malware question - Security

This is a discussion on malware question - Security ; In a recent discussion about the possible use of a virus checker in a linux distro (I have ubuntu in mind) it was suggested in another group that for example, a weakness may exist because a User may install software ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: malware question

  1. malware question

    In a recent discussion about the possible use of a virus checker in a
    linux distro (I have ubuntu in mind) it was suggested in another group
    that for example, a weakness may exist because a User may install
    software into their account which could modify their .bashrc file to
    allow some more malware to install a password sniffer to capture info
    the next time they typed 'sudo > xxx' ('sudo' could be redefined in the
    ..bashrc file). Then the malware would be free to create chaos. Including
    the use of other accounts for browser or email activities.

    I guess this is a well known possibility, although I am new to this area
    of experience.
    What would safeguards include?
    tia
    --
    ac

  2. Re: malware question

    ac <"aec$news"@candt.clara.co.uk> writes:

    >In a recent discussion about the possible use of a virus checker in a
    >linux distro (I have ubuntu in mind) it was suggested in another group
    >that for example, a weakness may exist because a User may install
    >software into their account which could modify their .bashrc file to
    >allow some more malware to install a password sniffer to capture info
    >the next time they typed 'sudo > xxx' ('sudo' could be redefined in the
    >.bashrc file). Then the malware would be free to create chaos. Including
    >the use of other accounts for browser or email activities.


    >I guess this is a well known possibility, although I am new to this area
    >of experience.
    >What would safeguards include?


    Keeping people out of user accounts. The first rule is that if a cracker
    gains access to an account, any account, the chances of a root crack shoot
    way up. So your first defense is to keep everyone out of accounts that are
    not theirs.


    >tia
    >--
    >ac


  3. Re: malware question

    Unruh wrote:
    > ac <"aec$news"@candt.clara.co.uk> writes:
    >
    >> In a recent discussion about the possible use of a virus checker in a
    >> linux distro (I have ubuntu in mind) it was suggested in another group
    >> that for example, a weakness may exist because a User may install
    >> software into their account which could modify their .bashrc file to
    >> allow some more malware to install a password sniffer to capture info
    >> the next time they typed 'sudo > xxx' ('sudo' could be redefined in the
    >> .bashrc file). Then the malware would be free to create chaos. Including
    >> the use of other accounts for browser or email activities.

    >
    >> I guess this is a well known possibility, although I am new to this area
    >> of experience.
    >> What would safeguards include?

    >
    > Keeping people out of user accounts. The first rule is that if a cracker
    > gains access to an account, any account, the chances of a root crack shoot
    > way up. So your first defense is to keep everyone out of accounts that are
    > not theirs.
    >
    >
    >> tia
    >> --
    >> ac


    Keeping people out of user accounts they are not supposed to be in?? If
    you read tia's post, he is not talking about people gaining unlawful
    access, he is talking about mailware attached to a program that would be
    executed by a genuine user already logged into the system. This is
    generally how mailware works, no? Which is why I am guessing that Tia is
    after a virus checker to scan for such mailware?

    Although I don't use such a virus checker myself for binaries, I do
    peruse any cleartext shell scripts before executing them just to be on
    the safe side. This is at least some form of protection or peice of mind
    assuming you can dfollow the scripts in a basic intelligable manner. You
    don't really need to be an expert to do this.

    Dz


  4. Re: malware question

    On 5 Aug, 19:38, Unruh wrote:
    > ac <"aec$news"@candt.clara.co.uk> writes:
    > >In a recent discussion about the possible use of a virus checker in a
    > >linux distro (I have ubuntu in mind) it was suggested in another group
    > >that for example, a weakness may exist because a User may install
    > >software into their account which could modify their .bashrc file to
    > >allow some more malware to install a password sniffer to capture info
    > >the next time they typed 'sudo > xxx' ('sudo' could be redefined in the
    > >.bashrc file). Then the malware would be free to create chaos. Including
    > >the use of other accounts for browser or email activities.
    > >I guess this is a well known possibility, although I am new to this area
    > >of experience.
    > >What would safeguards include?

    >
    > Keeping people out of user accounts. The first rule is that if a cracker
    > gains access to an account, any account, the chances of a root crack shoot
    > way up. So your first defense is to keep everyone out of accounts that are
    > not theirs.


    Virtual machine domains like Xen. Not making a compiler available to
    users. Restricting users only to web material acces for upload and
    download over secure protocols, like WebDAV over HTTPS. Not allowing
    users to use mod_perl for web pages or other scriptable serverside
    tools like PHP.


  5. Re: malware question

    Nico wrote:

    What about something that monitors .bashrc and some other important files in
    the system for changes? I think it already exists somehing like this...
    Well, noone minds but, I'm not english so don't kill me for the speech ;-)

    --David Francos --

    Contacto:
    Jabber: Thexayon@jabber.com
    M$N Messenger: davidf.zgz@hotmail.com
    IRC: irc.freenode.net (XayOn)
    E-mail:Yo.orco@gmail.com, thexayon@gmail.com
    Google talk: Thexayon@gmail.com


    Ley de murphy del mensaje (fortune) :
    Los buenos tiempos terminan muy pronto. Los malos continúan siempre.
    -- Observación de Tracey.


+ Reply to Thread