It’s definitely working…

My eldest son James, who’s 9, suggested something to me on Saturday morning over breakfast that made me quite proud and very chuffed.

The conversation went something like this:

“Dad, I think you should come to our school and talk to us about what you do. You know, Ubuntu and Open Source and all that.”

“Really James? Do you think so?”

“Yes, you’d have to be CRB checked [sic], but you could come and explain about Ubuntu. If Mr. Jeffs [The Headmaster] knew about it we’d have more money to spend on useful things for the school.”

“That’s interesting James, what do you mean?”

“Well, Ubuntu is free isn’t it. So we wouldn’t have to buy Microsoft Windows any more. And it is better than Windows isn’t it. And it doesn’t get viruses like Windows either does it Dad. So I’m sure Mr. Jeffs would think that it’s a really good thing…”

UbuntuBoth my kids use Ubuntu at home; they are 5 & 9. They skip easily between Ubuntu & the Windows machines they use at school and with their friends. They also switch without difficulty between applications too. When necessary James does his homework in OpenOffice.org and takes a USB stick to school with the files saved in a nasty proprietary format.

Seems like I’d better write a nice letter to Mr Jeffs then hadn’t I?

Free Linux Virus Writing Course.

Over on the ubuntuweblogs, Gerry Ilagan pointed the readership to this excellent article by Foobar on how to write a Linux virus.

I will show how it is possible in a few easy steps to write a perfectly valid email borne virus for modern desktop Linux. I will do so not because I want to put down Linux. Quite the opposite: I like and support Linux, which is all I’m running at home and at work. I’m a big supporter of free and open software as readers of this blog will know. But if there are any security risks, even in my favourite OS or distribution then they will need to be discussed. Even more important: A false sense of security is worse than a lack of security. And unsubstantiated claims of superiority don’t help in a reasonable discussion either.

OK it isn’t quite a Linux virus, more like a Gnome/KDE virus but the point is clearly made. There is a pretty big hole in the current Desktop implementations, i.e. KDE and Gnome, whereby a file with the .desktop suffix is essentially executable even though it does not have to have the execute bit set.

It is well worth reading and understanding so you can protect yourself from being stupid.

And hopefully someone upstream will take notice too…

Yet Another Microsoft Worm [Conficker] Runs Amok

According to the BBC today,

Infections of a worm that spreads through low security networks, memory sticks, and PCs without the latest security updates is “skyrocketing”.

The malicious program, known as Conficker, Downadup, or Kido was first discovered in October 2008.

Anti-virus firm F-Secure estimates there are now 8.9m machines infected.

This is yet another major outbreak. At least the coverage of this one is pretty clear that it is just Windows PCs that are affected, but jeez, how come people are still putting up with this crap:

“Microsoft did a good job of updating people’s home computers, but the virus continues to infect business who have ignored the patch update.

“A shortage of IT staff during the holiday break didn’t help and rolling out a patch over a large number of computers isn’t easy.

“What’s more, if your users are using weak passwords – 12345, QWERTY, etc – then the virus can crack them in short order,” he added.

“But as the virus can be spread with USB memory sticks, even having the Windows patch won’t keep you safe. You need anti-virus software for that.”

Sorry. What? Microsoft did a good job patching another hole. People just don’t get it do they? It’s a bit like trying to plug the holes in a sieve using a knitting needle. You might block one, but hey, there are hundreds more holes just next door.

I love the bit about having the Windows patch is not enough. So that only protects you from network born infections? And not from other sources? Or so it would seem. Be afraid. Be very afraid…

According to Microsoft, the worm works by searching for a Windows executable file called “services.exe” and then becomes part of that code.

It then copies itself into the Windows system folder as a random file of a type known as a “dll”. It gives itself a 5-8 character name, such as piftoc.dll, and then modifies the Registry, which lists key Windows settings, to run the infected dll file as a service.

I know that for most of the readers of this blog this is teaching your granny to suck eggs but please:

just try doing something like this on a proper operating system.

But of course the malware-that-masquerades-as-an-operating-systemTM isn’t so robust.

If you find it hard to convince the great unwashed why it is that “proper operating systems” don’t really get viruses, this article is quite a good, and not too technical, explanation of the main reasons.

For a Linux binary virus to infect executables, those executables must be writeable by the user activating the virus. That is not likely to be the case. Chances are, the programs are owned by root and the user is running from a non-privileged account. Further, the less experienced the user, the lower the likelihood that he actually owns any executable programs. Therefore, the users who are the least savvy about such hazards are also the ones with the least fertile home directories for viruses…

… A computer virus, like a biological virus, must have a reproduction rate that exceeds its death (eradication) rate in order to spread. Each of the above obstacles significantly reduces the reproduction rate of the Linux virus. If the reproduction rate falls below the threshold necessary to replace the existing population, the virus is doomed from the beginning — even before news reports start to raise the awareness level of potential victims.

The reason that we have not seen a real Linux virus epidemic in the wild is simply that none of the existing Linux viruses can thrive in the hostile environment that Linux provides. The Linux viruses that exist today are nothing more than technical curiosities; the reality is that there is no viable Linux virus.

Now please go and upgrade someone you love from Windows to a proper operating system.