[plug] security of linux desktops re mail viri

craig at postnewspapers.com.au craig at postnewspapers.com.au
Wed Dec 12 13:24:08 WST 2001 

> > Nobody is proof against (1) or (5)
> > unless someone comes up with an instant remote IQ test combined
> > with lockdown (I've never found an electrified ZIP drive
> > labelled "floppy" to be good enough *grin*).
> 
> This is not true.  Linux user accounts are sandboxed to some extent.  I don't 
> have to worry about what my girlfriend downloads or runs because she doesn't 
> have write access outside her home directory and doesn't have any private 
> information accessible from her account.
True. However, that doesn't stop virus spreading from user to user on
the same machine by the same method is spreads remotely. I'm not talking
about root exploits or total machine cracks - you don't need that to
have a highly destructive virus.

> > (3) and (2) are becoming more and more popular in the quest for "easy to
> > use" programs and environments.
> 
> You are assuming here that you don't have a choice.  It's easy for a Windoze 
> user to think that you can't choose what applications you run.  There are so 
> many mail clients available for Linux and **most** of them are pretty secure. 
> Lets not forget that 95% of people who use Windows all use the same mail 
> client.  If you find a security flaw in Pine mail reader it is only going to 
> affect a small proportion of Linux users.
Agreed. There's a reason I use mutt :-)
However, we all know the scary "power of the default" as demonstrated on
windows. You _can_ choose (ok, sometimes) but how many users _do_?

> Linux also uses peer review and security audits to improve security.  If you 
> find a security bug then you get the kudos for being the person who found it. 
> If you find a bug in Windoze then Microsoft will get angry if you publish it. 
> The only enjoyment you might get out of finding a bug in Win-doze is if you 
> exploit it.
Sure. However, email viri in particular can spread like wildfire, and an
available bugfix / security patch is no good until applied.
Linux also has the advantage of package management (well, most
distros do) and now that the rpm based distros are getting auto-update
features like apt, things are looking up for the systems actually being
kept up-to-date. 
Except that the people installing Red Hat on their desktops will _never_
run up2date, makdrake users won't use mandrake update, etc. Hell, even
windows can auto-update but nobody uses it, if they did the outlook
virus problems would be smaller than they are.
So in the end we face a similar problem to MS in that regard - how to
get the users to F**ING APPLY THE PATCHES!!!

> > You can NEVER stop a stupid user.
> 
> You can sandbox a stupid user.  You can also make them operate their mail 
> software and browser in a separate account to the one which has access to 
> corporate information.  If you have really stupid users then you should 
> probably do this.
However, what about home desktops? Anywhere, in fact, without a security
concious sysadmin? And would _you_ use a system where you had to log-out
and log-in to change from mail to other work, or perhaps even just had
to switch to a different X server on another VC?
 
> > So what is to prevent linux desktops from becoming just as bad as
> > non-outlook-using windows PCs - or even, *gasp*, as bad as windows PCs
> > with outlook express, due to an auto-execute vulnrability in some MUA?
> 
> A good system administrator who is very careful about what "setuid root" 
> software he allows to be installed on the box.
But you don't need to be root to nuke all that user's data. There should
be backups, of course, but they'll be a day old or so and if its a home
system you _know_ there won't be any at all.

It is much harder for a virus on linux to nuke the system. Nigh
impossible, in fact, without an exploit of an suid tool (pretty sysadmin
tools for desktops come to mind) or tricking the user into entering the
root password, which is easy - if they have it. Which, on a desktop for
home use, they do.

I'm not talking about _now_. I don't see viri as a problem for linux
yet. 
But if / when adopted widely, esp. for stand-alone systems without
dedicated sysadmins, that's what I'm concerned about.

-- 
Craig Ringer
IT Manager
POST Newspapers
http://www.postnewspapers.com.au/
GPG Key Fingerprint: AF1C ABFE 7E64 E9C8 FC27  C16E D3CE CDC0 0E93 380D

More information about the plug mailing list