regularly scheduled paranoia. Was: Re: Anti Virus

foodog plug-discuss@lists.plug.phoenix.az.us
Thu, 07 Mar 2002 15:07:04 -0700


Nancy Sollars wrote:
> 
> I still think this will only affect the unwarey and stupid.

Yup, just like it's always been.

> most people even before d/l tars check for the signiture signed file..

I'll bet I'd really *like* it on your planet ;-)
Perhaps my impression of The Average Computer User has been tainted.

Steve
> 
> Nige
> 
> ----- Original Message -----
> From: "foodog" <foodog@uswest.net>
> To: <plug-discuss@lists.plug.phoenix.az.us>
> Sent: Thursday, March 07, 2002 9:52 AM
> Subject: regularly scheduled paranoia. Was: Re: Anti Virus
> 
> > "der.hans" wrote:
> > ...
> > > Haven't used it as viruses are completely irrelevant to me ( other than
> the
> > > bandwitdth they use ), but:
> > >
> > ... snip <lots of av info>
> > > der.hans
> > > --
> > > #  http://home.pages.de/~lufthans/   http://www.DevelopOnline.com/
> > > # We now return you to your regularly scheduled paranoia...
> >
> > I think the days of not worrying about virus scanning on Linux are
> > numbered.  In the early days pirates were largely responsible for
> > viruses spreading under DOS.  Eventually viruses started to "get lucky"
> > and make it into official software releases.
> >
> > I think script kiddies are the best vector for widespread Linux
> > infections.  Their own machines will get infected, then they'll pass the
> > infection on as they root other boxes.
> >
> > There's a thread on Vuln-dev this week about a possibly fake Apache
> > 1.3.22 exploit that infects all elf binaries and opens a port on UDP
> > 3049.  To clarify, the Apache exploit is the possibly fake part, the elf
> > infector appears to be legit.
> >
> > A clean and an infected grep were posted, in case anyone wants to get a
> > jump start on being the McAfee of the Linux world.  I don't think it'll
> > be long before someone with more coding talent decides it'd be cool to
> > add stealth.  If that had happened, the current thread would just be
> > disappointed kiddiez complaining that their new 'sploit didn't work as
> > advertised.
> >
> > Steve