Secure Coding mailing list archives
RE: Opinion re an interesting article on Linux security in Linux Journal
From: "Alun Jones" <alun () texis com>
Date: Wed, 10 Mar 2004 16:04:13 +0000
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michal Zalewski Sent: Tuesday, March 09, 2004 1:16 PM Uhh, with some new worms, you not only can't execute the rogue directly by just clicking on an attachment, but you need to enter a password to get access to it... you just need a userbase clueless enough to carry out even a fairly complicated action out of curiosity, and some social engineering.
As ever, the chief flaw that is exploited by the most successful (in terms of wide spread) viruses is that of human naivete / stupidity. I reckon you'd get a fairly good spread of virus even if you asked people to type the virus code into "debug" (a tool which, among other things, allows you to directly enter hex codes). The only thing that might slow such a virus down is that many of the people typing it in would get a digit or two wrong. I've long maintained that Unix, Linux et al are not protected so much by technical superiority as by a lack of users - particularly a lack of technically uninformed users. In some cases, too, the protection is that there are less dumb developers. To truly bring Linux down, what's needed is a "Visual Basic 1.0" for Linux :-) Alun. ~~~~ -- Texas Imperial Software | Find us at http://www.wftpd.com or email 1602 Harvest Moon Place | [EMAIL PROTECTED] Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers. Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer. [Ed. Let's please keep this to a discussion of design features and NOT a mudslinging contest (which no one can possibly win). Thanks. KRvW]
Current thread:
- Opinion re an interesting article on Linux security in Linux Journal Kenneth R. van Wyk (Mar 09)
- Re: Opinion re an interesting article on Linux security in Linux Journal Richard Moore (Mar 09)
- Re: Opinion re an interesting article on Linux security in Linux Journal Michal Zalewski (Mar 09)
- RE: Opinion re an interesting article on Linux security in Linux Journal Alun Jones (Mar 10)
- Re: Opinion re an interesting article on Linux security in Linux Journal Richard Moore (Mar 10)
- Re: Opinion re an interesting article on Linux security in Linux Journal Michal Zalewski (Mar 09)
- RE: Opinion re an interesting article on Linux security in Linux Journal Michael S Hines (Mar 09)
- Re: Opinion re an interesting article on Linux security in Linux Journal Ryan Russell (Mar 10)
- Re: Opinion re an interesting article on Linux security in Linux Journal ljknews (Mar 10)
- Re: Opinion re an interesting article on Linux security in Linux Journal der Mouse (Mar 10)
- <Possible follow-ups>
- Re: Opinion re an interesting article on Linux security in Linux Journal Bill Cheswick (Mar 10)
- Re: Application Sandboxing, communication limiting, etc. Jared W. Robinson (Mar 10)
- Re: Application Sandboxing, communication limiting, etc. ljknews (Mar 10)
- Re: Re: Application Sandboxing, communication limiting, etc. Jose Nazario (Mar 10)
- Re: Re: Application Sandboxing, communication limiting, etc. Crispin Cowan (Mar 13)
- Re: Application Sandboxing, communication limiting, etc. Jared W. Robinson (Mar 10)
- Re: Opinion re an interesting article on Linux security in Linux Journal Richard Moore (Mar 09)