Re: Antivirus? (and firewalls)

[JF Martinez <jfm2@club-internet.fr>]

> Lee wrote:
> >The best thing we can do is to educate
> >people about the dangers of running as root.
> 
> Agreed, but all too many programs -must- be run as root, or at least be
> given root privileges. As distributions become more user-friendly, the boost
> in popularity is likely to attract twisted minds to create more native Linux
> viruses, worms, and trojan horses. 
> 

For now we have no virusses on Linux but setuid programs could be used
for spreading them.  Of course it is far easier to keep track of a few
setuid programs as of every program like it happens in Linux.  However
sooner or later measures will have to be taken for ensuring root
doesn't run unsecure software.


> Along with native virus scanning software, I wonder if it would be practical
> to create a software "sandbox" in which to test potentially malicious
> programs? They would be allowed to run as root, but certain system calls
> would be intercepted. 
> 
> 
> >If we could make a GUI for IPchains, and make it easy, 
> >it would be something that would get a lot of good
> >publicity for us.
> 

IPchains is very advanced networking, not exactly our ecological niche.

-- 
			Jean Francois Martinez

Project Independence: Linux for the Masses
http://www.independence.seul.org