trojan problem

Anders Karlsson trudheim at gmail.com
Fri Jan 27 13:58:18 UTC 2006 

On 1/27/06, Jeremiah Foster <jeremiah at easywebsite.se> wrote:
> On Fri, 2006-01-27 at 11:31 +0000, Anders Karlsson wrote:
> > Strictly speaking, a trojan is software that is malicious while
> > disguised as legitimate software.
>
> But a trojan requires installation. This often requires root privileges,
> which also requires much more than just clicking on a link.

And you don't think a trojan is capable of running as your user on a
system or install itself in your home-dir, modify your
.bashrc/.profile (*) to get run again when you log in next, or simply
launch a background process on a high port listening for connections?

(*) These are just _examples_, and crude ones at that, but I used them
to illustrate a point.

A trojan does not, contrary to popular belief, require root
privileges. It can do much more damage if triggered by root, but it
can do enough damage running as a normal user.

> > They exist for Linux as well (there
> > was one in the openssl or openssh configure script a while back).
>
> These are more like exploits than trojans. Any program you install can
> affect the system with unintended consequences, this does not make them
> trojans.

According to the strict definition, it was a trojan. It got installed
on the system by masquerading as something else. Fairly clever as well
as I seem to remember.

> > Linux is not invulnerable to virii, and there are hundreds of virii
> > for Linux, they just do not spread so easily. Because Windows has a
> > much larger install base, and usually less cluefull users, virii
> > writers targets Windows because the reward is bigger.
>
> Linux has a different security model, and a different approach to
> dealing with security issues. This makes it much more secure.

Only as secure as the weakest point, the user/admin.

> To say
> there are not inherent flaws in the Microsoft OS from a security
> standpoint is factually incorrect.

I've never disputed that. Just that it is irrelevant to the
discussion. All OS have flaws.

--
Anders Karlsson <trudheim at gmail.com>

More information about the ubuntu-users mailing list