Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


trojan horse and user authentication under UNIX/Linux

Posted on 2002-07-06
Medium Priority
Last Modified: 2010-04-20

i was told that Windows2000 has this "feature": you have to press crtl+alt+del to log in, and by doing this, you won't become a victim of trojan horses.

My questions are:
1) How does it work? Why trojan horses can be kept out of the door by implementing this mechanism?

2) it seems UNIX/Linux systems don't have such a "feature". How do *nix people deal with trojan horses?

Question by:ken021600
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
LVL 51

Expert Comment

ID: 7133814
nonsense, IMHO
1) they cannot
2) trojans may also be on Unix/Linux systems. Unix admins simply delete them (if they identified them :-))

Author Comment

ID: 7134256
nice to see you again!

1) well here is what i heard: "the only program that can trap the ctrl-del-alt sequence is windows itself. so you can be sure that when you press that key sequence, you are typing your credentials in your windows login screen, and not a trojan horse program designed to look like the windows login screen."

so are you saying that it's still very possible to steal someone's login and password using trojan horses even though they follow the ctrl-alt-del sequence? is so, how?

2) well, maybe by the time admins find them, it's already too late...

so are you saying that *nix systems don't have such a mechanism like that under windows?

BUT, i was told: "the linux equivalent is the secure access key, which is enabled with the kernel option CONFIG_MAGIC_SYSRQ. it's useful when you want to be sure there are no trojan program is running at console and which could grab your password whe you would try to login. it will kill all programs on given console and thus letting you make sure that the login prompt you see is actually the one from init, not some trojan program."

LVL 51

Expert Comment

ID: 7134706
1) yes,  trojan can steal you password
2) *nix don't need Ctr+Alt+Del, you always can gout or use a screen locker

> BUT ..
if the kernel uses loadable modules (which most people do), it's possible to write a trojan which circumvents the CONFIG_MAGIC_SSRQ, theoretically, somehow

what are you loking for?
  - discussion
  - proof that such trojans exist
  - solutions to prevent such trojans
please give a hint, otherwise this thread goes to nowhere, and never ends ...
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.


Author Comment

ID: 7134829

1) my original question was "How does it work? Why trojan horses can be kept out of the door by implementing this mechanism?" and your answer was "they cannot". and i incited another comment from someone else, whcih is contrary to your comment. and i'd like to know whose is correct.

2) my original second question was---it seems UNIX/Linux systems don't have such a "feature". How do *nix people deal with trojan horses? and your comment was "trojans may also be on Unix/Linux systems. Unix admins simply delete them (if they identified them ". this confused me coz if we make a comparison, windows has such a mechanism to prevent trojan programs but *nix don't have one so people would get such an impression "wow windows is better than *nix in terms of fighting with trojans...".

then i got someone else's comment whcih states that we do have such a choice under *nix...

LVL 51

Accepted Solution

ahoffmann earned 200 total points
ID: 7135761
"real" trojans do not rely on user permissions, they infect the system as root (*nix) or administrator (windoze)
   So for both OS a mechanism such as "Ctrl+Alt+Del" cannot be kill all trojans, it might be possible that the trojans running under user ID are killed, but how would they be detected? If the mechanism simply would kill all user processes, you never can use scheduled tasks, crons.
You know the purpose of trojans? hide themselfs as something looking proper. IMHO it is nearly impossible to write a mechanism which would kill **all** and **any** trojans, except with a complete reinstall of the OS from a save media.

I don't know of such a mechanism for *nix (except logout from xdm/X server), even there might there exist one somehow, somewhere. But it is not really necessary, 'cause it much harder to get root access on *nix, than to get administrator permissions on M$. Without root permissions, a trojan cannot harm a *nix (except the admin opened the system for any access from every user). This is different to any M$ system.
M$ claims it is the more modern (3 years?) system than *nix, but *nix works since roughly 30 years without any virus (but indeed trojans, and I do not say that there are no viruses possible).

To check a system for malware (trojan, virus), it need be done with max. permissions (root, administrator), anything else is, more or less useless. And you need to take some precautions (like TripWire) so that you can identify the malware.

I cannot proof that such a mechanism prevents you from trojans (on windoze), I just can argue that it is nonsense if it does not a complete reinstall of the system.
Well, some trojans may be catched, but real ones are aware of such a mechanism, except reinstall.

Disclaimer: this is not a flame against one OS, and/or a pro for another. Statistics about malware just tell you which systems are commonly infected, and which are simply working since years (without much infections).

Author Comment

ID: 7137563
catch you later!

LVL 51

Expert Comment

ID: 7138556
you catch me, or my opinions/argues?

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The purpose of this article is to fix the unknown display problem in Linux Mint operating system. After installing the OS if you see Display monitor is not recognized then we can install "MESA" utilities to fix this problem or we can install additio…
The purpose of this article is to demonstrate how we can upgrade Python from version 2.7.6 to Python 2.7.10 on the Linux Mint operating system. I am using an Oracle Virtual Box where I have installed Linux Mint operating system version 17.2. Once yo…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question