Mandatory Access Control And Malware
After listening to the virtus/malware discussion on LUG Radio’s new (but apparently one-off) show (check it out at lugradio.org, these guys are hilarious), got me thinking about how much Linux users are exposed to malware.
Lets forget, for the sake of the discussion, the technical attacks1 as these are relatively easy to handle and Linux operating systems are already pretty well protected against such. The main vector of attack for malware these days is Social Engineering anyway – this is how Mac OS-X users get attacked by malware: you browse a web site, and an image that looks like a a blinking dialog box notifies you that your computer has been infected by a virus and prompts you to download this “fix”.
Most of us, technically inclined users, sneer at this type of “threat”, but most people aren’t technically inclined and there are enough people out there that will be fooled by this practice time and time again. Click the image and a binary gets downloaded to your computer and if it is in the correct format it will get executed.
- Such as buffer overflows and such [↩]