[vox-tech] linux and viruses
Karsten M. Self
kmself at ix.netcom.com
Mon Feb 27 17:43:57 PST 2006
on Thu, Feb 23, 2006 at 06:31:56PM -0800, Cylar Z (cylarz at yahoo.com) wrote:
> Here's the skinny. I'm trying to get my systems administrator (at
> work) to let me connect a laptop to his network so that I can surf the
> web at lunchtime.
Note: workplace, workplace network, and personal use of workplace
resources. It's their net, and it's their rules. Regardless of how
appropriate or not those rules are. I'd suggest you find alternate
means to surf.
There are a number of ways in which you can make use of your own network
access at arbitrary locations, including a number of handheld devices.
> Now, the sysadmin is strictly a Microsoft man and knows nothing at all
> about Linux. He has balked at my request because while he is worried
> that I might inadvertently bring viruses/spyware/malware onto his
> network.
That "inadvertantly" is markedly unlikely. However it is possible for
you to pose a risk, advertantly or otherwise. Then again, that risk is
likely markedly lower than any posed by Microsoft platforms, whether
fixed or portable.
> It turns out that he was not even aware that Linux can speak TCP/IP
> and supports DHCP client networking functions.
Look at this as an educational opportunity.
> I tried telling him that my laptop will be running some flavor of
> Linux (most likely Fedora Core 4) and that Linux is virtually
> impervious to viruses. It hasn't swayed him.
Note that:
- Your risk of being hosed by a "virus" (in the traditional sense of a
binary infector) or worm (standalone program) is pretty low. The
first markedly lower (effectively nil) than the latter. A loosely
secured GNU/Linux system running network services may find itself
running things you don't intend. PHP and other Apache tools are
among the more usual suspects.
- Even if you aren't "infected" with an exploit (it's not actively
running on your GNU/Linux box), its possible for a malicious MS
Windows binary to be resident on your box. Copying this to a
MS Windows system could result in problems. The main issue here is
whether or not you'd be bypassing other AV protections by having a
GNU/Linux system on the net.
> I guess my question to you all is this: Did I make a true statement?
Largely accurate if not entirely true.
> Is Linux really virus-proof?
The answer here is an exeptionally qualified, to within an inch of its
life, negative. There are a very few ELF (GNU/Linux-binary) infector
viruses, virtually none of which have been seen in the wild, and none of
which poses an appreciable realistic threat.
The more complete answer is: there are ways of compromising GNU/Linux
security, but viruses (binary infectors) aren't among the interesting
ones. By applying appropriate filesystem security, good password
policies, minimizing open ports, practicing good package management
(trusted sources, frequent updates), and looking for signs of trouble
(open ports, odd programs, odd processes, odd files in strange places,
performance issues), you can do far more on GNU/Linux than on MS Windows
to detect and correct any such problems.
> If so, is it just because of its relatively small share of the OS
> market, or is there a more technical reason for this?
Opinions and assholes, but in mine (opinon) there's a very convincing
argument that it's technical explanations. Eric Raymond and Nick
Petreley give a good general overview of why:
http://www.theregister.co.uk/security/security_report_windows_vs_linux/
http://www.faqs.org/docs/artu/
... and I dig a bit deeper to some cultural ones in my own essay on
spyware vis-a-vis legacy MS Windows vs. GNU/Linux.
http://kmself.home.netcom.com/Rants/spyware.html
> If so, what? If I told him one, it might get through to him.
>
> And what about malware? Is Linux resistant to that as well?
Largely but not totally, for reasons which are somewhat more cultural
than technical.
See in particular my essay.
> Think of this as an opportunity to further infiltrate Microsoft's
> domain. Help me explain to my admin why attaching a Linux client won't
> hurt his network.
There's a few things you don't discuss which might be helpful to know:
- Are arbitrary legacy MS Windows clients allowed on the network? If
so, most of the reservations you cite WRT GNU/Linux are pretty
non-sensical as any MS Windows box will be a greater risk.
- Is there any policy about allowing personal systems on the network?
- Is there any policy concerning personal use (surfing or otherwise)
while at work?
- Is there a DMZ or otherwise segregated LAN segment which might be
used by roaming systems. This is actually a useful design as it
provides a place where clients, vendors, or other visitors can
gain Internet access without putting any corporate systems at risk.
I'll stand by my first comment: a business is more than justified in
creating whatever arbitrary rules for the management of its computing
and network resources it wants. These need not be sensible, and
frequently aren't. That's the business's prerogative, however.
That said, if you want to provide some education to the sysadmin, I'd
point him/her at some of the resources above.
Another point you might want to recognize is that the jobs market is
improving markedly and should you find your current employer not
sufficiently enlightened, there are other opportunities out there.
Peace.
--
Karsten M. Self <kmself at ix.netcom.com> http://kmself.home.netcom.com/
What Part of "Gestalt" don't you understand?
The black hat community is drooling over the possibility of a secure
execution environment that would allow applications to run in a
secure area which cannot be attached to via debuggers.
- Jason Spence, on Palladium aka NGCSB aka "Trusted Computing"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://ns1.livepenguin.com/pipermail/vox-tech/attachments/20060227/ad2405ff/attachment.pgp
More information about the vox-tech
mailing list