[clue-tech] Linux vs. Windows security
marcus hall
marcus at tuells.org
Fri Jan 22 08:46:49 MST 2010
On Fri, Jan 22, 2010 at 07:04:13AM -0700, Bruce Ediger wrote:
> Making "documents" executable is probably the biggest reason for wide-spread
> file-infector viruses and trojans. Only Windows and MacOS treat documents as
> "executable" and they both have had plagues. Passing around executables in
> grossly buggy email clients like "Outlook" makes Melissa and "ILOVEYOU" and
> Klez and ... possible. Somewhere, I read that before Outlook, if you'd mentioned
> making email content executable, people would have looked at you like you
> had a hole in your head. And that's very true.
>
> Some other technical things that Windows has that aid malware: the way you
> mark a file "executable" is by giving it a special "extension". You know,
> ".exe" or ".com" or ".bat" or ... No official enumeration of executable
> extensions exists. Every once in a while, some fool comes up with a way
> to use an odd extension (.pif, for example) that's executable at least under
> some circumstances, to spread stuff. I think the old Nimda worm used this
> sort of thing. Infected ".emf" files have also been used.
Alas, linux is not as immune to this as one would like. In an effort to
seemingly imitate windows, files that end in ".desktop" may be executed
even if it does not have the execute bit turned on, if gnome or kde can
see it...
marcus hall
marcus at tuells.org
More information about the clue-tech
mailing list