He has a very valid point...
There are plenty of idiots willing to pay money for snakeoil thou, and many big companies selling it. (tarnishing their reputations in the process).
Me, I use Mcvities Antivirus.
Google's open-source program manager has launched an entertaining rant against firms offering mobile security software, accusing them of selling worthless software and of being "charlatans and scammers". Chris DiBona, Google's open-source programs manager, argues that neither smartphones based on Google's Android nor Apple's …
It isn't "harder" to write a *nix virus but it is really very, very difficult to get said virus to actually infect the OS without explicit permission and even if you somehow manage to go there, its even harder for the virus to infect the actual system ... if a user account is compromised, delete it and make a new one. Probably reducing that user's range of permissions in future.
It is astonishing how badly this is not well understood by non-Linux/Unix users. If Windows had Unix-like constructs with regard to users, permissions and what is and isn't recognised as an executable file, from day one, it would be very much more robust today -- not infallible to be sure -- but really very much harder to totally work over by a virus or malware.
MS should just put a Windows overlay on a Linux kernel and be done with it. Sure, it would break backwards compatibility in a lot of ways but at the moment MS seems not to care as much about that as they once did.
"is Windows had Unix-like constructs with regard to users, permissions and what is and isn't recognised as an executable file, from day one, it would be very much more robust today "
While Least Privilege existed as you described it in Windows since NT 3.1, 2K was the first release that started shipping with the file system defaults that take advantage of it.
OK sure, I will blame Microsoft for not supporting it in Office 97. Beyond that, blame third parties for writing crap that insists on admin / root prvilege to run.
>>OK sure, I will blame Microsoft for not supporting it in Office 97. Beyond that, blame third parties for writing crap that insists on admin / root prvilege to run.
I am curious to know what makes Windows software authors be so unprofessional and why is it so different for Linux and *BSD (et cetera Unixes) where such problem does not exist? BTW, why does MS Windows by default would execute a file with a proper extension ? It would be quite dumb likewise when a user clicks on a file without any extension?
"I am curious to know what makes Windows software authors be so unprofessional."
I've been seeking the answer to that question for six years, now.
While I'm at it, I'm also wondering why the more expensive the application, the more likely it is to break. I can buy a bargain-bin game (Singularity) that will run with least privileges on Windows 7, yet I can't buy a million-dollar point-of-sale system, marketplace system, or hospitality system that does.
(I can't say which systems without risking my career. Maybe that's part of the problem.)
I do agree with you. Not necessarily expensive, though. Consider an Adobe pdf reader. It it is a piece of insecure lumber compared to evince, xpdf, kpdf and such. Take another Adobe's pos, flashplayer. I still do not understand, why does it need 5-10 times more CPU time than mplayer, vlc et many not al. Even when a movie is being downloaded on pause it manages to make my fans roar, while a simple and reliable flvstreamer needs only a tiny 1% of CPU to do the same job on RTMP protocol.
Also, I guess that, the lack of Unix or other reasonable culture on Windows has to be blamed upon the Redmond-based parent . My surmise is itself caused by my own experience as a user of the MS Windows (in the past) and GNU/Linux, *BSD currently and in the future ( provided M$ wont' stifle the latter to extinction). The Unix-based is more motivating, encouraging for learning than the former. It might also be well applicable to many software writers.
This all converges to the mother of all causes, the nature of software. Namely, whether it is free or imprisoned. Say, would it be possible to create and maintain something equal to Emacs or vim. Linux or BSD kernel, GNU software, Apache or nginx web server, etc...? The Unix perfection itself owes it so much to the ability to freely use, copy, change and redistribute.
"This all converges to the mother of all causes, the nature of software. Namely, whether it is free or imprisoned." [...] "Unix perfection itself owes it so much to the ability to freely use, copy, change and redistribute."
Do the words "Unix" and "perfection" belong in the same sentence?
"Free" (GNU) software can be just as secure or just as broken as so-called "imprisioned" software. Quake II is GPL-licensed now, but its current (3.21) release makes the same stupid mistakes as current releases of Oracle's SQL client on Windows. Likewise, the last time I tried making Quake II work on some distro of Red Hat Linux, making OpenGL (um, pardon me, "Mesa3D") work required root access.
This is all "original research," true enough. I can only claim that I made Quake II work for non-admins on Windows, and have made source code to my mods available per GPL terms. I couldn't make Q2Linux / Mesa3D work.
MS encouraged developer laziness with DOS, Win 3.1, 95, 98 and ME. But all I've heard after XP SP2 was how terrible MS was for breaking old stuff, even though devs had four or so years to fix it since 2K came out. None of these changes were secrets; there were four editions of Advanced Windows out before then.
As for expensive, that's just an observation; the more expensive an application is, the more likely it is to not work as a non-admin. That's developer inertia (laziness). If I had the time I'd like to go through all of the GPL-licensed software for Windows; I'd bet I'd find as much admin-needing code there as I would in the commercial world.
(A lesser man might claim a conspiracy; "GPL authors make Windows versions less secure to encourage moving to Linux." Not true; I'd claim GPL authors are just as lazy as commercial ones.)
I think it would be a mistake to assume you've solved your infection by deleting the user. Once you have a login of any sort, privilege escalation is possible--here's a couple options that were posted on one site, within the last month: http://www.exploit-db.com/exploits/17932/ http://www.exploit-db.com/exploits/18105/
Have you killed off every process he started, even the ones that hide themselves? Did you remember to look for cron jobs? Running services? Scheduled "at" tasks? Maybe some other user left his .bashrc world writeable, so now the next time he logs in it'll launch a backdoor-type service and your attacker is right back in.
I saw a very interesting demonstration once. Using something like Flashrom (http://www.flashrom.org/Flashrom), you can reflash the bios while the system is running, needing only root access (and sometimes not even that). In the demonstration, they reflashed the bios with a slightly modified version; everything worked normally, with the added "feature" that if you booted the system with a file named "xyzzy" in /tmp, the BIOS would read your filesystem and make it SUID root. There's a local exploit that will not go away no matter how many times you re-install Linux.
Nuke (from orbit), because that's the only way to be sure.
>>Have you killed off every process he started, even the ones that hide themselves? Did you remember to look for cron jobs? Running services? Scheduled "at" tasks? Maybe some other user left his .bashrc world writable, so now the next time he logs in it'll launch a backdoor-type service and your attacker is right back in
The default perms for files created by a user is -rw-r--r-- 1
$pgrep -u user # to see processes run by the user user, or
$top -u user #or press u in the top session to provide the name
#pkill -u user
will kill the all processes
One of your links' exploit did not work for me and no escalation was possible. Did not check the other one.
I myself think that if a serious suspicion comes up, one should reboot to runlevel 1 to the single root shell and issue deluser or userdel command. That wont remove the home dir as well, one can if necessary.
Having said this let's remember that 99% of Windows malware come from the internet and self-execute by even by system sometimes. This would be a painstaking task on a POSIX system. One has to grant +x permissions to a file. On Windows, default is to judge according to the extension.
Precisely.
Also, what is marked +x for one user isn't going to be so for another -- and certainly isn't going to wind up in /bin or /opt or any other system level directories. Nor is it going to be able to replace any system level file with a malicious copy.
I can make a user's range of permission very local and limited. Anything that does get through is going to be trapped at the user account which I can pkill and remove.
Also *nix doesn't just blindly execute files based on file extension ... something that Windows still does.
While it is true that there are snake oil salesmen in the mobile security business (which field of business doesn't have them?!) - like scanners with pitiful detection rates and overblown estimates of the number of Android malware programs out there - this DiBona chap is so full of it that it's not even funny.
Smart phones are not "inherently more secure than PCs". Just like with the PCs, the weakest link is the user. The user would install anything from anywhere without ever stopping to think. And it's kinda difficult to protect people from themselves, you know? No solution is fool-proof, because the fool is always bigger than the proof...
Mobile malware hasn't caused "much of a problem"? OK, let us assume, for the sake of argument, that it has hit only ONE user (in reality, thousands have been hit, but humor me). That certainly wouldn't be "much of a problem", compared to the millions of smart phones out there, right? Now, stop and think for a moment. What if that ONE user was YOU? Do you still think that protection for mobile devices is useless because malware "isn't much of a problem"?
No major cell phone has a virus problem?! I guess, he doesn't count Nokia as a major brand of cell phones, then. In the early days of Symbian (S60) - the OS that most Nokia smart phones used - many mobile viruses spread accross such phones over Bluetooth and MMS.
Regarding the "no Linux desktop has a real virus problem" crap, with the risk of being flamed by all the Linux fanbois here, I'd say that it again depends on how you define "no" and "a real virus problem".
One more point regarding the "snake oil salesmen". Please note that many (most?) Android security vendors offer their scanners for FREE and only sell for money their other, non-malware related cervices, like backing up the information on the phone into the cloud, tracking the phone, locking the phone and so on. You can hardly call a "snake oil salesman" somebody who is giving you their product for free. Or is Mr. DiBona actually claiming that the other security services are worthless?!
Now, speaking of worthless and incompetent stuff, how about a long and hard look into the Android security model, huh?
1) Android, out-of-the-box would install and run any signed app (if configured to use alternate markets). Signed by anyone, I mean. As opposed to that, the iPhone would run only apps signed by Apple. That's not necessarily a good thing - personally I'd take malevolent freedom over benevolent dictatorship any time - but it does have a negative impact on security.
2) Android is plagued by bugs, exploited by the various rooting exploits, the fixes for which take ages to reach the end user. This is not only Google's fault - much of the blame falls on the mobile operators - but fact is that Apple's model provides better security in this aspect too.
3) Android has the same user-incomprehensibility problem that has plagued the Windows security software for ages. You download an app. It tells you that it requires X, Y and Z rights. The vast majority of people have absolutely no clue what these rights really mean and why the app might need them. Android's description of them is pitiful. The responsibility for making a correct security decision is dumped entirely on the user. In such a situation, most users will fail to make the correct decision.
Why is it not possible to grant only some of the rights that the app requests?!
Why is it not possible to change later the rights granted to an installed app?!
This post has been deleted by its author
Доктор Васелин,
>>What if that ONE user was YOU?
We're talking about the risks, simple probabilities. A low risk threat is than the (much) higher one. It's NOT that GNU/Linux, FreeBSD are completely devoid of any risk of getting a malware, it is just the overall probability is much lower then on Windows. It is partly explained by Craiggy (above) http://forums.theregister.co.uk/user/44832/. The sandbox security Android model makes it even more secure than a regular distro. However, a lack of secure repository diminishes this advantage and makes Android lose against the distros and* BSD. Android users do also tend to be less educated (in IT).
>>Android has the same user-incomprehensibility problem that has plagued the Windows security software for ages. You download an app. It tells you that it requires X, Y and Z rights. The vast majority of people have absolutely no clue what these rights really mean and why the app might need them.
I am curious, what similarity with Android permissions do you find when want to install a 3-d-party app on Win7? Where does it specify permissions? Permissions do not exist for apps on windows. There are no virtual users or groups, there is only the system .
Permissions are pretty straightforward. A game that wants to access your mailbox, texting and phone making is a suspicious app, or maybe a poorly written piece of crapcode.
Mere common sense, ability to read in English, Bulgarian or whatever language, is enough. Information is a power indeed.
Whereas on Windows one lacks such information, no matter how much knowledge she or he might have, it yields very little strength. They can only say "In AV we trust!"
I think the real reason why we haven't seen mobile virii take off is simply a case of economics. The time spent creating a mobile virus could be used to create a windows virus that has a much higher payoff rate.
In other words, You can either try to fish where there are a lot of fish, or very few fish. Windows has more fish.
"The time spent creating a mobile virus could be used to create a windows virus that has a much higher payoff rate."
I'm not convinced. That argument might work for Linux and Mac, but I don't think it sticks here. The number of smart-phones is accelerating fast, and phones are on 24x7. PCs are often switched off. If you infect a phone and make it broadcast spam at 4am the chances are that it will be awake to do so and its owner will be asleep.
"Talk of exponential malware growth is justified but needs to be put into context, that the huge rise is coming from a base of almost nothing and that the raw figures remain trivial compared to the Windows virus plague."
That's true, but not really relevant: you only need to be infected by one strain for it to ruin your day.
Tux - but only after he gets his shots.
"No major cell phone has a 'virus' problem in the traditional sense that Windows and some Mac machines have seen,"
Mac? Is that a joke? I've used Macs since the late 'seventies - never had a virus, never used an antiviral program. And believe me, I go where mortals fear to tread on the Web. Security is built into the Mac OS from the ground up; it's a grownup's OS, not one made by kids in a high school lab in Seattle.
Reminds me of the anecdote about the farmer who, plagued with rats, decided to buy a cat. The rats, alarmed, had a meeting. They decided to tell the farmer that if he wouldn't buy a cat they wouldn't buy a cat. Good idea; you don't get an antiviral for your Android and I won't get one for my iPhone, iPad and eight Macs. We'll see who comes out on top.
"Security is built into the Mac OS from the ground up".
Correction: the only thing 'built into Mac OS *from the ground up*', is the flavour of Unix that *is* the Mac operating system, and that, sure as me2Phones are me2Phones, wasn't built by Apple. It was 'borrowed', in the best Apple traditions, as heJobs, himself, boasted in the late 90s (about Apple's use of other people's ideas, that is).
The part that Apple added was the shiny, pointy, clicky, swipey stuff, stuck on the top of the OS, which some swoon over and others think is just a little shell-suit-style tacky. This, the GUI, is not at the heart of any security claims. The OS (Unix) is, and credit for that goes right back to the original design at Bell Labs in the 1960s. For that, Linux users tip their hats in gratitude and give due credit, whilst Mac fanbois, albeit usually in ignorance, mostly tend to believe that iJobs actually knew something about software, perhaps even wrote some. Such is the faith of true believers.
"Security is built into the Mac OS from the ground up".
Correction: the only thing 'built into Mac OS *from the ground up*', is the flavour of Unix that *is* the Mac operating system, and that, sure as me2Phones are me2Phones, wasn't built by Apple. It was 'borrowed', in the best Apple traditions, as heJobs, himself, boasted in the late 90s (about Apple's use of other people's ideas, that is).
The part that Apple added was the shiny, pointy, clicky, swipey stuff, stuck on the top of the OS, which some swoon over and others think is just a little shell-suit-style tacky. This, the GUI, is not at the heart of any security claims. The OS (Unix) is, and credit for that goes right back to the original design at Bell Labs in the 1960s. For that, Linux users tip their hats in gratitude and give due credit, whilst Mac fanbois, albeit usually in ignorance, mostly tend to believe that iJobs actually knew something about software, perhaps even wrote some. Such is the faith of true believers.
This post has been deleted by its author
No - that was Buddy Holly. (Lotta people make that mistake - the names sound similar.)
Actually he's dead as a result of being torn to shreds by piranhas in the NYC sewers while searching for alligator viruses.
Poor old Peter gave up his life in vain. It was a futile search based on a false positive. The piranhas had killed all the alligators (and all the android viruses) years earlier.
Viruses spread from one device to another, doing so on a phone would be quite difficult (not impossible, if you theoretically could find exploits for SMS or MMS it could spread from phone to phone by silently messaging your friends the equivalent of a "check out this picture" spam email) Trojans can be/are an issue on Android since there is nothing stopping a developer from inserting one in his software.
All you need is a free app that becomes popular and well used and an evil author who decides the best way to monetize it isn't to have a paid upgrade that's ad-free, but instead have his next new version send texts to premium SMS numbers or whatever other scam he comes up with. This can't happen on iOS due to Apple's control (many Android users would say control freakery) of its app store, but the Android app store offers no such protection. If such an "upgrade" was silently introduced, then activated later after a million downloads, the guy could retire richer than any developer save the guy who did Angry Birds. Obviously he'd be found out and everyone would delete the app, but if he's already made millions and got away, he doesn't care that his reputation is ruined.
I think it is only a matter of time before something like this occurs. I suspect that antivirus software probably wouldn't help much though; until the trojan is activated they wouldn't know to stop it, and then would take a day or two (at least) to come up with a fix and get it uploaded to subscribers' phones. Too late by then, you may not even realize you were hit until you see next month's wireless bill.
Kernel.org was rooted in a malware attack earlier this year.
I'm assuming those developers and the servers are not running Windows....
Anyone who believes their choice of O/S makes them immune to malware is misguided.
Any O/S is potentially vulnerable - if Linux was immune, then you wouldn't ever see security updates issued.
Windows is an obvious target by virtue of the huge numbers of people using it, and the proportion of those who are not tech savvy people and are thus more easily fooled into accepting infected documents, less likely to patch their machines, and so on.
The developers of the Linux kernel are highly tech savvy users, running linux, and yet they fell foul of malware.
The biggest threat is over-confidence and if this is the attitude of android developers then I am jolly glad I don't run it because they are asking for trouble if they believe that they have structurally designed out the possibility of malware.
Who told you that the kernel.org break-in was a result of a malware infection? The original story mentioned compromised ssh-key and/or password account. A few (two, actually ) servers were cracked, not all of them.
My question is , have you ever heard of a single *nix break-in by means of opening an email body/attachment, clicking on a web link, visiting a website, inserting an "infected" (floppy/cd/dvd) usb disk, automatic RPC-like spreading, installing an infected software from a central repo or *BSD ports ?
I always adore those relativistic comparisons, when the Lorentz transformation is applied to a log (millions of documented automated infections) in the MS Windows' eye to obtain a speck similar to that in the FOSS' eye with a few incidents of single break-ins. Consequently, the Windows' log must be moving with the velocity close to speed of light. QED Special theory of relativity is at work once again, special it is indeed!