yoshida@tansei.cc.u-tokyo.ac.jp (Yoshida) (06/20/91)
Hello NeXT-Net-sters! It occurred to me that I've never seen any discussion about *viruses* in this group...? Is the NeXT "virus-proof" or something? -I couldn't find any mention in the documentation in Librarian...? I'm ah wonderin? Paul Abramson Email address: yoshida@tansei.cc.u-tokyo.ac.jp
john@csrnxt1.ae.utexas.edu (John R. Schutz) (06/20/91)
yoshida@tansei.cc.u-tokyo.ac.jp (Yoshida) writes: >It occurred to me that I've never seen any discussion about >*viruses* in this group...? So far, there have been no occurences of viruses on the NeXT, at least not that I'm aware of. > Is the NeXT "virus-proof" or something? Not at all. But under any derivative of Unix, it becomes fairly tricky for a virus to propogate, due to file permissions, etc. Of course, is something was suid root, then... > -I couldn't find any mention in the documentation >in Librarian...? You probably won't find any kind of virus documentation from any computer vendor. It doesn't really inspire a person's trust, ya know? Now that you bring it up, anyone have any ideas of how a DOS virus would act under Soft-PC? john -- | John R. Schutz | Email&NeXTmail: | | A learning NeXTie | john@csrnxt1.ae.utexas.edu | | (512)328-0587 | The 23rd periodic element is Vanadium | | 3009 Hatley Dr., Austin, TX 78746 | 'V'. V is roman numeral for 5. Hmmm |
nigelm@ohm.york.ac.uk (Nigel Metheringham) (06/20/91)
In <618@tansei1.tansei.cc.u-tokyo.ac.jp> yoshida@tansei.cc.u-tokyo.ac.jp (Yoshida) writes: >It occurred to me that I've never seen any discussion about >*viruses* in this group...? Is the NeXT "virus-proof" or >something? -I couldn't find any mention in the documentation >in Librarian...? There is a small mention in the back of the paper Network & System Administration Manual. Basically there aren't any real viruses in the Unix world at present (yes, I know about the various test viruses which have proved that a fairly simple virus can infect all users areas on a machine quite easily, although spreading to naother machine is more difficult). The NeXT, I'm afraid, is a prime candidate for the first widespread Unix (or Mach to be picky) virus. My reasons for saying this are:- 1. Most software distribution is done as binaries 2. I think many people have not read the security related stuff in the manuals, and still fewer have implemented them, or used things like COPS, so several people have machines that are wide open. 3. I bet that a virus would spread round a teaching lab like (insert your favourite euphemism) - many people ask what this new program is, and then run a copy without any checks as to the source etc... 4. Its a hobbiest, or student machine (I'm not being denigrating, its just that most of us can't afford a Sun, but we can afford a NeXT). Unix systems have been hit by worms and all sorts of other security nasties, and the NeXT is unlikely to be any better in this respect. I have not checked for the standard set of holes yet, but I will, and I hope other people will check for known holes, and inform NeXT if they find any (whether you should also publish them on the Net is a long running argument that I am not going to touch). So to summarise:- + If you are attached to any form of network, then read the security section of the manual, and implement the suggestions NOW (this should be done even for non networked machines). + Watch out for any announcements of NeXT-nasties (I should copyright that name - its a good one). + If you run a network, then you need the COPS package - available from good archive sites. + Be careful about what you run. + Remember, all the Unix nasties can probably catch you out too (have a look at the current thread in the Unix groups about paths and superusers). + Don't be paranoid, well not very - they aren't _all_ out to get you! Nigel. -- # Nigel Metheringham # (NeXT) EMail: nigelm@ohm.york.ac.uk # # System Administrator ####### Phone: +44 904 432374 # # Department of Electronics # Fax: +44 904 432335 # # University of York, Heslington, York, UK, YO1 5DD #
gerrit@sequent.com (Gerrit Huizenga) (06/21/91)
yoshida@tansei.cc.u-tokyo.ac.jp (Yoshida) writes: >It occurred to me that I've never seen any discussion about >*viruses* in this group...? Is the NeXT "virus-proof" or >something? -I couldn't find any mention in the documentation >in Librarian...? No machine connected to a network and no machine which uses borrowed software is virus-proof. Because the NeXT machine utilizes memory protection (via an MMU and UNIX based memory protection semantics) it is more resistant to viruses than machines such as IBM PC's and most Apple products. While many of us in the past have encouraged NeXT to close the "well-known" Unix based holes (and in general that have been reasonably responsive), there are no guarantees that the NeXT is any more immune than any other machine. In the past, the newness and sparse use of some of the software technology used on the NeXT has helped provide protection via obfuscation. There is, however, no excuse for anyone with a NeXT which either uses borrowed software or connects their machine to a network to take all of the standard systems administration precautions that an administrator would take for any Unix based machine. (I say Unix based becuase the NeXT is; however, the same philosophies from any networkable machine still apply. I.e. accounts should use good passwords, privileged services should utilize sufficient authorization mechanisms, etc). It is also very important for administrators to continue to point out any security problems to NeXT Computer, Inc. via the appropriate mechanisms (i.e. not this newsgroup) so that those problems can be addressed. gerrit
jwright@cfht.hawaii.edu (Jim Wright) (06/21/91)
john@csrnxt1.ae.utexas.edu (John R. Schutz) writes: >You probably won't find any kind of virus documentation from any computer >vendor. It doesn't really inspire a person's trust, ya know? In HP's LaserRom-UX software (virtually all their manuals on CDROM with a tty or Motif frontend), a search for "virus" came back with a few hits, including a very good step-by-step discussion of how to handle security breaches. I searched for "virus" in Digital Librarian, and got three hits. NextAnswers.390, NextAdmin chapter 16 Security, and X tutorials bugtalk. None of them deal very well with viruses per se, but the security chapter is pretty good. The other day I installed Sun's "AnswerBook" software (again, like Digital Librarian on CDROM). I did a search for "dead computer" and some of the topics returned were computer virus and computer worm. I didn't check to see what they had to say, though. It isn't as bad as you suggest. -- Jim Wright jwright@cfht.hawaii.edu Canada-France-Hawaii Telescope Corp.
eps@toaster.SFSU.EDU (Eric P. Scott) (06/21/91)
In article <1991Jun20.165657.1304@ohm.york.ac.uk> nigelm@ohm.york.ac.uk (Nigel Metheringham) writes: >The NeXT, I'm afraid, is a prime candidate for the first widespread >Unix (or Mach to be picky) virus. My reasons for saying this are:- > 1. Most software distribution is done as binaries This is a *serious* problem. That's why many sites won't consider software unless they can inspect the complete source code, or it's Commercial Off The Shelf. Commercial vendors *have* shipped software for Macs and PeeCees containing viruses, so even that's no guarantee. A disclaimer of liability doesn't help much in what can reasonably be considered gross negligence. I guess I should also point out that picking binaries out of FTP "submissions" directories isn't terribly bright, since they are literally world-writable, and it would be trivial for someone to replace a recent submission with a corrupted version. That's why I generally ask archivists to FTP known good copies of my work from one of my sites, and usually remember to post sizes and checksums. (Not perfect, but something of a deterrent.) > 2. I think many people have not read the security related > stuff in the manuals, and still fewer have implemented > them, or used things like COPS, so several people have > machines that are wide open. NeXT *ships* the machines wide open. > 3. I bet that a virus would spread round a teaching lab like > (insert your favourite euphemism) - many people ask what > this new program is, and then run a copy without any > checks as to the source etc... That's not a virus, that's a trojan horse. >Unix systems have been hit by worms and all sorts of other security >nasties, and the NeXT is unlikely to be any better in this respect. NeXT unfortunately doesn't consider this a priority; 2.x still ships with many executables circa ~1985 that were proven to have holes--which were subsequently fixed in -tahoe, -reno, and various intermediate releases. Since the specific problems tend to become ->common knowledge<- once it's ASSUMED that everyone's had time to integrate current versions into their releases, NeXT software *probably* has bugs competing vendors (Sun, DEC, etc.) have long since attended to. How the holes got there to begin with really isn't important; it's how NeXT responds once notified that they are shipping bad product. In my experience, I've found NeXT remarkably unconcerned about attending to security problems. Perhaps they believe that their user base is so unsophisticated that it's just not important? After all, if all you do is "point and click" there's not much trouble you can get into. I'm really worried NeXT is just going to "deemphasize" UNIX and "Macintize" the machine. I don't want an "appliance computer." I want a UNIX workstation, and not one 15-year-olds can tear apart blindfolded with one hand behind their back. >I have not checked for the standard set of holes yet, but I will, You should! >and I hope other people will check for known holes, and inform NeXT >if they find any (whether you should also publish them on the Net is >a long running argument that I am not going to touch). My feeling at this point is that you should publish, or at least carbon copy some "trusted" watchdog (such as CERT) so NeXT doesn't just sweep things under the rug. Accountability is important! -=EPS=-