Would a firewall prevent Sasser worm?

Page 9 - Seeking answers? Join the Tom's Hardware community: where nearly two million members share solutions and discuss the latest tech.
Toggle sidebar Toggle sidebar
Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

Leythos wrote:
> In article <c7ghp5$n121@cliff.xsj.xilinx.com>, "Jörn W. Janneck"
> <jwjanneck at yahoo dot com> says...
>
>>Leythos wrote:
>>
>>>In article <2g0tt8F2urajU1@uni-berlin.de>, Luke_Tulkas_88@hotmail.com
>>>says...
>>
>>[snip]
>>
>>>Funny how the person suggesting Mandrake and Open Office didn't include
>>>any AV software for it.
>>
>>indeed. want to speculate why that might be?
>
>
> Because they believe in security through obscurity?
>

I think you've got that backwards. That's the Microsoft, not Linux, tag line.

--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : nmw@ion.le.ac.uk
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
 
Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

On Mon, 10 May 2004 14:26:05 +0100, Nigel Wade spoketh

>
>I think you've got that backwards. That's the Microsoft, not Linux, tag line.

And what, specifically, is "security through obscurity" with Windows?

Lars M. Hansen
www.hansenonline.net
Remove "bad" from my e-mail address to contact me.
"If you try to fail, and succeed, which have you done?"
 
Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

Lars M. Hansen wrote:
> On Mon, 10 May 2004 14:26:05 +0100, Nigel Wade spoketh
>
>>
>> I think you've got that backwards. That's the Microsoft, not Linux, tag
line.
>
> And what, specifically, is "security through obscurity" with Windows?

according to a senior manager of symantics security response center:
<quote source="http://news.com.com/2100-7349_3-5158496.html?tag=nefd_lede">
"It's definitely not a good thing if 'black hats' have the source code,"
said Oliver Friedrichs, senior manager with antivirus company Symantec's
security response center. "The underground can look at the code without
legitimate security researchers being able to find vulnerabilities first."
</quote>

microsoft says this:
<quote source="ditto">
"If a **small section** [emphasis added] of Windows source code were to be
available, it would be a matter of intellectual property rights rather than
security,"
</quote>
that qualification seems to suggest that this is not so for larger parts of,
or even the complete, source code.

jim allchin, senior vp for windows:
<quote source="http://news.com.com/2100-1001-900905.html?tag=nl">
"The more creators of viruses know about how antivirus mechanisms in Windows
operating systems work, the easier it will be to create viruses or disable
or destroy those mechanisms,"
</quote>

needless to say, none of this applies to linux, whose source code is
publically available. nothing needs to be reverse engineered, so not only is
its code "theoretically [...] open source" "to a good reverse engineer", it
is open source full stop, to everyone.

-- j
 
Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

Leythos wrote:
> In article <c7nvg4$95r$2@south.jnrs.ja.net>, nmw@ion.le.ac.uk says...
>
>>Leythos wrote:
>>
>>
>>>I didn't count any of the NAV updates or cost since both platforms have
>>>FREE AV products and BOTH require updates. I was only trying to show the
>>>differences.
>>>
>>
>>Linux doesn't require any AV software, and therefore no updates either.
>
>
> That's complete BS - just because you don't think you have a need for it
> doesn't mean that you don't.

Really? Why? What's it going to protect me against?

> That's like the security through obscurity
> practice.

How so?

> It will be funny when your machine goes down once they start
> targeting the Linux systems as much as they do the Windows systems.

When there is a virus which can actually do damage to me I'll worry about
it. Until then I'll ignore the paranoia.


--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : nmw@ion.le.ac.uk
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
 
Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

In comp.security.misc Leythos <void@nowhere.com> wrote:
> In article <c7nvg4$95r$2@south.jnrs.ja.net>, nmw@ion.le.ac.uk says...
>> Leythos wrote:
>>
>> >
>> > I didn't count any of the NAV updates or cost since both platforms have
>> > FREE AV products and BOTH require updates. I was only trying to show the
>> > differences.
>> >
>>
>> Linux doesn't require any AV software, and therefore no updates either.

> That's complete BS - just because you don't think you have a need for it
> doesn't mean that you don't. That's like the security through obscurity
> practice. It will be funny when your machine goes down once they start
> targeting the Linux systems as much as they do the Windows systems.

Talking about BS seems to be the last resourt when no arguments exists.

Ok, you claim that Linux needs Virusscanner. Then you must know at least
one virus that is a threat ti a linux system ? Which one ?




> --
> --
> spamfree999@rrohio.com
> (Remove 999 to reply to me)

--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
 
Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

In comp.lang.java.advocacy, Bernd Felsche
<bernie@innovative.iinet.net.au>
wrote
on Sat, 08 May 2004 13:16:49 +0800
<137um1xo02.ln2@innovative.iinet.net.au>:
> Leythos <void@nowhere.com> writes:
>
>>In article <vkfsm1xloq.ln2@innovative.iinet.net.au>,
>>bernie@innovative.iinet.net.au says...
>>> Very, very wrong. Every new release of Windows/Office has an
>>> equivalent learning curve.
>
>>But, every release has almost the same basic features - XP can
>>easily be made to look like 2000 or W98's menu structure. Office,
>>all the version, have the same basic menu structure - it's only the
>>new features that require any study.
>
> Linux can be made to look like Windows as well.
>
> It demonstrates good taste (or maybe successful aversion therapy)
> that most Linux users choose not to have that setup.

I don't know if I'm that averse to the look (although my
cluttered Windows desktop is hardly good advertising!)
but it's the feel I hate. I like focus-follows-mouse.
I hate click-to-focus.

There's also tabbed browsing and useful command editing in bash
(Windows doesn't have command completion by default although it
does have history -- I think command completion can be turned
on with a registry tweak but Cygwin, which has an implementation
of bash on Windows, is so slow to scan the commands that I for
one usually don't bother with command completion. File completion
works reasonly well.)

ObJava: Java could use a command line although a Swing text
widget works reasonably well for most applications. 'Jash'
would be a mildly interesting if somewhat limited shell.
Perhaps with Jython?

>
> So; what about XP's ability to preserve viruses after NAV has
> "cleaned them up"? Most lusers don't even know that their computer
> does anything like that.

First I've heard of this...but somehow XP seems to be yet
another release of Microsoft Windows, despite using better
technology (NT) underneath. Not that NT is all *that*
great but it beats DOS. (Then again, a wooden stick with
pitch on it could beat DOS. 🙂 It barely qualifies as
a program loader, interrupt manager, and clock manager,
let alone an OS. At least NT/2k/XP can load display drivers.)

--
#191, ewill3@earthlink.net
It's still legal to go .sigless.
 
Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

In comp.lang.java.advocacy, Bernd Felsche
<bernie@innovative.iinet.net.au>
wrote
on Sat, 08 May 2004 12:05:14 +0800
<qs2um1xo02.ln2@innovative.iinet.net.au>:
> Leythos <void@nowhere.com> writes:
>
>>In article <2g1nlqF3ghpvU1@uni-berlin.de>, Luke_Tulkas_88@hotmail.com
>>says...
>>> Removing viruses on Linux is as simple as removing an account of the
>>> person who infected it. Assuming it's not woot. ;-)
>
>>Ah, but, there's the problem, most home users that don't understand
>>computers and security are going to run as root.
>
> Try a GUI login under SuSE and you very rapidly get the idea that
> you *really* shouldn't be doing it!
>
> You're discouraged from doing so because by default, the root
> account isn't shown in the list of accounts.
>
> Installation forces you to create a normal account for login.

I don't know about SuSE but I know Debian requires the creation
of a non-root account. (Gentoo is a little weird but then it's
not intended for total newbies. I'd have to look to see what
Gentoo says about creating user accounts, if anything.)

--
#191, ewill3@earthlink.net
It's still legal to go .sigless.
 
Archived from groups: comp.security.firewalls (More info?)

>>> Linux doesn't require any AV software, and therefore no updates
>>> either.
>
>> That's complete BS - just because you don't think you have a need for
>> it doesn't mean that you don't. That's like the security through
>> obscurity practice. It will be funny when your machine goes down once
>> they start targeting the Linux systems as much as they do the Windows
>> systems.
>
> Talking about BS seems to be the last resourt when no arguments exists.
>
> Ok, you claim that Linux needs Virusscanner. Then you must know at least
> one virus that is a threat ti a linux system ? Which one ?
>
>
Pardon me for stepping in, but I have seen this discussed before elsewhere
but no one ever answered (that I have found anyway) this question:
Wouldn't a virusscanner for Linux have to run as root in order to fully
scan the disk? Assuming that we are dealing with a Linux specific virus,
if the scanner itself were to be compromised, the virus would have the
same rights as root. Or is there a safe way to allow an AV scan check the
disk(s) without having root status?
 
Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

In article <c7ochg$26qg$1@nyheter.ipsec.se>, phn@icke-reklam.ipsec.nu
says...
> In comp.security.misc Leythos <void@nowhere.com> wrote:
> > In article <c7nvg4$95r$2@south.jnrs.ja.net>, nmw@ion.le.ac.uk says...
> >> Leythos wrote:
> >>
> >> >
> >> > I didn't count any of the NAV updates or cost since both platforms have
> >> > FREE AV products and BOTH require updates. I was only trying to show the
> >> > differences.
> >> >
> >>
> >> Linux doesn't require any AV software, and therefore no updates either.
>
> > That's complete BS - just because you don't think you have a need for it
> > doesn't mean that you don't. That's like the security through obscurity
> > practice. It will be funny when your machine goes down once they start
> > targeting the Linux systems as much as they do the Windows systems.
>
> Talking about BS seems to be the last resourt when no arguments exists.
>
> Ok, you claim that Linux needs Virusscanner. Then you must know at least
> one virus that is a threat ti a linux system ? Which one ?

Don't take my word for it - there are 404 current virus's on record for
Linux / Unix systems listed by F-PROT:

http://www.f-prot.com/currentversions.html



--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
 
Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

In comp.security.misc Leythos <void@nowhere.com> wrote:
> In article <c7ochg$26qg$1@nyheter.ipsec.se>, phn@icke-reklam.ipsec.nu
> says...
>> In comp.security.misc Leythos <void@nowhere.com> wrote:
>> > In article <c7nvg4$95r$2@south.jnrs.ja.net>, nmw@ion.le.ac.uk says...
>> >> Leythos wrote:
>> >>
>> >> >
>> >> > I didn't count any of the NAV updates or cost since both platforms have
>> >> > FREE AV products and BOTH require updates. I was only trying to show the
>> >> > differences.
>> >> >
>> >>
>> >> Linux doesn't require any AV software, and therefore no updates either.
>>
>> > That's complete BS - just because you don't think you have a need for it
>> > doesn't mean that you don't. That's like the security through obscurity
>> > practice. It will be funny when your machine goes down once they start
>> > targeting the Linux systems as much as they do the Windows systems.
>>
>> Talking about BS seems to be the last resourt when no arguments exists.
>>
>> Ok, you claim that Linux needs Virusscanner. Then you must know at least
>> one virus that is a threat ti a linux system ? Which one ?

> Don't take my word for it - there are 404 current virus's on record for
> Linux / Unix systems listed by F-PROT:

> http://www.f-prot.com/currentversions.html

Looking further shows up :
http://www.f-prot.com/virusinfo/unix.htm

with a list of 2 (two) worms attacking certain versions of Apache.

( Unix/Scalper UNIX/Slapper )

Still no Linux-virus in sight. It seems more and more likley that :
- there is no such thing as a 'Linux virus' and
- someone is sending FUD ( and fails )




> --
> --
> spamfree999@rrohio.com
> (Remove 999 to reply to me)

--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
 
Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

In article <MPG.1b09512b8cc610ca98a525@news-server.columbus.rr.com>,
Leythos <void@nowhere.com> wrote:
:In article <c7nvg4$95r$2@south.jnrs.ja.net>, nmw@ion.le.ac.uk says...
:> Linux doesn't require any AV software, and therefore no updates either.

:That's complete BS - just because you don't think you have a need for it
:doesn't mean that you don't. That's like the security through obscurity
😛ractice. It will be funny when your machine goes down once they start
:targeting the Linux systems as much as they do the Windows systems.

I am -trying- to satisfy a hospital's security policy that all hosts
that connect remotely to them be running virus scanners (and the
virus definitions and virus engine updates have to be checked for daily
under the policy.) I am, though, having, rather some difficulty
in finding a filesystem virus scanner for IRIX. I found reference to
exactly one such product, but they dropped IRIX support about 3 years ago.
I've found virus-scanning mail filters, but it isn't clear that
one of those would be enough to satisfy the hospital security policy.

I have been surfing for a number of hours over several days, and I have
yet to find a virus that affected IRIX. Remote exploits, yes: there is
a known remote exploit of an old telnetd hole, but that was launched
manually at a targetted machine and did not spread from system to system
automatically. Similarily for the tooltalk exploit that someone formed
into a "root kit" awhile back. So I'm not saying by any means that IRIX
security is perfect (it isn't), just that as best I can tell there has
never *been* an IRIX virus. (And if you dig up the old posting by
Greg Douglas about the Alyssia Macro Virus: look carefully at date on it.)

Now, as the hospital would certainly not be amused if our IRIX systems were
to be 0wn3d "once they start targetting IRIX systems as much as they do
Windows systems", then perhaps, Leythos, you could help me by pointing out
a (non-trivial) filesystem virus scanner that is available for IRIX?
--
Inevitably, someone will flame me about this .signature.
 
Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

In comp.security.misc Walter Roberson <roberson@ibd.nrc-cnrc.gc.ca> wrote:
> In article <MPG.1b09512b8cc610ca98a525@news-server.columbus.rr.com>,
> Leythos <void@nowhere.com> wrote:
> :In article <c7nvg4$95r$2@south.jnrs.ja.net>, nmw@ion.le.ac.uk says...
> :> Linux doesn't require any AV software, and therefore no updates either.

> :That's complete BS - just because you don't think you have a need for it
> :doesn't mean that you don't. That's like the security through obscurity
> 😛ractice. It will be funny when your machine goes down once they start
> :targeting the Linux systems as much as they do the Windows systems.

> I am -trying- to satisfy a hospital's security policy that all hosts
> that connect remotely to them be running virus scanners (and the
> virus definitions and virus engine updates have to be checked for daily
> under the policy.) I am, though, having, rather some difficulty
> in finding a filesystem virus scanner for IRIX. I found reference to
> exactly one such product, but they dropped IRIX support about 3 years ago.
> I've found virus-scanning mail filters, but it isn't clear that
> one of those would be enough to satisfy the hospital security policy.

> I have been surfing for a number of hours over several days, and I have
> yet to find a virus that affected IRIX. Remote exploits, yes: there is
> a known remote exploit of an old telnetd hole, but that was launched
> manually at a targetted machine and did not spread from system to system
> automatically. Similarily for the tooltalk exploit that someone formed
> into a "root kit" awhile back. So I'm not saying by any means that IRIX
> security is perfect (it isn't), just that as best I can tell there has
> never *been* an IRIX virus. (And if you dig up the old posting by
> Greg Douglas about the Alyssia Macro Virus: look carefully at date on it.)

> Now, as the hospital would certainly not be amused if our IRIX systems were
> to be 0wn3d "once they start targetting IRIX systems as much as they do
> Windows systems", then perhaps, Leythos, you could help me by pointing out
> a (non-trivial) filesystem virus scanner that is available for IRIX?

Don't you read the thread ?? You don't need AV software for un*x since
there is no such virii.

The issues you bring up is "exploitable holes" which of course needs
to be addressed, but that is via "normal system upgrades". Your SGI
representative will be happy to advice you, reading CERT will also
keep you updated with many of the problems.
> --
> Inevitably, someone will flame me about this .signature.

--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
 
Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

phn@icke-reklam.ipsec.nu wrote:
> In comp.security.misc Walter Roberson <roberson@ibd.nrc-cnrc.gc.ca> wrote:
>
>>In article <MPG.1b09512b8cc610ca98a525@news-server.columbus.rr.com>,
>>Leythos <void@nowhere.com> wrote:
>>:In article <c7nvg4$95r$2@south.jnrs.ja.net>, nmw@ion.le.ac.uk says...
>>:> Linux doesn't require any AV software, and therefore no updates either.
>
>
>>:That's complete BS - just because you don't think you have a need for it
>>:doesn't mean that you don't. That's like the security through obscurity
>>😛ractice. It will be funny when your machine goes down once they start
>>:targeting the Linux systems as much as they do the Windows systems.
>
>
>>I am -trying- to satisfy a hospital's security policy that all hosts
>>that connect remotely to them be running virus scanners (and the
>>virus definitions and virus engine updates have to be checked for daily
>>under the policy.) I am, though, having, rather some difficulty
>>in finding a filesystem virus scanner for IRIX. I found reference to
>>exactly one such product, but they dropped IRIX support about 3 years ago.
>>I've found virus-scanning mail filters, but it isn't clear that
>>one of those would be enough to satisfy the hospital security policy.
>
>
>>I have been surfing for a number of hours over several days, and I have
>>yet to find a virus that affected IRIX. Remote exploits, yes: there is
>>a known remote exploit of an old telnetd hole, but that was launched
>>manually at a targetted machine and did not spread from system to system
>>automatically. Similarily for the tooltalk exploit that someone formed
>>into a "root kit" awhile back. So I'm not saying by any means that IRIX
>>security is perfect (it isn't), just that as best I can tell there has
>>never *been* an IRIX virus. (And if you dig up the old posting by
>>Greg Douglas about the Alyssia Macro Virus: look carefully at date on it.)
>
>
>>Now, as the hospital would certainly not be amused if our IRIX systems were
>>to be 0wn3d "once they start targetting IRIX systems as much as they do
>>Windows systems", then perhaps, Leythos, you could help me by pointing out
>>a (non-trivial) filesystem virus scanner that is available for IRIX?
>
>
> Don't you read the thread ?? You don't need AV software for un*x since
> there is no such virii.

I think his point is that he needs AV software because the hospital
policy requires it, not because he expects to have viruses found on the
box in question.


> The issues you bring up is "exploitable holes" which of course needs
> to be addressed, but that is via "normal system upgrades". Your SGI
> representative will be happy to advice you, reading CERT will also
> keep you updated with many of the problems.
>
>>--
>>Inevitably, someone will flame me about this .signature.
>
>
 
Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

Lars M. Hansen wrote:
> On Mon, 10 May 2004 14:26:05 +0100, Nigel Wade spoketh
>
>
>>I think you've got that backwards. That's the Microsoft, not Linux, tag line.
>
>
> And what, specifically, is "security through obscurity" with Windows?
>

The Microsoft policy with regard to security.

Hide the source code and hope no-one spots vulnerabilities in the binaries.

--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : nmw@ion.le.ac.uk
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
 
Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

Walter Roberson wrote:

> I am -trying- to satisfy a hospital's security policy that all hosts
> that connect remotely to them be running virus scanners (and the
> virus definitions and virus engine updates have to be checked for daily
> under the policy.) I am, though, having, rather some difficulty
> in finding a filesystem virus scanner for IRIX. I found reference to
> exactly one such product, but they dropped IRIX support about 3 years ago.
> I've found virus-scanning mail filters, but it isn't clear that
> one of those would be enough to satisfy the hospital security policy.
>
> I have been surfing for a number of hours over several days, and I have
> yet to find a virus that affected IRIX. Remote exploits, yes: there is
> a known remote exploit of an old telnetd hole, but that was launched
> manually at a targetted machine and did not spread from system to system
> automatically. Similarily for the tooltalk exploit that someone formed
> into a "root kit" awhile back. So I'm not saying by any means that IRIX
> security is perfect (it isn't), just that as best I can tell there has
> never *been* an IRIX virus. (And if you dig up the old posting by
> Greg Douglas about the Alyssia Macro Virus: look carefully at date on it.)
>
> Now, as the hospital would certainly not be amused if our IRIX systems
> were to be 0wn3d "once they start targetting IRIX systems as much as they
> do Windows systems", then perhaps, Leythos, you could help me by pointing
> out a (non-trivial) filesystem virus scanner that is available for IRIX?

Does it say in your specs what virus scanner you have to run, or can it be
anything? If yes just download and install http://clamav.sourceforge.net
and Bob's your uncle.

Of course, it does not scan for IRIX-specific viruses, for the simple reason
that no such are known (you would be in the same position with a VAX or
DG/UX), but it would satisfy the requirement. If they ask: by definition
you cannot scan for unknown viruses, you must have a known signature. BTW,
that is my main objection to all virus scanners - they are an essentially
reactive measure.
--
Mailman
 
Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

phn@icke-reklam.ipsec.nu writes:

>In comp.security.misc Leythos <void@nowhere.com> wrote:
>> In article <c7ochg$26qg$1@nyheter.ipsec.se>, phn@icke-reklam.ipsec.nu
>> says...
>>> In comp.security.misc Leythos <void@nowhere.com> wrote:

>>> > That's complete BS - just because you don't think you have a
>>> > need for it doesn't mean that you don't. That's like the
>>> > security through obscurity practice. It will be funny when
>>> > your machine goes down once they start targeting the Linux
>>> > systems as much as they do the Windows systems.

>>> Talking about BS seems to be the last resourt when no arguments exists.
>>>
>>> Ok, you claim that Linux needs Virusscanner. Then you must know at least
>>> one virus that is a threat ti a linux system ? Which one ?

>> Don't take my word for it - there are 404 current virus's on record for
>> Linux / Unix systems listed by F-PROT:

>> http://www.f-prot.com/currentversions.html

>Looking further shows up :
>http://www.f-prot.com/virusinfo/unix.htm

>with a list of 2 (two) worms attacking certain versions of Apache.

>( Unix/Scalper UNIX/Slapper )

>Still no Linux-virus in sight. It seems more and more likley that :
>- there is no such thing as a 'Linux virus' and
>- someone is sending FUD ( and fails )

See http://librenix.com/?inode=21
--
/"\ Bernd Felsche - Innovative Reckoning, Perth, Western Australia
\ / ASCII ribbon campaign | I'm a .signature virus!
X against HTML mail | Copy me into your ~/.signature
/ \ and postings | to help me spread!
 
Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

In comp.security.misc Bernd Felsche <bernie@innovative.iinet.net.au> wrote:
> phn@icke-reklam.ipsec.nu writes:

>>In comp.security.misc Leythos <void@nowhere.com> wrote:
>>> In article <c7ochg$26qg$1@nyheter.ipsec.se>, phn@icke-reklam.ipsec.nu
>>> says...
>>>> In comp.security.misc Leythos <void@nowhere.com> wrote:

>>>> > That's complete BS - just because you don't think you have a
>>>> > need for it doesn't mean that you don't. That's like the
>>>> > security through obscurity practice. It will be funny when
>>>> > your machine goes down once they start targeting the Linux
>>>> > systems as much as they do the Windows systems.

>>>> Talking about BS seems to be the last resourt when no arguments exists.
>>>>
>>>> Ok, you claim that Linux needs Virusscanner. Then you must know at least
>>>> one virus that is a threat ti a linux system ? Which one ?

>>> Don't take my word for it - there are 404 current virus's on record for
>>> Linux / Unix systems listed by F-PROT:

>>> http://www.f-prot.com/currentversions.html

>>Looking further shows up :
>>http://www.f-prot.com/virusinfo/unix.htm

>>with a list of 2 (two) worms attacking certain versions of Apache.

>>( Unix/Scalper UNIX/Slapper )

>>Still no Linux-virus in sight. It seems more and more likley that :
>>- there is no such thing as a 'Linux virus' and
>>- someone is sending FUD ( and fails )

> See http://librenix.com/?inode=21


Nice article ! The reference to "bliss" as 2 "virus, the only known
linux-virus" is at closer inspection not a virus that can spread
between machines, instead it's something that needs a human
to spread by movong executables between machines. That makes it
very much inferior to most Wintendo-eating virii. ( AT least
this is one aspect where windows is superior to Linux, i'll have
to admit that).

Let's hope that FUD about Linux ( and unix) regarding virus and
worms has been shown to be - Fear Uncertenty and Doubt !



--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
 
Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

On Tue, 11 May 2004, Walter Roberson <roberson@ibd.nrc-cnrc.gc.ca> wrote:
> In article <MPG.1b09512b8cc610ca98a525@news-server.columbus.rr.com>,
> Leythos <void@nowhere.com> wrote:
>:In article <c7nvg4$95r$2@south.jnrs.ja.net>, nmw@ion.le.ac.uk says...
>:> Linux doesn't require any AV software, and therefore no updates either.
>
>:That's complete BS - just because you don't think you have a need for it
>:doesn't mean that you don't. That's like the security through obscurity
>😛ractice. It will be funny when your machine goes down once they start
>:targeting the Linux systems as much as they do the Windows systems.
>
> I am -trying- to satisfy a hospital's security policy that all hosts
> that connect remotely to them be running virus scanners (and the
> virus definitions and virus engine updates have to be checked for daily
> under the policy.) I am, though, having, rather some difficulty
> in finding a filesystem virus scanner for IRIX. I found reference to
> exactly one such product, but they dropped IRIX support about 3 years ago.
> I've found virus-scanning mail filters, but it isn't clear that
> one of those would be enough to satisfy the hospital security policy.
>
> I have been surfing for a number of hours over several days, and I have
> yet to find a virus that affected IRIX. Remote exploits, yes: there is
> a known remote exploit of an old telnetd hole, but that was launched
> manually at a targetted machine and did not spread from system to system
> automatically. Similarily for the tooltalk exploit that someone formed
> into a "root kit" awhile back. So I'm not saying by any means that IRIX
> security is perfect (it isn't), just that as best I can tell there has
> never *been* an IRIX virus. (And if you dig up the old posting by
> Greg Douglas about the Alyssia Macro Virus: look carefully at date on it.)

Look for intrusion detection software, and tell them it's a superset
of virus detection. Heh.
 
Archived from groups: comp.security.firewalls (More info?)

Renegade <not@t.all> writes:

>>>> Linux doesn't require any AV software, and therefore no updates
>>>> either.

>>> That's complete BS - just because you don't think you have a need for
>>> it doesn't mean that you don't. That's like the security through
>>> obscurity practice. It will be funny when your machine goes down once
>>> they start targeting the Linux systems as much as they do the Windows
>>> systems.

>> Talking about BS seems to be the last resourt when no arguments exists.

>> Ok, you claim that Linux needs Virusscanner. Then you must know at least
>> one virus that is a threat ti a linux system ? Which one ?

>Pardon me for stepping in, but I have seen this discussed before elsewhere
>but no one ever answered (that I have found anyway) this question:

>Wouldn't a virusscanner for Linux have to run as root in order to
>fully scan the disk? Assuming that we are dealing with a Linux

It could. But it doesn't have to be root to open most files.

>specific virus, if the scanner itself were to be compromised, the

That'd be difficult unless the virus scanner had a serious bug.

>virus would have the same rights as root. Or is there a safe way to
>allow an AV scan check the disk(s) without having root status?

To _read_ data is different to executing a program.
To scan for infection, one need only _read_ the data contained in a
file.
--
/"\ Bernd Felsche - Innovative Reckoning, Perth, Western Australia
\ / ASCII ribbon campaign | I'm a .signature virus!
X against HTML mail | Copy me into your ~/.signature
/ \ and postings | to help me spread!
 
Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

In comp.security.misc J. F. Cornwall <JCornwall@cox.net> wrote:
> phn@icke-reklam.ipsec.nu wrote:
>> In comp.security.misc Walter Roberson <roberson@ibd.nrc-cnrc.gc.ca> wrote:
>>
>>>In article <MPG.1b09512b8cc610ca98a525@news-server.columbus.rr.com>,
>>>Leythos <void@nowhere.com> wrote:
>>>:In article <c7nvg4$95r$2@south.jnrs.ja.net>, nmw@ion.le.ac.uk says...
>>>:> Linux doesn't require any AV software, and therefore no updates either.
>>
>>
>>>:That's complete BS - just because you don't think you have a need for it
>>>:doesn't mean that you don't. That's like the security through obscurity
>>>😛ractice. It will be funny when your machine goes down once they start
>>>:targeting the Linux systems as much as they do the Windows systems.
>>
>>
>>>I am -trying- to satisfy a hospital's security policy that all hosts
>>>that connect remotely to them be running virus scanners (and the
>>>virus definitions and virus engine updates have to be checked for daily
>>>under the policy.) I am, though, having, rather some difficulty
>>>in finding a filesystem virus scanner for IRIX. I found reference to
>>>exactly one such product, but they dropped IRIX support about 3 years ago.
>>>I've found virus-scanning mail filters, but it isn't clear that
>>>one of those would be enough to satisfy the hospital security policy.
>>
>>
>>>I have been surfing for a number of hours over several days, and I have
>>>yet to find a virus that affected IRIX. Remote exploits, yes: there is
>>>a known remote exploit of an old telnetd hole, but that was launched
>>>manually at a targetted machine and did not spread from system to system
>>>automatically. Similarily for the tooltalk exploit that someone formed
>>>into a "root kit" awhile back. So I'm not saying by any means that IRIX
>>>security is perfect (it isn't), just that as best I can tell there has
>>>never *been* an IRIX virus. (And if you dig up the old posting by
>>>Greg Douglas about the Alyssia Macro Virus: look carefully at date on it.)
>>
>>
>>>Now, as the hospital would certainly not be amused if our IRIX systems were
>>>to be 0wn3d "once they start targetting IRIX systems as much as they do
>>>Windows systems", then perhaps, Leythos, you could help me by pointing out
>>>a (non-trivial) filesystem virus scanner that is available for IRIX?
>>
>>
>> Don't you read the thread ?? You don't need AV software for un*x since
>> there is no such virii.

> I think his point is that he needs AV software because the hospital
> policy requires it, not because he expects to have viruses found on the
> box in question.

Quite possible, but that is as stupid as to demand lead-free gasoline
in all company cars - even if they are diesel powered.

Braindead policys is one of the big risks !!



--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
 
Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

In article <c7qs94$rgl$1@canopus.cc.umanitoba.ca>, roberson@ibd.nrc-
cnrc.gc.ca says...
> Now, as the hospital would certainly not be amused if our IRIX systems were
> to be 0wn3d "once they start targetting IRIX systems as much as they do
> Windows systems", then perhaps, Leythos, you could help me by pointing out
> a (non-trivial) filesystem virus scanner that is available for IRIX?

I designed networks for medical centers and other health-care provider
networks, but I don't have a clue as to what IRIX is?

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
 
Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

Leythos (void@nowhere.com) wrote:
:
: I designed networks for medical centers and other health-care provider
: networks, but I don't have a clue as to what IRIX is?
:

IRIX is the sect of the unix religion for SGI (nee Silicon Graphics)
systems.

--Jerry Leslie
Note: leslie@jrlvax.houston.rr.com is invalid for email
 
Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

phn@icke-reklam.ipsec.nu wrote:
>
> In comp.security.misc J. F. Cornwall <JCornwall@cox.net> wrote:
> > phn@icke-reklam.ipsec.nu wrote:
> >> In comp.security.misc Walter Roberson <roberson@ibd.nrc-cnrc.gc.ca> wrote:
> >>
> >>>In article <MPG.1b09512b8cc610ca98a525@news-server.columbus.rr.com>,
> >>>Leythos <void@nowhere.com> wrote:
> >>>:In article <c7nvg4$95r$2@south.jnrs.ja.net>, nmw@ion.le.ac.uk says...
> >>>:> Linux doesn't require any AV software, and therefore no updates either.
> >>
> >>
> >>>:That's complete BS - just because you don't think you have a need for it
> >>>:doesn't mean that you don't. That's like the security through obscurity
> >>>😛ractice. It will be funny when your machine goes down once they start
> >>>:targeting the Linux systems as much as they do the Windows systems.
> >>
> >>
> >>>I am -trying- to satisfy a hospital's security policy that all hosts
> >>>that connect remotely to them be running virus scanners (and the
> >>>virus definitions and virus engine updates have to be checked for daily
> >>>under the policy.) I am, though, having, rather some difficulty
> >>>in finding a filesystem virus scanner for IRIX. I found reference to
> >>>exactly one such product, but they dropped IRIX support about 3 years ago.
> >>>I've found virus-scanning mail filters, but it isn't clear that
> >>>one of those would be enough to satisfy the hospital security policy.
> >>
> >>
> >>>I have been surfing for a number of hours over several days, and I have
> >>>yet to find a virus that affected IRIX. Remote exploits, yes: there is
> >>>a known remote exploit of an old telnetd hole, but that was launched
> >>>manually at a targetted machine and did not spread from system to system
> >>>automatically. Similarily for the tooltalk exploit that someone formed
> >>>into a "root kit" awhile back. So I'm not saying by any means that IRIX
> >>>security is perfect (it isn't), just that as best I can tell there has
> >>>never *been* an IRIX virus. (And if you dig up the old posting by
> >>>Greg Douglas about the Alyssia Macro Virus: look carefully at date on it.)
> >>
> >>
> >>>Now, as the hospital would certainly not be amused if our IRIX systems were
> >>>to be 0wn3d "once they start targetting IRIX systems as much as they do
> >>>Windows systems", then perhaps, Leythos, you could help me by pointing out
> >>>a (non-trivial) filesystem virus scanner that is available for IRIX?
> >>
> >>
> >> Don't you read the thread ?? You don't need AV software for un*x since
> >> there is no such virii.
>
> > I think his point is that he needs AV software because the hospital
> > policy requires it, not because he expects to have viruses found on the
> > box in question.
>
> Quite possible, but that is as stupid as to demand lead-free gasoline
> in all company cars - even if they are diesel powered.
>
> Braindead policys is one of the big risks !!

This is about HIPAA, which is federal rules, therefore the probability
of braindeadness is high!

Jim

> --
> Peter Håkanson
> IPSec Sverige ( At Gothenburg Riverside )
> Sorry about my e-mail address, but i'm trying to keep spam out,
> remove "icke-reklam" if you feel for mailing me. Thanx.
 
Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

In article <c7qs94$rgl$1@canopus.cc.umanitoba.ca>, roberson@ibd.nrc-
cnrc.gc.ca says...
> In article <MPG.1b09512b8cc610ca98a525@news-server.columbus.rr.com>,
> Leythos <void@nowhere.com> wrote:
> :In article <c7nvg4$95r$2@south.jnrs.ja.net>, nmw@ion.le.ac.uk says...
> :> Linux doesn't require any AV software, and therefore no updates either.
>
> :That's complete BS - just because you don't think you have a need for it
> :doesn't mean that you don't. That's like the security through obscurity
> 😛ractice. It will be funny when your machine goes down once they start
> :targeting the Linux systems as much as they do the Windows systems.
>
> I am -trying- to satisfy a hospital's security policy that all hosts
> that connect remotely to them be running virus scanners (and the
> virus definitions and virus engine updates have to be checked for daily
> under the policy.) I am, though, having, rather some difficulty
> in finding a filesystem virus scanner for IRIX. I found reference to
> exactly one such product, but they dropped IRIX support about 3 years ago.
> I've found virus-scanning mail filters, but it isn't clear that
> one of those would be enough to satisfy the hospital security policy.

I just checked several things on Symantec's site and found that IRIX is
supported
http://service1.symantec.com/SUPPORT/intrusiondetectkb.nsf/0240ac0167ab3
4ef85256ab6005ee7e2/494bc9d6765f471388256d1f007aa442?
OpenDocument&src=bar_sch_nam

Supported operating systems for Symantec Enterprise Security Manager 5.1

I also found a list of Linux Worms and Viruses that Symantec can protect
against for Linux systems. It's interesting to read about the Worms and
exploits that are found on the Linux platforms.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
 
Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

James F. Cornwall (jcornwall@cox.net) wrote:
: phn@icke-reklam.ipsec.nu wrote:
: >
: > In comp.security.misc J. F. Cornwall <JCornwall@cox.net> wrote:
: > > phn@icke-reklam.ipsec.nu wrote:
: > >> In comp.security.misc Walter Roberson <roberson@ibd.nrc-cnrc.gc.ca> wrote:
: > >>
: > >> Don't you read the thread ?? You don't need AV software for un*x since
: > >> there is no such virii.

1) not currently but there is nothing to preclude them in the future. Remember the Morris worm
was a 'virus' in the same sense many of the explouts being currently used against Microsoft are.
Many of the potential explouts we have seen against Linux and Unix [and products such as sendmail]
could have been used in the same manner. I agree that currently there is not the file
infection vector that is the majority of Microsoft infections. I consider AV software to be a subset
of host based IPS. It is actually a good thing to have a host based IPS for any system.

2) In our environment, Unix AV [in the sense of RTP for files added to unix based samba filesystems
is important since unix and limux systems provide NAS filesystems for Microsoft clients. If someone
from a Microsoft client sotres an infected file to a unix server, it would be useful to have AV running
to prevent it from being spread through the unix host.


: >
: > > I think his point is that he needs AV software because the hospital
: > > policy requires it, not because he expects to have viruses found on the
: > > box in question.
: >
: > Quite possible, but that is as stupid as to demand lead-free gasoline
: > in all company cars - even if they are diesel powered.
: >
: > Braindead policys is one of the big risks !!

: This is about HIPAA, which is federal rules, therefore the probability
: of braindeadness is high!

There is no HIPPA security rule or privacy rules that mandates AV software. The privacy rule stipulates
that 'best practices' must be used to maintain the confidentiality and integraty

I just checked the final rule. There is no longer specific reference to anti-virus but a mandate to
include 'protection from malicious software' in the configuration section.

We have interpreted the requirement to have our plocu require managed AV software to be installed on all
systems for which a product is available. Unfortunately, you are correct that many people who write these
policies do not understand that and you end up with a requirement that cannot be met. [AV does not
currently exist for some platforms]. Generally you should simply document the fact and ask for an exception
from the body charged with enforcement [and usually sending it to the compliance officer will help as well].

As compared to many gov't regs, HIPAA privacy and security are actually prettyl well done. The original rule
had some really stupid things but the comment period has placed a large amount of common sense into the mix.
However, this has not been exposed to the trial lawyers test yet and there is no telling what type of new
requirments will be imposed due to case law being applied.

Richard H. Miller, MCSE, CCSE+
Information Security Manager
Information Technology Security and Compliance
Information Technology - Baylor College of Medicine
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom