[linux-elitists] Comprehensive list of Linux malware

Mike MacCana mmaccana@redhat.com
Thu Dec 2 18:53:39 PST 2004


Aaron Sherman wrote:

>On Sat, 2004-11-20 at 11:05, Etienne Goyer wrote:
>  
>
>>Mike MacCana wrote:
>>    
>>
>>>- Executable files not used to package software
>>>Legitamite software is supplied as a package file that  only needs to be 
>>>read by an existing, trusted executable installation app (ie, up2date, 
>>>apt-get).
>>>      
>>>
>>Considering package install script can do pretty much anything, and are 
>>usually runned as root, this is a purely academic advantage.  The trust 
>>associated with signed package is a plus, but not a panacea either.
>>    
>>
>
>
>It's also not true. While Linux purists may not be happy with it, one of
>the first things that most Linux and NVidia users do is download the
>binary-only NVidia driver from nvidia.com and execute it (it's a shell
>script, self-installer).
>  
>
That's the exception, not the rule. How many other major pieces of 
software are provided as self extracting executables?

>There are also a number of shar archives from older systems (esp.
>Usenet) 
>
How many of those are still used today?

>and as you mentioned, a "package" is essentially a shell script
>+ tar ball (actually RPM as a specific example uses cpio not tar, but
>same-same).
>  
>
Yes, but that's irrelevant. If it was a signed tarball and tar gave you 
warnings/errors if it wasn't signed  by someone you trust , you'd still 
have the same benefit.

>Here's my list of why user security is higher under Linux:
>
>     1. Users are encouraged to work with a command-line and understand
>        their system better.
>  
>
True, but that's changing over time.

>     2. User separation (in concept and in practice) means that having
>        access to a user account doesn't let you do many of the things
>        that you might want (even more true with SELinux) as an
>        intruder.
>     3. Windows. Seriously, Windows takes a lot of heat off of Linux.
>        It's good not being the primary target of attacks.
>     4. Less low-level integration. Integration between applications
>        happens at a fairly high level. This means that it is slightly
>        more obvious to the developer of a piece of code that this code
>        will have to deal with untrusted data. Under Windows, as a
>        counter-example, the very low level integration between IE and
>        the desktop makes this distinction harder.
>     5. Availability of a unified update scheme for supported,
>        unsupported and third-party software.
>     6. Diversity of Linux implementations makes it a harder generic
>        target than a monolithically controlled OS.
>  
>
Agreed on all.

Mike



More information about the linux-elitists mailing list