New Computer? Six Steps to Safer Surfing
Matthew S. Hallacy
poptix at poptix.net
Tue Dec 21 11:40:36 UTC 2004
On Tue, Dec 21, 2004 at 09:40:10AM +0000, Adrian Chadd wrote:
> No, wrong. Modern botnet type software can run as a non privileged user
> on most Unixes. It still has enough privilege to cause great harm.
> Spyware may require a little more privilege to be a bother.
>
It's not snarfing passwords, it's not using raw sockets, it's not hiding
itself on the filesystem, it's not infecting or replacing binaries, it
has limited functionality for restarting itself (cron, bash_login?), it's
trivial to clean up.
Nobody said *nix wasn't vulnerable, it's simply less vulnerable and the
level of penetration can be severely limited.
In response to the post by Christopher Morrow, the typical *nix desktop
(should|is) not running apache, sshd, portmapper, etc. And sendmail is
installed listening only on the loopback interface from RedHat 9 onward.
The point being, you don't need a firewall. You need to turn off/remove/fix
the services that are causing the problem.
--
Matthew S. Hallacy FUBAR, LART, BOFH Certified
http://www.poptix.net GPG public key 0x01938203
More information about the NANOG
mailing list