[unisog] Dropping executables - who does it?

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Tue Feb 10 03:47:08 GMT 2004


On Mon, 09 Feb 2004 15:44:10 EST, Michael Sofka <sofkam at rpi.edu>  said:
> But, there are Linux trojans and worms (do google searches of slapper
> and bliss, for example).  It's been 17 months since any made
> headlines (an eternity in Internet years), but they do exist.  In addition,
> some windows viruses can infect applications run under WINE.

I was around for slapper.

I was around for Bliss.

I was around for Lion.

I was around for *MORRIS*, for that matter.  Now, what were you saying
about eternities? ;)

So nobody needs to tell me "they do exist".  However, security is about
trade offs - what's your best payback for effort, and are you spending more
on security than you're likely to lose?

Which is more likely to produce *effective* results:

1) Buying an A/V package for a single-user Solaris workstation that scans
for PC viruses (when the box isn't even a mail or file servers).

2) Buying an A/V package for that Solaris box that scans for Solaris
viruses and worms.

3) Shelling out for a copy of the SANS Step-by-step for Solaris and a
copy of Tripwire (or a copy of the Center for Internet Security benchmark
for Solaris and the freeware Tripwire, and a long afternoon, if your budget
is tight).  Won't stop many viruses, but will help with all the OTHER attacks
that Solaris boxes *are* prone to...

Now, what can you conclude about the all-too-common site that blindly
mandates (1) or (2), but *doesn't* require (3) just to connect to the
network?

And as the original poster has *already* clarified, their site *does*
realize the truly poor price/performance of Unix/Linux A/V and is willing
to grant exemptions.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20040209/812574b3/attachment-0003.bin


More information about the unisog mailing list