Etienne Goyer wrote:
> Mike MacCana wrote:
> > - Executable files not used to package software
> > Legitamite software is supplied as a package file that  only needs to be 
> > read by an existing, trusted executable installation app (ie, up2date, 
> > apt-get).
> 
> Considering package install script can do pretty much anything, and are 
> usually runned as root, this is a purely academic advantage.  The trust 
> associated with signed package is a plus, but not a panacea either.


It's also not true. While Linux purists may not be happy with it, one of
the first things that most Linux and NVidia users do is download the
binary-only NVidia driver from nvidia.com and execute it (it's a shell
script, self-installer).

There are also a number of shar archives from older systems (esp.
Usenet) and as you mentioned, a "package" is essentially a shell script
+ tar ball (actually RPM as a specific example uses cpio not tar, but
same-same).

Here's my list of why user security is higher under Linux:

     1. Users are encouraged to work with a command-line and understand
        their system better.
     2. User separation (in concept and in practice) means that having
        access to a user account doesn't let you do many of the things
        that you might want (even more true with SELinux) as an
        intruder.
     3. Windows. Seriously, Windows takes a lot of heat off of Linux.
        It's good not being the primary target of attacks.
     4. Less low-level integration. Integration between applications
        happens at a fairly high level. This means that it is slightly
        more obvious to the developer of a piece of code that this code
        will have to deal with untrusted data. Under Windows, as a
        counter-example, the very low level integration between IE and
        the desktop makes this distinction harder.
     5. Availability of a unified update scheme for supported,
        unsupported and third-party software.
     6. Diversity of Linux implementations makes it a harder generic
        target than a monolithically controlled OS.

Let's not be unrealistic, thought. None of these are magic bullets, and
Linux malware is not unheard of or particularly complex.

-- 
☎ 781-324-3772
✉ ajs@ajs.comhttp://www.ajs.com/~ajs




More information about the linux-elitists mailing list