Date: Thu, 2 Aug 2001 12:33:27 -0500 From: Mike Meyer <mwm@mired.org> To: "Ted Mittelstaedt" <tedm@toybox.placo.com> Cc: questions@freebsd.org Subject: RE: just how many known viruses are there for FreeBSD? Message-ID: <15209.36583.275322.272534@guru.mired.org> In-Reply-To: <83418979@toto.iv>
next in thread | previous in thread | raw e-mail | index | archive | help
Ted Mittelstaedt <tedm@toybox.placo.com> types: > This is the most naieve thing I've ever read. The most famous virus in ^^^^^ > history, the Morris Internet Worm, was written for UNIX systems, in ^^^^^ > particularly BSD! The GAO estimated between $100,000 and 10 million dollars > of damage was done by it. And this was in 1988!!!!! Those are different things. A virus attaches itself to an existing executable, and is only executed when that executable is run. The Winux virus mentioned earlier does that. A worm is an indepedent program that uses flaws in the system security - root exploits - to copy itself around. That's what the morris worm did. > see http://classes.cec.wustl.edu/~cs423/FL2000/MorrisWorm.html if you never > heard of the Worm. Damn thing cost me a weekend auditing boxes. > >around on the box. The security model that UN*X systems are built on makes > >it almost impossible for a program [virus] to do any kind of damage, > Absolute rubbish. In fact the superuser account is a giant headache and > hole for people trying to protect against virus/worm programs because once you > have access to root the entire security on the system becomes worthless. Because the root account gives you access to everything, it makes viral behavior sort of moot. Worms can do anything a virus can do, and are easier to write. Having any kind of omnipotent account is a violation of the defense in depth security model - which is the one that seems to work best. With ACL's coming in 5.0 - at least, I think they are - it might be possible to start talking about doing away with the root account, or at least making it optional. That's a non-trivial exercise, though. > 1) Most UNIX systems are run by administrators that have a brain and as a > result when security holes are discovered, everyone patches almost > immediately. This wasn't true when the Morris worm hit. It used two security holes - not counting rsh/rexec - to break into a system. The one in sendmail was well known, but every major BSD-based system shipped with that hole in place, and no patches were available to close it. The Morris worm was a wake-up call for the internet community. CERT was founded as a response to that incident. It raised administrators level of awareness to security issues. Possibly code red will have that effect on Windows admins. Even better would be if it had that effect on pointy-haired managers, but that's to much to hope for. <mike -- Mike Meyer <mwm@mired.org> http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15209.36583.275322.272534>