Measure the test taker's knowledge about how to write a Linux virus.

This article is from Larry Seltzer's blog in eWeek. The blog column is cheap hack. This article discusses how to write a Linux virus for security defense.

Everyone knows that Linux does not have viruses or similar things. Some people further infer that Linux is immune to viruses and other things, because it is designed so well, as does Macs. In fact, this is wrong.

In Geekzone, a blogger named foobar wrote an article titled "Linux virus" in five steps. Although the article is about how to create a Linux virus in name, actually, it tells readers how viruses work in the real world and how fragile Linux is.

In addition, the difficulty of foobar article is not how to write aggressive code on Linux, but more importantly, how to infect other Linux operating system computers. In fact, foobar's virus attack is basically a Trojan Horse attack, and foobar clearly states that the Trojan Horse attack is a common pattern of Windows viruses.

Some people point out that foobar attacks are not strictly targeted at Linux, but GNOME, KDE, or other higher-end software. This is indeed true. In fact, this provides users with protection information: many computers run Linux, and many computers run GNOME or KDE. After the attack, both of them attack Linux. Didn't Windows attacks begin with attacks on software such as Office, Flash, and Acrobat?

Foobar uses adding attachments to e-mail to spread viruses (of course, the mail title should be attractive to entice users to click). This method is not appropriate. Because the e-mail program on Windows removes executable attachments, And the Webmail Server has AV antivirus browsing, therefore, the common method is to add web links to e-mail to spread viruses. In this regard, Windows and Linux are not much different.

It is also very important to make the virus run on Linux. In Windows, once a user downloads a file and runs it, the file can be executed only when the execution permission (execute permissions) is run. Execute permissions is available for Windows, but they are enabled by default. Foobar uses a similar method: KDE and GNOME have a device called launchers (whose file name ends ". desktop "), it can execute a separate command without the need to execute the detailed settings of the license. This is a long-standing problem and is also the main weakness of Linux used by foobar (it should be said that it is the main weakness of KDE and GNOME ).

The core content of the Foobar blog is no stranger to us, but we can see that there are many viruses on Windows, not because the operating system itself is more virus-friendly, but some vulnerabilities. In addition, almost everything that prevents viruses from developing on Linux is used in Vista SP1.

What Should users do? We recommend that you do not click attachments not unknown on Linux, but do not click web links in Windows. In addition, he personally suggested to solve the. desktop Vulnerability in KDE and GNOME. I suspect this will be highly opposed, because as an end-user system, this greatly reduces availability and reading.

The Foobar blog also reveals other problems: There are many privilege elevation vulnerabilities in various Linux systems that require local reading, if the user does not upgrade completely (Windows users also need to be cautious about this), The foobar virus will get your local reads, and the attack decides which privilege escalation (privilege elevation) bug to use. Many Linux users do not know how to upgrade vulnerability patches to block privileged processes (such as Samba) and expose the vulnerabilities to hackers.