RE: [masq] 1st virus in Linux :( (fwd)

James Mohr (jimmo@blitz.net)
Tue, 18 Feb 1997 22:47:38 +-100


What I though was really funny in the McAfee press release was this part:

Although the virus does not operate under traditional operating systems such as DOS, Windows, Windows 95, Windows NT, NetWare and the Macintosh, files created in these aforementioned operating system formats and stored on Linux file servers are vulnerable to corruption by Bliss.

Maybe I am wrong, but isn't "tradition" something that is passed on from generation to generation? Can something that is younger *really* be a tradition?

This seems to be getting worse by the message.

jimmo

----------
From: Russ Allbery[SMTP:rra@cs.stanford.edu]
Sent: Samstag, 8. Februar 1997 16:17
To: submit-linux-dev-kernel@ratatosk.yggdrasil.com; Ambrose Au
Cc: webcomments@cc.mcafee.com
Subject: Re: [masq] 1st virus in Linux :( (fwd)

Ambrose Au <achau@wwonline.com> writes:

> In case you do not notice, there is a new destructive virus called Bliss
> which infects Linux executables.

> Its target is users who play games such as doom over the Internet with
> root access.

> Details at Mcafee's website: http://www.mcafee.com/corp/press/020597.html

This is not a virus in the way the term is used for operating systems
without memory protection.

Any program being run as root has priviledges to modify the file system
and do damage to your system; this is why you do not run general binaries
as root. All this is is a simple Trojan Horse, based on the idea of
getting stupid people to run unknown binaries as root, with an interesting
side twist of modifying other system binaries when it runs. McAfee's
statements about this are, at best, misleading. To quote from their web
site:

McAfee (Nasdaq: MCAF), the world's leading vendor of anti-virus
software, today announced that its virus researchers have discovered
the first computer virus capable of infecting the Linux operating
system.

Whatever you would like to call this, it quite definitely isn't anything
new. Trojan Horse binaries for Unix systems have been around for years,
as have Trojan Horse modified source distributions; there was a CERT
several years ago about IRC, for example.

The virus, which is called Bliss, is significant because many in the
Unix industry have previously believed that viruses were not a concern
to Unix operating system users.

The implication behind this statement is patently absurd. Obviously, as
anyone who knows anything about Unix is aware, if you run a hostile
program as root it can do all sorts of nasty things to your system. Duh.
Again, McAfee is attempting to portray this as some major new problem when
it's nothing of the sort.

We encourage concerned Linux users to download a free working
evaluation copy of our VirusScan for LINUX, which can be used to
detect the virus.

No thank you. Linux doesn't need a virus checker; Linux administrators
need to use some basic intelligence about what they run as root. People
who run binary-only packages obtained from untrusted sources as root on
their system get exactly what they deserve.

It looks to me like McAfee is attempting to use this as a publicity stunt
to promote their software business and to attempt to scare Linux users
into paying them money. I'll refrain from speculating about how much of a
threat a real operating system is to a company who makes its living on
protecting users of less sophisticated operating systems from their
inherent limitations.

McAfee just flushed all respect I had for them down the toilet.

-- 
Russ Allbery (rra@cs.stanford.edu)      <URL:http://www.eyrie.org/~eagle/>