Would a firewall prevent Sasser worm?

Discussion in 'Computer Security' started by Piotr Makley, May 4, 2004.

  1. Piotr Makley

    Leythos Guest

    That's complete BS - just because you don't think you have a need for it
    doesn't mean that you don't. That's like the security through obscurity
    practice. It will be funny when your machine goes down once they start
    targeting the Linux systems as much as they do the Windows systems.
    Leythos, May 10, 2004
    1. Advertisements

  2. On Mon, 10 May 2004 14:26:05 +0100, Nigel Wade spoketh
    And what, specifically, is "security through obscurity" with Windows?

    Lars M. Hansen
    Remove "bad" from my e-mail address to contact me.
    "If you try to fail, and succeed, which have you done?"
    Lars M. Hansen, May 10, 2004
    1. Advertisements

  3. Piotr Makley

    Nigel Wade Guest

    Really? Why? What's it going to protect me against?
    How so?
    When there is a virus which can actually do damage to me I'll worry about
    it. Until then I'll ignore the paranoia.
    Nigel Wade, May 10, 2004
  4. Piotr Makley

    phn Guest

    Talking about BS seems to be the last resourt when no arguments exists.

    Ok, you claim that Linux needs Virusscanner. Then you must know at least
    one virus that is a threat ti a linux system ? Which one ?

    phn, May 10, 2004
  5. according to a senior manager of symantics security response center:
    <quote source="http://news.com.com/2100-7349_3-5158496.html?tag=nefd_lede">
    "It's definitely not a good thing if 'black hats' have the source code,"
    said Oliver Friedrichs, senior manager with antivirus company Symantec's
    security response center. "The underground can look at the code without
    legitimate security researchers being able to find vulnerabilities first."

    microsoft says this:
    <quote source="ditto">
    "If a **small section** [emphasis added] of Windows source code were to be
    available, it would be a matter of intellectual property rights rather than
    that qualification seems to suggest that this is not so for larger parts of,
    or even the complete, source code.

    jim allchin, senior vp for windows:
    <quote source="http://news.com.com/2100-1001-900905.html?tag=nl">
    "The more creators of viruses know about how antivirus mechanisms in Windows
    operating systems work, the easier it will be to create viruses or disable
    or destroy those mechanisms,"

    needless to say, none of this applies to linux, whose source code is
    publically available. nothing needs to be reverse engineered, so not only is
    its code "theoretically [...] open source" "to a good reverse engineer", it
    is open source full stop, to everyone.

    -- j
    Jörn W. Janneck, May 10, 2004
  6. Piotr Makley

    Dr Chaos Guest

    I do.

    Suppose the steering wheel of your car were affixed with a sharp protruding

    And the driving instructors kept on mentioning how important
    it was to "brake slowly and softly".

    I blame a language for encouraging "incompetence" from ordinary human
    Dr Chaos, May 10, 2004
  7. In comp.lang.java.advocacy, Bernd Felsche
    I don't know if I'm that averse to the look (although my
    cluttered Windows desktop is hardly good advertising!)
    but it's the feel I hate. I like focus-follows-mouse.
    I hate click-to-focus.

    There's also tabbed browsing and useful command editing in bash
    (Windows doesn't have command completion by default although it
    does have history -- I think command completion can be turned
    on with a registry tweak but Cygwin, which has an implementation
    of bash on Windows, is so slow to scan the commands that I for
    one usually don't bother with command completion. File completion
    works reasonly well.)

    ObJava: Java could use a command line although a Swing text
    widget works reasonably well for most applications. 'Jash'
    would be a mildly interesting if somewhat limited shell.
    Perhaps with Jython?
    First I've heard of this...but somehow XP seems to be yet
    another release of Microsoft Windows, despite using better
    technology (NT) underneath. Not that NT is all *that*
    great but it beats DOS. (Then again, a wooden stick with
    pitch on it could beat DOS. :) It barely qualifies as
    a program loader, interrupt manager, and clock manager,
    let alone an OS. At least NT/2k/XP can load display drivers.)
    The Ghost In The Machine, May 10, 2004
  8. In comp.lang.java.advocacy, Bernd Felsche
    I don't know about SuSE but I know Debian requires the creation
    of a non-root account. (Gentoo is a little weird but then it's
    not intended for total newbies. I'd have to look to see what
    Gentoo says about creating user accounts, if anything.)
    The Ghost In The Machine, May 10, 2004
  9. Piotr Makley

    Leythos Guest

    Don't take my word for it - there are 404 current virus's on record for
    Linux / Unix systems listed by F-PROT:

    Leythos, May 11, 2004
  10. Piotr Makley

    phn Guest

    Looking further shows up :

    with a list of 2 (two) worms attacking certain versions of Apache.

    ( Unix/Scalper UNIX/Slapper )

    Still no Linux-virus in sight. It seems more and more likley that :
    - there is no such thing as a 'Linux virus' and
    - someone is sending FUD ( and fails )

    phn, May 11, 2004
  11. See http://librenix.com/?inode=21
    Bernd Felsche, May 11, 2004
  12. Piotr Makley

    phn Guest

    Nice article ! The reference to "bliss" as 2 "virus, the only known
    linux-virus" is at closer inspection not a virus that can spread
    between machines, instead it's something that needs a human
    to spread by movong executables between machines. That makes it
    very much inferior to most Wintendo-eating virii. ( AT least
    this is one aspect where windows is superior to Linux, i'll have
    to admit that).

    Let's hope that FUD about Linux ( and unix) regarding virus and
    worms has been shown to be - Fear Uncertenty and Doubt !
    phn, May 11, 2004
  13. :> Linux doesn't require any AV software, and therefore no updates either.

    :That's complete BS - just because you don't think you have a need for it
    :doesn't mean that you don't. That's like the security through obscurity
    :practice. It will be funny when your machine goes down once they start
    :targeting the Linux systems as much as they do the Windows systems.

    I am -trying- to satisfy a hospital's security policy that all hosts
    that connect remotely to them be running virus scanners (and the
    virus definitions and virus engine updates have to be checked for daily
    under the policy.) I am, though, having, rather some difficulty
    in finding a filesystem virus scanner for IRIX. I found reference to
    exactly one such product, but they dropped IRIX support about 3 years ago.
    I've found virus-scanning mail filters, but it isn't clear that
    one of those would be enough to satisfy the hospital security policy.

    I have been surfing for a number of hours over several days, and I have
    yet to find a virus that affected IRIX. Remote exploits, yes: there is
    a known remote exploit of an old telnetd hole, but that was launched
    manually at a targetted machine and did not spread from system to system
    automatically. Similarily for the tooltalk exploit that someone formed
    into a "root kit" awhile back. So I'm not saying by any means that IRIX
    security is perfect (it isn't), just that as best I can tell there has
    never *been* an IRIX virus. (And if you dig up the old posting by
    Greg Douglas about the Alyssia Macro Virus: look carefully at date on it.)

    Now, as the hospital would certainly not be amused if our IRIX systems were
    to be 0wn3d "once they start targetting IRIX systems as much as they do
    Windows systems", then perhaps, Leythos, you could help me by pointing out
    a (non-trivial) filesystem virus scanner that is available for IRIX?
    Walter Roberson, May 11, 2004
  14. Piotr Makley

    Mailman Guest

    Does it say in your specs what virus scanner you have to run, or can it be
    anything? If yes just download and install http://clamav.sourceforge.net
    and Bob's your uncle.

    Of course, it does not scan for IRIX-specific viruses, for the simple reason
    that no such are known (you would be in the same position with a VAX or
    DG/UX), but it would satisfy the requirement. If they ask: by definition
    you cannot scan for unknown viruses, you must have a known signature. BTW,
    that is my main objection to all virus scanners - they are an essentially
    reactive measure.
    Mailman, May 11, 2004
  15. Piotr Makley

    Nigel Wade Guest

    The Microsoft policy with regard to security.

    Hide the source code and hope no-one spots vulnerabilities in the binaries.
    Nigel Wade, May 11, 2004
  16. Piotr Makley

    phn Guest

    Don't you read the thread ?? You don't need AV software for un*x since
    there is no such virii.

    The issues you bring up is "exploitable holes" which of course needs
    to be addressed, but that is via "normal system upgrades". Your SGI
    representative will be happy to advice you, reading CERT will also
    keep you updated with many of the problems.
    phn, May 11, 2004
  17. I think his point is that he needs AV software because the hospital
    policy requires it, not because he expects to have viruses found on the
    box in question.
    J. F. Cornwall, May 11, 2004
  18. Piotr Makley

    Leach Guest

    Look for intrusion detection software, and tell them it's a superset
    of virus detection. Heh.
    Leach, May 11, 2004
  19. Piotr Makley

    phn Guest

    Quite possible, but that is as stupid as to demand lead-free gasoline
    in all company cars - even if they are diesel powered.

    Braindead policys is one of the big risks !!
    phn, May 11, 2004
  20. Piotr Makley

    Leythos Guest

    I designed networks for medical centers and other health-care provider
    networks, but I don't have a clue as to what IRIX is?
    Leythos, May 12, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.