Question regarding an article fromMicrosft Hellas's CEO

Sat Feb 7 14:12:09 UTC 2004

Joao Ribeiro da Silva wrote:

> ----- Original Message -----
> From: "Frank Heckenbach" <frank at g-n-u.de>
> To: <jrs at developcomponents.com>; <discussion at fsfeurope.org>
> Sent: Thursday, February 05, 2004 9:49 PM
> Subject: Re: Question regarding an article fromMicrosft Hellas's CEO

> > > Try to map a network drive or even access to your CD-ROM it
> > > will tell you that only the system administrator can do that
> > > and because on Unix nobody works as system administrator then
> > > the system core never has a virus. In the worst case scenario
> > > only the files created by the user can be deleted or damaged
> > > not the files from other users so even if we had virus on
> > > Unix the impact over the system would be very small (to the
> > > user level only).
> >
> > I've heard this argument, but I don't think it's a very strong
> > point. On most machines the user data are more valuable than the
> > system files. [...]
>
> In this case, I think you are right in one way and wrong in another. Why?
> Simple. When the programmer of a mallicious trojan, virus or any other tipe
> of action makes his decision on attacking another computer or computers he
> whants to destroy as much data as possible. He will not like the idea of the
> possibilty of damage the data of a single user, no he whants more, alot
> more.

If the lack of network security would allow the virus to spread, it
will eventually reach the other users on a multi-user system anyway,
even if local security prevents the direct route.

> > It's true that a virus can hide in system programs and covertly
> > spread more damage over time, but on Unix systems, they can do
> > almost the same by manipulating the user's aliases, PATH, etc.
>
> Yes, of course, but with the variaty of system configurations on Unix based
> systems, and other that are costumized by the systems administrators of each
> different company it can be a hard task to program something that will be
> really efficient.

Sure, configurations are more diverse, but there are some central
points (shell config files etc.) which are rather easy targets of
attack, I suppose (no experience myself ;-).

> > > On Unix, as soon a user logs out from the system all
> > > applications running with that user permissions are forcelly
> > > terminated by the OS itself.
> >
> > Not at all.
> 
> Ok let's say for the majority of the applications this is true, only people
> that manipulate computers very well, like programmers and systems
> administrators end up to leave tasks running when logged out.

But we're talking about malicious programs. They could easily
arrange to remain running after the user logs out (unless the user
or admin has taken special measures to prevent this, which is not
usually the case, AFAIK, since there are valid reasons for users to
do so, such as long-running background jobs, `screen', etc.).

Frank

-- 
Frank Heckenbach, frank at g-n-u.de
http://fjf.gnu.de/
GnuPG and PGP keys: http://fjf.gnu.de/plan (7977168E)