The first worm that spread over the Internet was a Unix worm, in
1986 -- using a text editor that ran with super-user privileges.
I've had one of our Linux systems penetrated successfully -- caught
a few minutes after the penetration, so I got to watch the result
on a network monitor. The fun part was calling the guy's ISP while
the attack was in progress, and actually getting a Unix admin who
could work with me to roll the guy up. But it was a Unix attack,
not a Windows attack.
Right. Again, a worm is not a virus. Your Linux box was not
infected with a virus; you were hacked. (Nice work nabbing the
attacker though.)
The Morris Worm, which I vividly remember, caused damage b/c at the
time too many sites were lax about security. It caused NO damage to
those who had heeded the repeated warnings and properly secured
sendmail. But at the time most systems were considered playgrounds,
and anyone could open the gate an play around. This was best
demonstrated by tourist accounts. I don't think too many
installations permit tourists anymore, though the culture is still
very ingrained at the AI Lab.
Any of the social-engineering techniques that work to spread email
worms on PCs will work on Macs, and probably better, since the Mac
community hasn't been repeatedly challenged with such techniques.
An email worm doesn't need admin privileges to spread. [...]
Okay, I will stop now, since this has simply become a squabble over semantics.
I'd disagree with the last sentence on more than semantics.
In my first message I simply disagreed with a proposition that it
is inevitable that OS X will be plagued with viruses.
I'd disagree too. What I would say is that Mac sysadmins as a group
have less experience dealing with unix systems and are more likely to
have developed bad practices from their classical days. This will
change though as more ppl cut their teeth on OS X. But we will still
have those that refuse to consider what's under then hood and try and
recreate the old bad practices.
The fact is that there are no know viruses on the Mac OS X platform.
That statement is a fact. To call this script (opener)--which must
be installed, knowingly or unknowingly, by an administrative user--a
virus is factually incorrect.
Nor is it a worm, nor is it a trojan. As of yet it has no vector
other than stupid admins. In that case it's more of just shooting
yourself in the foot. Do we have a word for this behavior yet?
Yes, OS X has and will be effected by bugs and security holes
(every operating system is), but I contend that it will be a very
long time before a true virus will make its way onto the platform.
There is a difference between a vulnerability and an exploit. While
it's not uncommon that a vulnerability may be found in components we
find on OS X (ssh, ssl, apache, just to name a few we've seen) this
doesn't translate into exploits. There can be a vulnerability but
unless you have things configured in a particular way you're not
likely to be affected by it. We've seen this several times already.
That is just because there is a vulnerable situation doesn't
translate into exploitability.
But vulnerabilities and virri are two different animals too. A worm
is more likely than a virus on OS X or any unix. Virii in the unix
world are VERY VERY rare.
--
-dhan
------------------------------------------------------------------------
Dan Shoop email@hidden
Consulting Internet Architect email@hidden
AIM: iWiring http://www.iwiring.net/
Skype: danshoop http://www.ustsvs.com/
iWiring designs and supports Internet systems and networks based on
Mac OS X, unix, and Open Source application technologies and offers
24x7, guaranteed support to registered clients, at affordable rates.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
