“The Luppi worm is blazing a trail with great potential for attackers. We might learn a lot about how secure Linux systems are in the next few months. While the authors [of the worm] are clearly still feeling their way around, there’s no reason to believe that this will be a real biggie. But if someone writes a well-designed ‘grab bag’ worm to exploit the various bugs in PHP and other products common on Linux servers, we could have a problem on our hands.”
….that the default targeted SELinux policy in Fedora Core 3 and above automagically prevents this. Wooo hoo! Go Red Hat!
That’s very cool since the FC3 SELinux setup only has 5,000 rules and is only meant to test and see if everything breaks!
I agree SELinux is the way to go. In FC3, FC4, and RHES4 the SELinux policy targets mainly server side stuff. From what I understand FC5 will contain rules to protect client side stuff as well.
Wasn’t there a Microsoft bug resently that attacked web browsers by sending a malign image file. Things like that will hopefully be stopped in Linux if we can get good enough security policys.
SELinux does not prevent flaws in software from being exploited. It merely acts to constrain the damage that can be done to other parts of the system.
Not to say that that fact in itself is a bad thing, but flawed software will still be exploitable under SELinux and can still do damage.
Incorrect, FC’s SELinux bundle includes ExecShield which maps libc into the ascci armor sector, randomizes lib mappings and makes sure the stack is no-execed. This makes it a pain to do standard buffer overflows or format string attacks.
“…that the default targeted SELinux policy in Fedora Core 3 and above automagically prevents this.”
Where did you get that information? All FC releases are listed as vulnerable in the securityfocus advisory.
(Edit: FC core -> FC. core was a bit redundtant…)
Edited 2005-11-10 03:22
“”…that the default targeted SELinux policy in Fedora Core 3 and above automagically prevents this.”
Where did you get that information? All FC releases are listed as vulnerable in the securityfocus advisory.
(Edit: FC core -> FC. core was a bit redundtant…) ”
Here is the information from the Red Hat Security Team
http://www.advogato.org/person/mjcox/
Updates were provided long back in June.
Basically SELinux would significantly reduce the impact of any such vulnerabilities and in this case stops the worm. Instead of being owned only the specific software (which is severely restricted by the SELinux policies) would be affected.
Well, someone should shoot that Steven J. Vaughan-Nichols for being stupid and posting something he hasn’t got a clue about.
This worm is not linux threat. It is a threat to Apache web server anywhere in the world and only in the case that it runs old version of exactly specified projects.
So, in order to be infected.
– you have to run web server
– you have to run old version of wordpress, awstats or any of 5-6 vulerable projects
– you have to install those exactly as default (putting vulnerable service in subdir called “a” is enough to avoid infection)
– you have to avoid patching your system
Just for fun I installed oldest version of linux (5-6 years old) I had and put all the affected packages on the server (in s subdir a). nothing happened
Now, which user could be infected? None.
Servers? If admin is not following the security then he does not deserve to be called admin.
Yeah, it’s like y2k catastophe. I’m still suffering consequences from all the problems that encountered then.
It that most active FOSS are literaly “moving targets”, wich means that a worm would have to
Target a specific version
Asume a certain configuration
Bypass special security infrastructure if installed(SELinux, Etc.)
And many other things that I can’t remember right now
I was going to say “what took them so long” but reading the comments, I realised the one thing stopping Linux worms: platform heterogenity. If application developpers can barely manage to get their app working cross-distro with the cooperation of the user, how hard will it be for Worms?
Worm writers may rejoice though, Linux Standards Base is making headway
After all, Linux is by no means exempt from exploitable holes, they’re found often enough, and there are people not on bleeding edge security.
rushed in to make that first comment on the post.
The problem with php is slightly overstated. Sure the
bugs can easily be put into the code , but a lot of
them are actually hard to setup. If you look at the buffer overflow exploit on the form handling a few months … it was serious but actually creating a worm which exploits a catalogue of vulnerable applications across different applications types on
different variants of linux kernels/distributions is
not as THAT trivial.
Sure (linux)it is open but lets not overstate the seriousness.
1. mount /tmp on a seperate partition.
2. disallow execution on said partition.
This is a commonly-known security measure. This worm executes completely from the /tmp directory, so this renders it powerless.
That explains why I see seperate tmp partitions all the time!
I’m gonna have to try this.
He means putting “noexec” has part of the options for mounting the partition.
noexec on tmp is good but why stop there, you should try nosuid and nodev.
not a solution, a worm could just do
/usr/bin/perl /tmp/evilscript.pl
or
/bin/sh /tmp/evilscript.sh
Guess what… You don’t even need scripts. You can execute binaries on a “noexec” partition:
/lib/ld-linux.so.2 /tmp/evilprogram.bin
No. That hole has been plugged for a while.
Any biologist will tell you that heterogenity reduses risk.
Any biologist will tell you that heterogenity reduses risk.
Take note advocates of a single distro/DE/browser/whatever, diversity in the platform is a strength.
In biology it’s a different problem. In biology, you are trying to protect the larger group at the expense of a few individuals. With operating systems and servers, we are generally focussed on each individual implementation. I don’t think there is a correlation between biology and Operating Systems because of these different goals.
Sorry, I read the whole thing like a good boy, but I couldn’t find a mention anywhere of what the hell Linux has to do with any of this. What is so hard about this distinction between the kernel and the userland? And why specifically single out Linux? Isn’t any *nix running said software “vulnerable” to this “exploit”?
Furthermore, what exactly is the potential damage of this so-called worm? If /tmp is mounted with the noexec flag (as is the default on every system I’ve seen) this “exploit” is useless. Moreover, it requires three out-of-date apps running in concert and unpatched. Oh, and the server needs to run with permissions less restrictive than ‘nobody’… like, say, ‘root’. This completely neglects tools specifically created to prevent even the paltry inconvenience this threat may cause (jails/chroot, snort, SELinux, FS monitors, etc).
If this is the best dirt eweek can dig up against Unix-based systems and their security model, I’m installing Linux or FreeBSD as my desktop.
Edited 2005-11-10 00:00
Moreover, it requires three out-of-date apps running in concert and unpatched.
This is true. Not so oddly, it is also the leading cause of Windows worms.
And, as much as I am loathe to agree with Linux Is Poo, I agree that when there are Windows worms, there is a vocal (and obnoxious) minority of people criticizing Microsoft for what is essentially a problem with the system administrator.
Yes, the diversity of Linux apps and configurations would make an equivalent *nix worm propogate more ineffectively than is likely on a Windows system (which are more generally identical to each other). But Linux is not immune to poor administration any more than Windows.
No, Thom, this is not the Dawn of Linux Worms. The sky isn’t falling. You can relax now.
Ever heard the quote, “The only thing you have to fear is fear itself.”
This means you should be affraid of and avoid publications that spread fear, like eWeek. ..because stress isn’t healthy and we all have better things to do with our time.
I’m seeing some comments talking about how easy it is to evade this worm, and I’m not disagreeing — however, there’s a bit of a double-standard going on here. The “Linux” worm is really a worm that exploits holes in a few popular PHP applications, and only works on *nix systems. This doesn’t really make it a Linux worm so much as a so-and-so PHP application worm.
Now … what if this were a worm that exploited popular ASP/PHP apps on Windows? You’d all be crying foul yet again over Microsoft’s “insecure” OS and how it’s 100% their fault that this worm exists.
Some food for thought.
It’d go like this:
Microsoft fails again, hahaha!
|
—
| |
| — Yea, but this only effect webservers
—
|
— Geez! Stop being anti-microsoft zealout
Switch to linux!
|
—
|
— They’d have to rewrite all their code…
|
—
|
— If they were 1337 that’d be no problem
|
—
|
— They have bosses, timecards, and girlfriends.
Crumby OSNews lost my formatting. I give up. It was pretty, osnews ruined it.
Oh, now it suddenly works?!
Edited 2005-11-10 00:28
Hahaha … so true.
You’d all be crying foul yet again over Microsoft’s “insecure” OS
Who is this “all” you’re talking about? It’s as if you assumed that the OSNews readers, and more particularly those who favor Linux, represented a huge homogenous mass that all followed the same line of thought, while in fact this is far from being the case.
You wouldn’t be assuming this if you didn’t have a clear anti-Linux agenda. Also note that, as mentioned in other posts, most default “server” installs render this Worm harmless by making the /tmp partition non-executable – in other words, in this case the OS does in fact play a positive role in securing the system.
Anyway, as is the case with 99% of your posts, all you’re trying to do here is start yet another flame war. Instead of trying to divide people, why don’t you try to bring them together? Ever thought about not taking a confrontational stance, for once in your life?
Until you do, down you go!
You’re the only one here who sees a flamewar in every comment of mine. Get a life, asshat.
In case you haven’t noticed, most OSnews/Slashdot Linux zealots ARE a homogenous mass that follows the exact same line of thinking.
You’re the only one here who sees a flamewar in every comment of mine. Get a life, asshat.
Wow, insults already. Didn’t take you long to run out of arguments.
One would need to be blind not to see the flamewars you provoke. Do I really need to point to some of them? They’re all on record, you know. You’re a troll, you start flamewars. That’s just what you do.
In case you haven’t noticed, most OSnews/Slashdot Linux zealots ARE a homogenous mass that follows the exact same line of thinking.
Uh, no, they’re not. Not anymore than pro-MS posters are. People disagree on many things, but when you start flame wars (like you always do) of course you’re going to see the same knee-jerk reactions come up, regardless of the topic.
Trolls thrive on strife and conflict – flamewars, in other words.
A simple way to prove that Linux advocates do not all think the same way, or act as predictably as you claim: I completely recognize Luppi as a Linux Worm. Hey, the ratio of malware for Windows to Linux is already catastrophic for Windows, it’s not as if a single worm would make much of a difference. So this is in fact a Linux worm, and this is in fact an occasion to remind everyone to update and patch their system, no matter what OS they run, and to make sure that exposed servers are secured properly.
It’s all a matter of perspective: 100,000 viruses and worms for Windows, 100 for Linux. That’s 50 times more when you account for market share. The Luppi worm is a Linux security threat, and we must acknowledge it as such – that still doesn’t change the fact that, when malware is concerned, Windows is quite at risk while Linux barely is.
Your blind mislabelling of every comment of mine as troll/flamewar material only proves the single-track, closed-minded nature of the typical Linux zealot.
Thanks for playing.
Your blind mislabelling of every comment of mine as troll/flamewar material only proves the single-track, closed-minded nature of the typical Linux zealot.
Well, considering the fact that almost every one of your post *does* start (or fuel) a flame war, I’d say that it’s not in fact mislabeling, but rather an astute observation. But of course I don’t expect you to agree – nor that it really matters, because all one has to do to verify my statement is look at your post history.
Thanks for playing.
Heh. I was playing here long before you ever crawled your way in, and I’ll be still playing long after you’ve gone. Your empty posturing fools no one, troll.
food for thought for a poo head, not very insightful for anyone with their head outside their ass.
The truth hurts, doesn’t it?
quote from “Linux is poo”…
“Now … what if this were a worm that exploited popular ASP/PHP apps on Windows? You’d all be crying foul yet again over Microsoft’s “insecure” OS and how it’s 100% their fault that this worm exists.”
wave a steak in front of a lion and you’re going to get your hand bitten off.
now is it your fault or the lion’s?
btw… Windows is the steak.
Wow, such a deep analogy … yet what does it prove?
Nothing.
Your response to ArchieSteel; Your blind mislabelling of every comment of mine as troll/flamewar material only proves the single-track, closed-minded nature of the typical Linux zealot.
Thanks for playing.
Now, I am sure you know by now, that I myself am that single-track, closed minded Linux ADVOCATE that you are talking about, but I do take your posts on face value, and I do mod them up when needed…
I will always give you a fair hearing, and it is a pity everyone else around here does not do the same.
BTW – I will continue to play the game !
You’re an advocate, not a zealot. I respect that. Use what you like, but don’t try to force it down everyone else’s throats.
Archiesteel, on the other hand, can’t handle anything even vaguely anti-Linux.
Archiesteel, on the other hand, can’t handle anything even vaguely
anti-Linux.
Exactly why you get a kick out of pointing this out over and over and over again is beyond me and, I’d guess, most people not working for a mental institution.
Erm … I’ve only pointed that out once about him so far.
You’re an advocate, not a zealot. I respect that. Use what you like, but don’t try to force it down everyone else’s throats.
I’ve never force anything down anyone’s throat. Hey, don’t forget that I use Windows every day…
Archiesteel, on the other hand, can’t handle anything even vaguely anti-Linux.
Don’t be ridiculous. I’m quite open to criticism of Linux when it is legitimate. The problem with you is that you just post anti-Linux posts in order to start flamewars.
Give me a valid criticsm of Linux, present it in a reasonable manner, without resorting to insults, ad hominem attacks or strawman arguments, and then we’ll be able to discuss it in a civilized manner.
Of course, the reason why you misrepresent me and what I believe in is clear: to your attempts at flamebaiting I respond with logic, not insults. And no, calling you a troll is not an insult, not anymore than calling someone who starts fires an arsonist.
Rarely, Linux is Poo makes a valid comment. Most of the time all he does is flamebaiting. Heck, his name itself is a troll.
I have tried to discuss things rationally with him, pointing out the logical fallacies in his “arguments”, at which point he usually resorts to insults. To me that shows a complete lack of maturity, a sure sign of a troll (whose sole purpose is to provoke angry reactions, may I remind you).
That said, when LIP does make a reasonable post, I have no problems with it. I just wish he’d stop trolling and rather engage in rational debate.
that’s a bit sensationalist, isn’t it?
Will it target FreeBSD too?
Lol. You would think that a guy who claims to have benchmarked Oracle on Linux and FreeBSD 6.0 would have enough of a clue to not have to ask that question.
Let’s stop the misinformation right here.
1) This worm does not target Linux or UNIX at all.
2) This worm does not exploit a Linux or UNIX vuln.
3) It exploits vulns in PHP and AWStats
PHP and AWStats ARE NOT LINUX OR UNIX. They are third party software that runs on Linux and UNIX.
Most importantly, this worm cannot Root the system!
If you don’t understand this then you should not be discussing a security related issue.
Move on.
You look at this story and if you look into how this would effect Linux servers and then compare it to Windows you would be basically talking about Windows 2000, unpatched running IIS4 outside of a firewall. That is how out of date some of these configurations and applications would have to be, on top of the combination of applications you would have to have installed. ? (I know, I am going a little overboard but you see what I am getting at. You would be a fool to still be running these versions of the apps listed anyway)
See the reason “we” laugh at Microsoft is because 99% of the time after a story like this the next day a story comes out that 20 Million machines have been infected, Fortune 500 companies are spending late nights patching their machines etc. Yet after reading this story I didn’t even go look at my 5 Linux servers and it’s non even a possibility on any of my 10 linux workstations. Unlike when the Zotob worm came out and millions of desktop machines, servers even ATM’s got effected. LOL!
I am sorry but you can’t help laughing at this. I mean like once a month someone comes out with some impending doom story of how Linux (Which the Kernel is as old as windows) is all of a sudden going to be come as insecure as Windows has been in the past and all the Windows fans are going to be able to say “See we told you, when you get millions of servers and users out there you are going to have the same problems as MS” And again it doesn’t happen. The problem with almost all of these stories is that even though say most Linux servers run PHP, they almost all have different versions, configurations, they are even installed different depending on the version of Linux. Unlike in Windows where IIS is installed the same on EVERY Windows server running it and the only difference is patch level. Even if a worm writer finds a particular configuration that can be exploited on Linux, it will only effect Linux servers configured in a particular way. (And not desktops at all) Also Ummmmm, since the source code is out there, any decent programmer could make a patch for their machines if need be. (Can’t do that with windows. Have to wait on MS and hope that the patch that fixes the hole doesn’t kill your machines in the process!)
since the source code is out there, any decent programmer could make a patch for their machines if need be. (Can’t do that with windows. Have to wait on MS and hope that the patch that fixes the hole doesn’t kill your machines in the process!)
Just because a patch is written by microsoft does not mean that it is more likely to kill your machine than a patch written by a random person.
I’ve had many linux machines break when I update them (gentoo , debian, linux kernel, etc) and have only had windows break on an update once.
LOL! Come on you read what I wrote. I wrote:
“since the source code is out there, any decent programmer could make a patch for their machines if need be. (Can’t do that with windows. Have to wait on MS and hope that the patch that fixes the hole doesn’t kill your machines in the process!)”
If you are a decent programer you could fix the problems with a patch, you can’t do that with Windows. Take Windows 2000 SP4 roll up one. Killed tons of computers. MS had to re release it because it was a mess.
Now I have been using Linux for years and I have NEVER had a patch take down my PC or my server. And patches I have had problems with I fix myself. Can you do that in Windows. NOPE. Never have, never will!
I am in control not redhat or linspire or ubuntu. I fix my problems myself if I have to till an official patch comes out! That is Freedom. You will never get that with Microsoft! They will take your money and keep selling you swiss cheese (An OS with holes in it)
I mean what kind of company sells you an OS, then has to also get you to use their Antivirus and Spyware remover etc, etc. LOL! They have to make products to fix problems in their products and then sell you both! LOL! You must be smokin to think that is proper. No other software company has ever had to do that.
And I know you will say “Microsoft has 200 Million users and no one else does” And I would believe that IF you could show me ONE MS OS from Dos version 2 on down that you didn’t need Antivirus for! That has always been a MS problem, not a problem that popped up when they got 100 million users! Its been there. It’s just gotten more and more noticed with the internet!
The other key here is that Microsoft has 50 Billion in the bank and all the Linux companies together don’t have that much money total! Yet we compare the two. Hummmmmm. That is pretty sad.
With tons of distribution each difrents from another, we will not laugh like that … A great thanks to all guy that didn’t think it’s time to “standardize” linux and make there work in their own corner multiplicating solutions and also problems ! Great ideas !
And more, the “kind of crusade” for freeing the world could be a kamikaze crusade as people will certainly not knowing how to patch on linux … because they don’t even know how to do it in windows, stop saying linux is easy, It is NOT, just see around you who knows how to just install properly an application in windows, more some don’t even know the difference between a file and a folder. Think of that becaus Microsoft as already think of it and their next generation of OS will be far more secure than the one we have now ! That’ll be the end of free stuff and in a way the end of computers like we know them ! Time is running out ! 1year till release !!!
You must not read much but MS themselves are saying that Vista may be their last major Windows release and from now on they will only be putting out updates! (And being that they are backporting a lot of those features to XP looks like they are not lieing)
http://news.zdnet.com/2100-9593_22-5915900.html
It’s all over. Microsoft can’t live up to the hype anymore even they now know it. And with MS live coming out (If it ever does) you won’t need Windows to use MS products what does that tell you?
… That Linux users admitted that their OS is not invulnerable, and that devs made attempts to make Linux distros as secure as possible by default. ProPolice should be standard, GRSecurity or SELinux should be the default kernel patchsets for all distros, and the maximum number of processes should be limited by default to prevent forkbomb attacks. Linux CAN be secure, but it won’t be if people don’t bother to make it that way.
We do but it’s just that Linux security model is better than Windows, ease of use comes at a cost. While people moan about how much harder Linux is, just think about how much more secure your system is. SELinux has been in the 2.6x kernels for awhile now.
“SELinux has been in the 2.6x kernels for awhile now.”
That in itself is meaningless, as next to nobody is seriously using it. Fedora Core, RHEL (and derivitives) are really the only Linux distributions that enable it with useful policies by default. In damned near every other Linux distribution with a 2.6.x kernel, the SELinux code just sits there and does nothing if it’s even compiled.
ExecShield on the other hand is enabled in most of the newest distributions as there’s really no good reason for it not to be enabled, as it doesn’t interfere with 99% of the software out there, and has a negligible performance penalty (from what I’ve read on the LKML). But there are even a few distributions that don’t enable that by default (Xandros, as earlier versions of ExecShield didn’t play nice with WINE).
Agreed, there should be a distro like OpenBSD, but on
Linux. Like OpenBSD, they must live, breathe, and sh*t
security.
This has nothing to do specifically with Linux and everything to do with PHP and webserver security.
It’s not the “dawn of the Linux worms” or anything even remotely like that. *nix worms has been around for a long time (remember the Morris worm) and wont go away anytime soon either.
But I guess fear mongering and hype sells ad space.
.
LOL…Thom, do you even understand the issue?
The NeverNoSanity worm proved that worms can spread fast through http and script based web services on *nix boxes. Yet once you start trying to do the standard win32 worm that attacks some daemon with a prepackaged buffer overflow or format string, things become difficult, as the diversity of Linux distributions makes it hard to know exactly where the execve function is in libc on some targeted system. Worm programmers will have to harness application fingerprinting to determine what distro and libc revision is running, but that might not even take care of source based distros with complex CFLAGS. And let’s not forget Fedora’s SELinux which combines the techniques of mapping libc into the ascii armor sector, randomized lib mapping and a no-exec stack to make remote code execution very difficult.
Just because there exists viruses or worms doesn’t prove that a system is insecure. If the viruses and worms continue to flourish and not be stopped, now that says something.
Just to add.
To me it’s just companies like symantic gearing up to sell Linux users products they dont and speading FUD instead of proper advice. Do these people realize that we know what we are doing, or do they think we are all mindless idiots who just brought a computer from PCWorld?
Maybe we should just go home and let people like symantic admin our servers!
To me it’s just companies like symantic gearing up to sell Linux users products they dont and speading FUD instead of proper advice. Do these people realize that we know what we are doing, or do they think we are all mindless idiots who just brought a computer from PCWorld?
But as Linux becomes more user friendly and gains marketshare, what are you going to do about those who will run or click on anything that promises them nude pics of Paris Hilton? Such is about 90% of Windows users currently. When they switch to Linux, they will need some kind of protection. If nothing else, protection from their own stupidity
“But as Linux becomes more user friendly and gains marketshare, what are you going to do about those who will run or click on anything that promises them nude pics of Paris Hilton? Such is about 90% of Windows users currently. When they switch to Linux, they will need some kind of protection. If nothing else, protection from their own stupidity
”
Heh. If someone actually *wants* to see nude pics of Paris Hilton (woof!) then they damned well deserve what they get ;^)
We dont have activeX and we dont have scripts exec by default. Sorry but I dont buy the “market share” line crap and “click here for Linux users” is not a future I see.
We dont have activeX and we dont have scripts exec by default. Sorry but I dont buy the “market share” line crap and “click here for Linux users” is not a future I see.
Right, so you don’t have activeX and email attachments won’t execute by default. I guess that makes the OS bulletproof. What the hell was I thinking anyway?
It doesn’t make the OS bulletproof, but it does make it safer than Windows.
Safer doesn’t mean “impervious.” It just means “more safe.”
What are you on about ? Paris Hilton is a minger
he was and he always will be….because in his heart he knows he is biased towards Linux and has anti-MS sentiments…what a shameless gandu (gandu==butthead)
Archisteel,
100,000 viruses and worms for Windows, 100 for Linux
LOL….100 useless distributions of Linux, with 1% market share vs 6 distro of Windows with 90% market…for which would you make a worm?
Think again if you got some brain…
Now go back to your shell and compare the numbers for Windows Servers…you will know the truth..
Properly configured webservers, with php and http set to run as ‘nobody’ (or applicable) users and with the /tmp directory limited in the standard secure way will not be affected by this.
This doesn’t prove anything in the long-running antims/anti*nix circle-jerk except that people posting articles on the subject ought to at least pretend to know what they’re talking about.
PHP/XML-RPC only exists on Linux platforms,yeah right.
The first Internet Worm attacked “sendmail, finger, rsh/rexec and weak passwords”, on Unix systems. The Unix world has always faced the problems of worms and Linux is no different. But the one thing people seem to forget is that this is a server problem.
Linux Servers get attacked by worms and hackers all the time. This is not news.
Linux Desktops do not get attacked all the time. That would be news.
Richard
The worm exploits a vulnerability within PHP/XML-RPC not linux but PHP/XML-RPC.
Another die tux article :-))). Well ill stick on /*nix environment and ill wait for that specisic software to be buggy and catch some worm on it :-))). But i;m sure problems will have only 0.00000001% of all *nix users 🙂
The head-in-the-sand attitude I see here will prove to be a windfall for the worm & virus writers.
http://www.eweek.com/article2/0,1895,1883850,00.asp
You can be hacked in Windows as always for doing something as simple as reading email! LOL! Come on! How can you compare Windows to Linux! I NEVER have to worry about something as simple as this on my Linux workstation! I read emails willy nilly all the time! I double click on attachments when I feel like it etc! No sweat!
Also the new standard argument is that “Well it’s user error that leads to Windows users getting hacked” Yet here is an example of a hole that you can’t administer around! It’s been there for months maybe years and there is nothing you could do till now when MS came out with a patch! (And this is an on going problem! Poped up in windows more then once!)
So don’t give me that crap of comparing Windows to Linux. Yea MS has billions of dollars and is a little more advanced in features but in the security world Windows is STILL second rate! Which is sad!
I double click on attachments when I feel like it etc!
Are you saying that you use a graphical e-mail client instead of mutt? N00b!
Yes, I use Mozilla thunderbird on Ubuntu and Linspire. Used to use mutt back in the day.
Not sure what version of Linux you use but if you need any help you can email me at [email protected] (or [email protected])
You can be hacked in Windows as always for doing something as simple as reading email! LOL! Come on! How can you compare Windows to Linux! I NEVER have to worry about something as simple as this on my Linux workstation! I read emails willy nilly all the time! I double click on attachments when I feel like it etc! No sweat!
In most Linux distros, there is NOTHING to stop these kind of attacks. The only reason we don’t see them is that the the hackers for some reason don’t want to create such exploits. Perhaps because they like Linux and hate Microsoft, or because the population using Linux is to small to target if they somehow intend to make money from their exploit. So you should probably worry in Linux as well.
The difference is that “NOTHING” in Linux means the tools allready presentin the system (SELinux, chroot,… comes to mind) is not configured to make sure such exploits doesn’t harm you. In Windows it means that there are no tools to configure, except for antivirus software that kick in when the harm is allready done.
To be safe you should sandbox all applications that connects to the net and make sure that they only see other files on a need to know basis. If viruses worms and other malware becomes a problem in Linux we can expect most Linux venders to make use of whatever tools allready present (which would go a long way) and perhaps invent new ones.
Come on.
The First big difference is that it’s not simple to create a HTML file or WHM (Since Linux doesn’t run WHM files) that will run something just from viewing a webpage in Firefox or Thunderbird! LOL! If it were easy to do then someone would have done it to show it can be done!
For instance don’t you think that the Virus scan companies like Mcafee and Symantec etc would at least show proof of concept if it were possible? They have labs of people working on this stuff and there is sure plenty of money now and in the future to make if they can show something like this is a threat! (Like Roche has done with the Bird Flu, cash in on people being scared and you having the only cure) But yet no proof of concept.
Also if it was easy to do don’t you think worm writers would do it knowing that almost NO linux desktop users have virus scan. They would have thousands of PC’s under control with no problem if it were that easy and since us Linux folks are so gunhoe we won’t even notice!
But you don’t see it cause it’s not easy. For one there are 1000’s of versions of Linux, on top of that each user has their own little configuration. I use Thunderbird, while the person who noted me today uses Mutt etc, etc. Then each person has different security. Most desktop versions of desktop Linux are running some form of Firewall by default so you have to get around that and the 50 different configurations there, and then if the person is not running as root then you have to figure out how to run the script or program, embedded in HTML or a JPEG file etc on the machine as a regular user and be able to make it do harm. LOL!
I mean we could go on and on and on with the correct situation needed to have a mass Linux worm. Shoot how about in the Mac OS most Macs are configured the same on OSX out the box and yet there are no major worms there ether! They have a much bigger install base, millions of users!
Here is a quote from Stephen Orenberg, President of Kaspersky Lab.
http://www.linuxplanet.com/linuxplanet/print/5997/
“Orenberg also emphasized that while a 100 percent Linux environment is orders of magnitude less likely to be hit be a virus, many Linux deployments are within heterogeneous, not homogeneous, environments. Windows clients and servers on the network bring a vast array of potential infection points, and having an antivirus engine on a Linux server will protect the health of the overall network, even if the Linux machine itself is not vulnerable.”
“Faced with growing integration with Windows machines, Linux users might do well to start implementing some sort of anti-virus solution in the months to come.”
The virus companies want to sell me virus scan software for my Linux machines to help me protect Windows! LOL!
As soon as I saw this I browsed the article. Then Googled for Linux.Plupii. Got led to McAfee. They stated these symptons:
Presence of one or more the following files:
* /tmp/lupii
* /tmp/listen
* /tmp/update.listen
* /tmp/listen.log
One or more of the following ports are listening/sending:
* UDP 7111
* UDP 7222
* UDP 27015
* UDP 25555
ran ls ls /tmp/l* and ls /tmp/updat* and found nothing
I googled for ‘linux UPD lupii’ and got nothing pertinant.
This took about 5 minutes. Then I browsed all of the other comments. Was very pleased to see the general opinion was that SE Linux is protecting me in FC4. I also do regular backups that do not include anything as foolish as /tmp, so all I really had to loose was a little time.
And, I, like most of you, do look at pornography on the web and it is not illegal where I live and should not be.
If I had found a problem I would have fixed it and learned from it.
I am not a techie by trade just somebody that has taught themselves Linux and would never go back to Windows servitude.
“Was very pleased to see the general opinion was that SE Linux is protecting me in FC4”
The general opinion is that Windows is the best thing in computing since the PC (ask 90% of the computer using population).
Opinions, general or not, mean nothing.
PHP runs on Linux. So Linux machines are vulnerable as well. Quit your yappin’ and take it like a man.
Linux machines running PHP are now at risk. Don’t deny it.
Totally. I don’t remember any such comments on the latest IIS vulnerabilities.
“It’s NOT a Windows server 2k3 problem ! It’s an IIS one ! The NT kernel is fine !”
That doesn’t magically make your box insecure. Still, I’ve scanned my Debian box, just in case. Clean and shiny as a pearl. No Lupii here. Life’s STILL good.
Please!
You look at this story and if you look into how this would effect Linux servers and then compare it to Windows you would be basically talking about Windows 2000, unpatched running IIS4 outside of a firewall. That is how out of date some of these configurations and applications would have to be, on top of the combination of applications you would have to have installed. ? (I know, I am going a little overboard but you see what I am getting at. You would be a fool to still be running these versions of the apps listed anyway)
See the reason “we” laugh at Microsoft is because 99% of the time after a story like this the next day a story comes out that 20 Million machines have been infected, Fortune 500 companies are spending late nights patching their machines etc. Yet after reading this story I didn’t even go look at my 5 Linux servers and it’s non even a possibility on any of my 10 linux workstations. Unlike when the Zotob worm came out and millions of desktop machines, servers even ATM’s got effected. LOL!
I am sorry but you can’t help laughing at this. I mean like once a month someone comes out with some impending doom story of how Linux (Which the Kernel is as old as windows) is all of a sudden going to be come as insecure as Windows has been in the past and all the Windows fans are going to be able to say “See we told you, when you get millions of servers and users out there you are going to have the same problems as MS” And again it doesn’t happen. The problem with almost all of these stories is that even though say most Linux servers run PHP, they almost all have different versions, configurations, they are even installed different depending on the version of Linux. Unlike in Windows where IIS is installed the same on EVERY Windows server running it and the only difference is patch level.
Even if a worm writer finds a particular configuration that can be exploited on Linux, it will only effect Linux servers configured in a particular way. (And not desktops at all) Also Ummmmm, since the source code is out there, any decent programmer could make a patch for their machines if need be. (Can’t do that with windows. Have to wait on MS and hope that the patch that fixes the hole doesn’t kill your machines in the process!)
PHP runs on Linux.
Only on linux?
It should be pointed out that the “worm” in question is nothing more than a PHP script exploit. It applies not to Linux per se, but to anything with a poorly thought out PHP configuration coupled with a poorly written PHP script.
The observed example explicitly looks for /tmp (so it wouldn’t necessarily affect Windows systems), but the PHP code could be rewritten to search for a couple of directories (includeing C:).
I’ve had many linux machines break when I update them (gentoo , debian, linux kernel, etc) and have only had windows break on an update once.
With the distros you mentioned on the other hand i have never witnessed a patch not fully closing a security hole.I can’t say that from all MS patches.
Linux doesn’t break and there is no such thing as worms on linux. It is impossible!
Sorry, just felt like posting like a jackass which is what the majority does here. This isn’t a troll post, its the truth. Sad as it is, the worst of humankind is on these forums saying this kind of stuff. That is the only real reason I post is to give the truth and put that out there instead of this garbage.
I don’t think there are that many people who will post this, however they’re a vocal bunch, just like those posting anti-Linux FUD.
Of course Linux can break. It just happens rarely (if you talk about the kernel – X can also break, usually due to drivers).
Likewise, Linux worms do exist. However, their impact is minuscule when compared to Windows worms. This is due in part to popularity, but also because a) Linux has historically had better security defaults than Windows (there are lots of older, more insecure Windows boxes connected to the Internet out there) and b) the heterogenous nature of Linux installs makes it harder for worms to propagate.
So the popularity aspect is important, but that does not take away from the fact that Linux systems are in general more secure.