[ale] RE: I'm really getting sick of these "vague" Linux virus announcements
greg at turnstep.com
greg at turnstep.com
Mon Sep 10 08:25:45 EDT 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> > Now I've seen a few of these Linux virus announcements over
> the last few months. Few details, little substance.
>
> The problem lies in the source. The source is a VNU news
> brief. News briefs tend to be...well, brief. What do you
> expect? :)
Well, how about some facts? How about less speculation and
scaremongering? They mention that Apache has a much
larger share of the webserver market than IIS and suggest
that a virus for Apache would be much worse than Code Red.
This is pure FUD. First, this particular exploit is in no way
related to web servers, as Code Red is. It has nothing to do
with it any more so than any other program on the Linux box.
Second, Apache has a totally different design than IIS and
will *never* be vulnerable to the same sort of exploit. It just
ain't gonna happen. Even if you could somehow pass it an
arbitrary command, Apache by default runs as a very low
priority user. Third, people who run Apache are more likely to
be involved in the nitty-gritty details of their box than their
point-and-click-install IIS brethren, and thus will detect and
patch problems more quickly. Fourth, it is not automated like
Code Red but requires active user participation to forward
it.
I agree with Bryan - this is poor news reporting, and told
us next to nothing about the actual virus, which is (IMO)
pretty harmless. When was the last time a Linux admin
you know received an attachment from someone (known
or unknown) in email with no explanation on it, saved it
to disk, set it executable, and ran it as root?
Greg Sabino Mullane
greg at turnstep.com
PGP Key: 0x14964AC8 200109100824
-----BEGIN PGP SIGNATURE-----
Comment: http://www.turnstep.com/pgp.html
iQA/AwUBO5yxK7ybkGcUlkrIEQIQogCgz8LxnvSJFehX4NHf9SHEIKYLFdIAnj8a
v+EOAM+JpaVLpdzsKHD6cfI6
=sZR7
-----END PGP SIGNATURE-----
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
More information about the Ale
mailing list