Announcement

**kc8adu** · 02-23-2010, 11:29 AM

Re: LOL virus fail.

i too could run windows boxes without av or am software.
most infections are user inflicted anyway.i am sure as linux gains a user base malware will follow.the plug ins flash,ect tend to be the security problem lately.
all this lixux vs windows shit is as pointless as the ford vs chevy.
most problems with malware are user headspace errors.
i got a good laugh out of one of those pages with the windows security center theme.
show how lazy the writers of the malware are.anyone who knows anything at all about making a page should know how to detect the browser and o.s.

**washu** · 02-23-2010, 11:32 AM

Re: LOL virus fail.

acstech: I agree that the post above is childish, but you seem to miss the point. This isn't a Linux VS Windows, it's that Firefox failed and failed big-time. Just because the payload wasn't targeting your OS doesn't mean that your security didn't fail. If Firefox allows this sort of thing to happen on any OS then it failed and has nothing to do with Windows' security at all. If Firefox can run an .exe on Windows then what is stopping it from running an executable on Linux? Nothing.

**kaniki** · 02-23-2010, 11:33 AM

Re: LOL virus fail.

Get it out of your system??? I agree that this is getting childish a little bit, and you are correct, this should never have gotten into the whole windows vs Linux thing. Yes you are correct that most viruses are on windows, but on the other hand, Ill bet that if Linux was a much bigger player then there would be a lot of viruses for linux too.

The facts are the facts. Linux does not get viruses, windows does, mac I believe i heard 1 or 2 but not much. but if MS lost its whole hold on the market then i will bet that linux would be getting them just as bad as windows does..

truthfully, i think it was more wierdlooking guy that started the whole windows vs linux things because things were civil before that

Originally posted by weirdlookinguy

I love how you Linux fans always tout viruses as the #1 reason why Windows sucks. I've been running with no antivirus for the last four years (mostly on XP) and have had ZERO infections. This is with constant P2P downloads. So long as you know what you're doing, there is very little risk of getting a virus.

Promote Linux on its own merits, not on BS lies about Windows.

can we just drop the whole windows vs linux thing now..

**kaniki** · 02-23-2010, 11:38 AM

Re: LOL virus fail.

Originally posted by washu

acstech: I agree that the post above is childish, but you seem to miss the point. This isn't a Linux VS Windows, it's that Firefox failed and failed big-time. Just because the payload wasn't targeting your OS doesn't mean that your security didn't fail. If Firefox allows this sort of thing to happen on any OS then it failed and has nothing to do with Windows' security at all. If Firefox can run an .exe on Windows then what is stopping it from running an executable on Linux? Nothing.

wrong.. it is not that firefox failed because some viruses are run through things like java or flash or shockwave player and in those cases, it would not be firefoxes, nor IE's fault.. but the facts still remain, someone was not doing the job right and things were left open, so i would say put the blame evenly between them all.. including firefox and IE

**stj** · 02-23-2010, 11:50 AM

Re: LOL virus fail.

Originally posted by washu

If Firefox can run an .exe on Windows then what is stopping it from running an executable on Linux? Nothing.

actually, Linux runs ELF files, not EXE's
and they would only have write-accerss to the user's area.

so they couldnt touch the o.s. or insert themselves into a running task.
the only thing they could do is try to trash your documents & porn collection.

also, soon as the user logs out or reboots the system - the running task is toast.

**washu** · 02-23-2010, 11:52 AM

Re: LOL virus fail.

Originally posted by kaniki

wrong.. it is not that firefox failed because some viruses are run through things like java or flash or shockwave player and in those cases, it would not be firefoxes, nor IE's fault.. but the facts still remain, someone was not doing the job right and things were left open, so i would say put the blame evenly between them all.. including firefox and IE

Even if it was Java or Flash or something else, the point is that it wasn't Windows that failed or Linux that succeeded. The same attack would have worked on Linux had it been a target. There is nothing in Linux's security model that would stop this. It would have worked on OSX or FreeBSD or pretty much any "normal" OS had the payload been written for it.

**washu** · 02-23-2010, 12:02 PM

Re: LOL virus fail.

Originally posted by stj

actually, Linux runs ELF files, not EXE's

I'm well aware of the Linux's executable formats. Sorry if I was not specific enough.

and they would only have write-accerss to the user's area.

so they couldnt touch the o.s. or insert themselves into a running task.
the only thing they could do is try to trash your documents & porn collection.

And the same thing would happen on a default Vista or 7 install or a properly configured XP. Besides, one's documents are far more important than the OS and neither Windows or Linux protects them from something like this.

also, soon as the user logs out or reboots the system - the running task is toast.

True, but not really relevant. There is nothing preventing the virus/trojan from auto starting once the user logs back in. A virus can still do lots of damage with only user level access. A common thing is to be a spam relay an that works fine from a user level account.

**acstech** · 02-23-2010, 12:38 PM

Re: LOL virus fail.

Here's a couple articles.

http://librenix.com/?inode=21

http://linuxmafia.com/~rick/faq/index.php?page=virus

**washu** · 02-23-2010, 12:55 PM

Re: LOL virus fail.

acstech:

Neither of those articles say that a Linux Virus is impossible, just hard.

Also, none of them claim Linux has any sort of security features not present in Vista or 7 by default, or configurable on XP.

**stj** · 02-23-2010, 01:10 PM

Re: LOL virus fail.

windows has loads of ports open by default to the o.s.
think hackers keep finding bugs?
impossible - they are just finding undocumented entrypoints that are there intentionally!

**washu** · 02-23-2010, 01:12 PM

Re: LOL virus fail.

Originally posted by stj

windows has loads of ports open by default to the o.s.
think hackers keep finding bugs?
impossible - they are just finding undocumented entrypoints that are there intentionally!

You are about 6 years out of date. Windows has had zero open ports to the outside world since XP SP2 came out. By default.

**acstech** · 02-23-2010, 01:37 PM

Re: LOL virus fail.

Wow, you read fast.

Did I ever say they were impossible? Anything can be broken given enough time and effort.

In the case of those I have running Linux, it's kind of hard for them to screw it up. Even if there did exist the "Linux Virus" all it could do is infect user binaries, stored in their home folder under various dot folders and files (hidden). As I don't give them the root password, or set up sudo, they physically can't bring down the rest of the system. All I would have to do in order to fix it is log in text mode under root, delete the user account and all files / binaries associated with it (along with any viral spoo-jam), recreate the account, and restore the users backed-up stuff. Problem solved. And that assumes user binaries!

In windows, you're forever fiddling with it, never really knowing if you got all the virus gone or not. It can infect executables in the OS itself. You've got to look in msconfig, regedit, etc, for places that might start it. Most of the time you just end up reloading the OS, downloading updates again, reinstalling all programs, then restoring their data. Suck.

Any potential Linux virus, if one did exist and was able to quickly replicate itself, which it cannot as described in the article above, is much easier to clean up than any number of Windows viruses.

**washu** · 02-23-2010, 01:57 PM

Re: LOL virus fail.

acstech: Again, you have said nothing that Windows doesn't do already or very easily. Don't give out the admin password (root as you just said) and Win2K and up are all just as secure as Linux. Normal users cannot infect or modify any executables except their own, just the same as Linux. User screws up their profile? Delete and restore, just like you do on Linux. The rest of the system is fine.

If the user has the admin/root password then all bets are off. You can't protect against stupid without a locked down OS like an iPhone. Imagine the uproar if MS decided that only "approved" programs could run. That's what it would take to prevent most infections. If Linux ever gets the same volume of stupid users with access to root then the same problem would occur. It's starting to occur on OSX as it's user-base grows.

**370forlife** · 02-23-2010, 02:40 PM

Re: LOL virus fail.

I'm not very impartial to either windows or linux since I started to use Ubuntu on a few machines and I kind of like it. I just don't like Mac as much.

But I'm just going to throw this out here as satire, it's not impartial as it is an equal opportunity offender.

Attached Files

**acstech** · 02-23-2010, 03:07 PM

Re: LOL virus fail.

Originally posted by washu

acstech: Again, you have said nothing that Windows doesn't do already or very easily. Don't give out the admin password (root as you just said) and Win2K and up are all just as secure as Linux. Normal users cannot infect or modify any executables except their own, just the same as Linux. User screws up their profile? Delete and restore, just like you do on Linux. The rest of the system is fine.

If the user has the admin/root password then all bets are off. You can't protect against stupid without a locked down OS like an iPhone. Imagine the uproar if MS decided that only "approved" programs could run. That's what it would take to prevent most infections. If Linux ever gets the same volume of stupid users with access to root then the same problem would occur. It's starting to occur on OSX as it's user-base grows.

Yes, but in the real world, how many people run their Windows computers as admin, vs. how many Linux users run as root? In most Linux distributons, there are giant red flags going up everywhere if you try and log into X under root. It is something that you go into for a minute, at the command line, fix something, and get the **** out! Most Windows users will scream bloody murder if you don't set them up with an admin account, or at the very least with the admin password. Therein lies the problem.

As per your second paragraph, read this:

http://linuxmafia.com/~rick/faq/inde...e=virus#virus4

Edit: Good one 370. That about sums it up.

**acstech** · 02-23-2010, 03:23 PM

Re: LOL virus fail.

I would like to also link another article. It's kind of old, but still relevant.

http://www.theregister.co.uk/2003/10...ndows_viruses/

As they say, if a linux user got a file, they're asuming through email, but it could just as easily come from an internet script (like the one that tried to get me to download it) it would be downloaded without execute permissions! The script would be unable to run it and therefore fail. In order for a stupid or misguided user to run it, they would need to log in under root, run a chmod u+x (file), log off, then run it.

**washu** · 02-23-2010, 03:24 PM

Re: LOL virus fail.

Originally posted by acstech

Yes, but in the real world, how many people run their Windows computers as admin, vs. how many Linux users run as root? In most Linux distributons, there are giant red flags going up everywhere if you try and log into X under root. It is something that you go into for a minute, at the command line, fix something, and get the **** out! Most Windows users will scream bloody murder if you don't set them up with an admin account, or at the very least with the admin password. Therein lies the problem.

You can't compare the average home user to a managed install. A home user will almost always have the admin/root password for their machine. And if they have the password then they will screw things up. Windows tells you it is stupid not to have UAC on, but users do it.

As per your second paragraph, read this:

http://linuxmafia.com/~rick/faq/inde...e=virus#virus4

I did and it's wrong. Easily shown by MacOS. Back in the late 80s / early 90s when MacOS was at the height of its popularity it had a few viruses. Once it declined in the late 90s / early 2000s there were no more viruses written for it, even on the completely security less MacOS. Now that OSX is getting more popular again the viruses are coming back.

OS9 had no viruses specifically written for it at all and it makes Windows ME look like fort knox. But OS9 came out at the low point in Apple's popularity. OSX is way more secure than OS9, but now that it's popularity is rising the viruses are being written. The same thing will happen with Linux if it gets more popular.

That same paper also lists trojans or anything that doesn't exploit a specific OS security hole as not malware to make Linux look better. That would make about 80% of Windows malware not count by the same measure. Most crap today still gets in by user stupidity, not a hole in the OS.

**washu** · 02-23-2010, 03:26 PM

Re: LOL virus fail.

Originally posted by acstech

I would like to also link another article. It's kind of old, but still relevant.

http://www.theregister.co.uk/2003/10...ndows_viruses/

As they say, if a linux user got a file, they're asuming through email, but it could just as easily come from an internet script (like the one that tried to get me to download it) it would be downloaded without execute permissions! The script would be unable to run it and therefore fail. In order for a stupid or misguided user to run it, they would need to log in under root, run a chmod +x (file), log off, then run it.

If a script can execute a random file it just downloaded, what's stopping it from running "chmod +x virus" first? It doesn't need root to do that in the user's home dir. A virus does not need root to do damage. It can infect the user's home folder just fine with the permissions it has.

**NxB** · 02-23-2010, 03:34 PM

Re: LOL virus fail.

A linux virus could work. All you would need is a browser exploit that can execute the code and a local privilege elevation vulnerability. The Antivirus malware uses a browser/plugin vulnerability already.

People do root *nix boxes and have done so since the beginning.

**acstech** · 02-23-2010, 03:36 PM

Re: LOL virus fail.

Because then it gets run in the user's space and is still, therefore, unable to affect the system. In Windows it can drop DLL's, where they're not wanted, affecting everybody.

A quote for everyone to read:

"A virus/trojan/worm author who successfully targeted specifically Apache httpd Linux/x86 Web servers would both have an extremely target-rich environment and instantly earn lasting fame, and yet it doesn't happen."

Announcement

LOL virus fail.

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment