Alexander Klimov wrote:
> On Thu, 27 Mar 2008, Adam Pal wrote:
>
>> i see no difference between the usual Windows-user and the
>> linux-user who stays logged in as root on his KDE and surfs on the
>> web (yes, such behavioral patterns exists *G* ), so from this point
>> of view, in certain circumstances linux viruses propagate similar to
>> windows-viruses.
>>
>
> Probably they can, but do they really?
>
> Consider, for example, an attack described by F-secure
> <http://www.f-secure.com/weblog/archives/00001406.html>.
>
> When you open the attached PDF file, you actually get a real
> PDF document with a relevant statement. However, this is not
> a normal PDF document. It contains a modified version of
> a PDF-Encode vulnerability to exploit Adobe Acrobat when the
> document is opened. The exploit silently drops and runs a file
> called C:\Program Files\Update\winkey.exe. This is a
> keylogger that collects and sends everything typed on the
> affected machine
>
> Is it possible to write a keylogger for Linux and construct such
> an attack? Sure. Are where enough Linux users to justify the cost
> of development? No! And, by the way, almost for sure an exploit
> against Adobe Acrobat will not work with xpdf, plus there is
> a good chance that an attack developed for Red Hat will not work
> on Debian (or vice versa).
>
>
I don't normally respond to these things but I can't help remember a
comment in a file on a Mac server that was compromised a while ago:

"Note: this is effectively security by obscurity and will only serve to
deter rank amateurs."

Being different does have its merits in security but does not mean that
it won't happen and if you look at the trends of software you can tell
that as soon as they are advertised as "secure", everyone starts using
it - and someone develops exploits as a result of a larger target base.

Just my two cents...

[ reply ]