Mike Branda wrote:
>On Wed, 2005-11-16 at 09:12 -0500, SOTL wrote:
>
>
>
>>The real issue to me is that given a network say mill net that some
>>unsuspecting person could plop a music CD into a box be it MS Windows, Linus,
>>or BSD [recall Apple is BSD] and by that simple process install root kits on
>>
>>
>
>
>
>>Frank
>>
>>
>
>Frank,
>
>You're getting the BSD and Linux thing wrong. Note in the discussion of
>the Mac that the user is prompted for a superuser password with a pop up
>window. Here's where the issue lies on a *nix system. You have to give
>it privileged access to do anything of significance. Most of the
>services, binaries and other files that could cause major harm (outside
>of memory buffer exploits or whatever) are not accessible as the average
>Joe login.
>
>Remember that all those programs like IE and such run as the "privileged
>user" on Windows. Everybody is an administrator by default unless you
>explicitly downgrade them. Doing that usually that causes a user to not
>be able to use common 3rd party software because the program is written
>in a way that needs admin priv's. Catch 22.
>
>Most of the *nix rootkits replace binaries and other things owned by
>root and the only way to do that is for a user to give a root password,
>or to discover an exploit that gains root access. In my experience with
>Linux so far, because of the many eyes on the source code, exploits are
>most often found and fixed/patched before they are even known by others
>as exploits.
>
>Now, if somebody's dumb enough to run a program on a *nix box and
>actually type in the root password without knowing what they were
>installing, well... that's their own ignorance. Unfortunately, I'm sure
>this will happen. Just as the Mac user will lightheartedly type their
>password in that little window.
>
>
>
>Mike Branda Jr.
>
>
Ok lets look at this from a different side.
What if someone puts a root kit into an opensource application really
burrys it, but the thing is it is there opensource app. Like If i made
Wee robby's windows emulator, and I still some stupid root kit code in
there and you install it and you use it not knowing that I place a a
root kit in there well your just a little SOL, someone would find the
code eventually but not after I infected people with this thing. That
is the problem with Mac and windows right now is there are too many
users who trust everything they read and have this I think i should
install this attitude and next thing yhou know the machine is infested
with rootkits, spyware using rootkits and god only know what else. All
I am saying is that I believe that if 90% of the computer using public
ran linux or bsd or any kind of *nix that they would stupidly hand over
the root password to install something and the next thing you know they
have a linux that just as unstable as windows can be.
>-----------------------------------------------------------------------
>This list is provided as an unmoderated internet service by Networked
>Knowledge Systems (NKS). Views and opinions expressed in messages
>posted are those of the author and do not necessarily reflect the
>official policy or position of NKS or any of its employees.
>
>
>
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:10:21 EDT