All the latest UK technology news, reviews and analysis
|
|
|
12 Sep 2001
The Remote Shell Trojan, disclosed last week by vnunet.com, has sparked a storm of controversy among Linux devotees who are arguing fiercely over the degree of danger posed by the exploit.
Users logging into slashdot.org to discuss vnunet.com's coverage have highlighted the sensitivity of the issue for the Linux community.
"It sounds like this thing only 'spreads' (if you can even call it that) when someone is brain-dead enough to READ their EMAIL as a user who can WRITE to IMPORTANT BINARIES!" said one user.
"As viruses go, this is pretty pathetic, and prompts one to question the competence of anyone who thinks it is significant. The email-vector mechanism can't even take advantage of address books, since Unix mail clients are so far from standardised," the user added.
"The majority of Linux users are not morons around computers," claimed another posting. However, one user conceded that, as Linux becomes more widespread beyond the technical geek world, the risk will be much worse. "This could be a big issue when Linux is used in offices (where the 'dumb' people work). Not everyone is a *nix guru," said the posting.
Judging by the growing number of Linux and other operating system machines exploited every month, there are an increasing number of "poorly administered" Linux boxes out there. Figures from Attrition up until April show that around 300 Linux boxes are exploited every month. This is less than the figure for NT boxes, but it is still worrying.
Paul Rogers, network security analyst at MIS, pointed out that security in any environment comes down to security policy. "You do find poorly administered Linux boxes, just as you find poorly administered DNS servers, and just as you find poorly administered machines running any other operating system."
The risk the Remote Shell attack poses is reduced, said Rogers, "because Linux-based Trojans and viruses need more social engineering to get executed because of the way, for example, Linux mail clients are written".
Despite this he warned that the danger has not gone away. Linux, as with any other operating system, "is only as secure and efficient as the people using it", he said.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Sneak peek at the forthcoming glass-based machine
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Roc Search (ISEB, Automation, QA, Agile, Manual, Automation...
My Client is a reputable WORLD WIDE Systems Integrator...
My Client is a reputable WORLD WIDE Systems Integrator...
My Client is a well funded specialist in delivering secure...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?