Date: Mon, 29 Mar 1999 16:14:06 -0500 From: Brian Reichert <reichert@numachi.com> To: freebsd-security@FreeBSD.ORG Subject: Re: virus announcements? Message-ID: <19990329161406.G2501@numachi.com> In-Reply-To: <36FFE82E.9FF42BF9@intech.net>; from Coranth Gryphon on Mon, Mar 29, 1999 at 03:53:02PM -0500 References: <36FFE82E.9FF42BF9@intech.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Mar 29, 1999 at 03:53:02PM -0500, Coranth Gryphon wrote: > I know that this is a general security list, but is is appropriate > to post virus announcements here for beasties which cannot affect > FreeBSD (or any unix) directly? >>>> info freebsd-security FREEBSD-SECURITY Security issues FreeBSD computer security issues (DES, Kerberos, known security holes and fixes, etc). So, I would think not. There are a number of well-established lists for virus warnings, and 'general' security problems. Viruses, as these are discussed, are - not a concern for a FreeBSD system, directly. If it is revealed that a virus 'tickles' a badly configured system utility, then notice should be sent out that the utility is badly configured (which is now the concern). I feel then that the virus is then immaterial. - not usually a concern for UNIX users, for (in general) they don't use tools that run arbitrary code. (That's why a lot of informed people turn off Java and Javascript in a browser.) I feel that the core issue of UNIX security is to keep users (local or remote) from hurting each other, or the system. If they want to adopt practices wherein they hurt themselves, that's their problem. > -coranth Hey! Long time no see! > PS> And maybe it's just me, but sending a virus alert about attachments > and putting the data in an attachment, seems to defeat the purpose... I've never seen a virus alert about an 'attachment'. I've seen alerts about specific document types, that may be stored in an attachment via email. Said document types may also be retrieved by a web browser, or utilized from a local hard drive. In all of these cases, the virus is activated (ie., granted control) _by the viewing tool_, not by the storage/retrieval/MIME mechanism. Configuring a personal environment that runs arbitrary code supplied from the internet is silly. Pie In the Sky: it would not be an issue of people used real software. And as for using attachments to store separate discrete documents, well, isn't that what they're _for_? > ---------------------------------------+---------------------------- > Coranth Gryphon <gryphon@hway.net> | Work Phone: 561-912-2497 > Chief Architect, Hiway Technologies | #include <std.disclaimer> > ---------------------------------------+---------------------------- > When all else fails, do the impossible. -- Brian 'you Bastard' Reichert reichert@numachi.com 37 Crystal Ave. #303 Current daytime number: (603)-434-6842 Derry NH 03038-1713 USA Intel architecture: the left-hand path To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990329161406.G2501>