[vox-tech] Linux's Vulnerability to E-mail Viruses

Chris McKenzie vox-tech@lists.lugod.org
Thu, 25 Apr 2002 16:23:30 -0700 (PDT) 

The most famous e-mail "virus" of the 80's used the assumption that
everyone was using the UNIX elm e-mail client, it was the famous XMAS
tree and was headline news at the time.
	Generally speaking, *NIX networking software does not make as many
fundamentally bad assumptions about the users.  For example, in IRC, DCC
auto-receiving of files is easy to enable and the LifeStages.txt.vbs is
rampant.
	The main insecurity about a windows system with respect to viruses
is I think two fold:
	First, by default, the final extension is hidden of a file.
	However, Windows uses this final extension to determine what to do
with the file.

	Second, a mere extension changes a file type, so the noun-verb
analogy works well, however, the verb is sometimes ambiguous -- especially
when it cannot be implied.

Although *NIX does not have these inherent security flaws, it does not
mean that a user of this system is generally *safe*.  Watching out for a
virus in a computer is like watching out for sickness in real life.  There
isn't some boxed pill that you buy at a drug store, it is a lifestyle
choice that leads to a healthier life.  Similarly, securing yourself
should be a proactive measure.  Use checksums whenever possible.  Also
choose ssh over telnet when reasonable.  Use sufficiently secure passwords
and know what you are getting into before you get into it.  Also, be aware
of symmetric versus assymetric processes and processes that require you
to have something or know something.  Assymetric processes that require
you to have or know something are usually preferred.

On Wed, 24 Apr 2002, Richard S. Crawford wrote:

> I'm operating under the assumption that while viruses for Linux that
> spread like Windows viruses are very rare, there are still some out
> there.
>
> So, given that, what level of vigilance is necessary against incoming
> viruses in a Linux system?
> --
> Sliante,
> Richard S. Crawford
>
> mailto:rscrawford@mossroot.com		http://www.mossroot.com
> AIM:  Buffalo2K   ICQ: 11646404  Yahoo!: rscrawford
> MSN:  underpope@hotmail.com
>
> "It is only with the heart that we see rightly; what is essential is
> invisible to the eye."  --Antoine de Saint Exupery
>
> _______________________________________________
> vox-tech mailing list
> vox-tech@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech
>

Sincerely,
	Christopher J. McKenzie

	cjm@ucdavis.edu
	mckenzie@cs.ucdavis.edu
	(530) 297-6110
	609 Anderson 161
	Davis, CA