"The talk lately has centred about Vista's security APIs, but Linux certainly needs improvements in this area, because AV vendors still rely on an external kernel module to implement 'real time' file scanning." The Inq also reviews AVG antivirus for Linux, and concludes it is a must-have
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:2005-08-18
'Except that, in order to do any damage to the system (such as get itself installed)"
It doesnt need admin privs for that, all it has to do is drop an executable somewhere, anywhere and then modify the user registry to run that executable on login. There's no limit to what such malware can do to a users files.
Member since:2005-11-11
"It doesnt need admin privs for that, all it has to do is drop an executable somewhere, anywhere and then modify the user registry to run that executable on login. There's no limit to what such malware can do to a users files."
User's directories should be mounted by the OS with "noexec" attribute. User's with normal permissions should have no permission to "drop" files anywhere else other than their own home directories ... which as I say should be configured such that the OS will refuse to execute anything that is stored there.
BTW, "Registry" is a Windows term. It is a place in Windows systems in which to hide the instructions to execute malware.
BTW: Windows has the exact opposite of the "noexec" (meaning do not execute from this location) concept. Windows instead has the "if it has an .exe extension, execute it regardless of what permissions it has or doesn't have, regardles of where it is stored or where it came from" concept.
Edited 2006-10-23 10:32
Member since:2006-06-21
It doesnt need admin privs for that, all it has to do is drop an executable somewhere, anywhere and then modify the user registry to run that executable on login. There's no limit to what such malware can do to a users files.
Except it would never run in the first place. Drop an executable somewhere? Where? Only the user home dir and /tmp are writable by the user. And it's very simple to mount them as separate partitions and flag them "noexec". I do that on all desktop systems I install. Poof, no more malware execution.
Modify the user registry? Are you talking about Windows?
Member since:
2005-11-11
"This has no relation to running as Administrator. Malware does NOT need or rely on administrative privs to do their dirty deeds."
Except that, in order to do any damage to the system (such as get itself installed), the malware needs escalated priveledges. This does in fact rely on the malware gaining administrative privs. If malware doesn't gain that, it can do only very limited scope damage to the one user. There is nothing to be gained (from the malware author's point of view) from deleting that users files, or corrupting them. So the "no gain, no pain" principle should be applied here.
There are just two things bad that can relistically happen: (1) install a keylogger for that one user, or (2) scan that user's file to seek personal info and send that back to the malware home.