Fw: Re: Possible security hole for Dialers/troyan horses

Tim Newsom cephdon at gmail.com
Mon Mar 5 17:37:11 CET 2007 

Sorry, got caught in the reply to issue.

-----Original Message-----
From: Tim Newsom <cephdon at gmail.com>
To: Nad.Oby at gmail.com
Subject: Re: Possible security hole for Dialers/troyan horses
Date: Mon, 5 Mar 2007 7:02:58 -0800


On Mon, 5 Mar 2007 0:05, Evgeny wrote:
> On Fri, 2007-03-02 at 07:35 -0800, Tim Newsom wrote:
>>  On Fri, 2 Mar 2007 6:09, Evgeny wrote:
>>  >
>>  > It still Linux based phone — there is absolutely no real-life 
>> viruses
>>  > for Linux at this time, trojans are possible treat, but user have to
>>  > install them by himself.
>>
>>  That's a pretty strong statement.. Are you absolutely sure there are 
>> no
>>  viruses for linux in the wild?
> Nope.
> If you find one, let me know I'll get, compile $ run "the beast" a
> little (In virtual machine of course).
> Well if & then you speak about trojans, the cure is "DO NOT INSTALL
> THEM". Security holes may exist, but patching them is simple then you
> know about them, and in OpenMoko it will be automated by "ipkg".
> Read trough  http://tldp.org/HOWTO/Security-HOWTO/ it contains some
> basics of security in Linux.
> When we will speak  the same language.
> There is no Norton Internet security, that can protect you from unknown
> treats. When you know about trojan or something, you simple don't use
> (it if you don't wont to).
> --
> Sincerely Evgeny

I realize nothing can protect you from every possible manner of attack, 
but I do know there are vulnerabilities that exist in linux.  If not, 
SELinux would not have been necessary.  If you say there are no viruses, 
I would say that's either because no one has written them or they are 
just not popular right now because windows is a much easier target to 
hit.  My statement was that something like Norton Internet Security 
combined with the ability to run programs in isolated memory should 
provide a lot of protection.  The isolated memory would prevent the 
infected programs from accessing the memory of other running programs 
(something that's possible on windows for sure) and the anti-malware 
program could do like someone previously suggested and check a hash of 
the program to see if it is a known and accepted version with allowed 
rights, etc.  Maybe check the hash and a signature so show 
authenticity?

While you can't detect unknown threats automatically (though I thought 
an anti-virus company said they could do that recently) you can block 
the unexpected behaviors automatically and recommed to the user certain 
actions.

Remember, there are rootkits out there too. Maybe it would be nice to 
have a startup mode where the system goes into rootkit detection mode 
and scans the physical memory of the device and filesystem or 
something.

Regardless, I think its better to have a pound of caution when a half 
pound would do...
--Tim
--Tim

More information about the community mailing list