trojan horse and user authentication under UNIX/Linux

Hi,

i was told that Windows2000 has this "feature": you have to press crtl+alt+del to log in, and by doing this, you won't become a victim of trojan horses.

My questions are:
1) How does it work? Why trojan horses can be kept out of the door by implementing this mechanism?

2) it seems UNIX/Linux systems don't have such a "feature". How do *nix people deal with trojan horses?

Thanks,
KEN
ken021600Asked:
Who is Participating?
 
ahoffmannCommented:
"real" trojans do not rely on user permissions, they infect the system as root (*nix) or administrator (windoze)
   So for both OS a mechanism such as "Ctrl+Alt+Del" cannot be kill all trojans, it might be possible that the trojans running under user ID are killed, but how would they be detected? If the mechanism simply would kill all user processes, you never can use scheduled tasks, crons.
You know the purpose of trojans? hide themselfs as something looking proper. IMHO it is nearly impossible to write a mechanism which would kill **all** and **any** trojans, except with a complete reinstall of the OS from a save media.

I don't know of such a mechanism for *nix (except logout from xdm/X server), even there might there exist one somehow, somewhere. But it is not really necessary, 'cause it much harder to get root access on *nix, than to get administrator permissions on M$. Without root permissions, a trojan cannot harm a *nix (except the admin opened the system for any access from every user). This is different to any M$ system.
M$ claims it is the more modern (3 years?) system than *nix, but *nix works since roughly 30 years without any virus (but indeed trojans, and I do not say that there are no viruses possible).

To check a system for malware (trojan, virus), it need be done with max. permissions (root, administrator), anything else is, more or less useless. And you need to take some precautions (like TripWire) so that you can identify the malware.

I cannot proof that such a mechanism prevents you from trojans (on windoze), I just can argue that it is nonsense if it does not a complete reinstall of the system.
Well, some trojans may be catched, but real ones are aware of such a mechanism, except reinstall.

Disclaimer: this is not a flame against one OS, and/or a pro for another. Statistics about malware just tell you which systems are commonly infected, and which are simply working since years (without much infections).
0
 
ahoffmannCommented:
nonsense, IMHO
1) they cannot
2) trojans may also be on Unix/Linux systems. Unix admins simply delete them (if they identified them :-))
0
 
ken021600Author Commented:
nice to see you again!

1) well here is what i heard: "the only program that can trap the ctrl-del-alt sequence is windows itself. so you can be sure that when you press that key sequence, you are typing your credentials in your windows login screen, and not a trojan horse program designed to look like the windows login screen."

so are you saying that it's still very possible to steal someone's login and password using trojan horses even though they follow the ctrl-alt-del sequence? is so, how?

2) well, maybe by the time admins find them, it's already too late...

so are you saying that *nix systems don't have such a mechanism like that under windows?

BUT, i was told: "the linux equivalent is the secure access key, which is enabled with the kernel option CONFIG_MAGIC_SYSRQ. it's useful when you want to be sure there are no trojan program is running at console and which could grab your password whe you would try to login. it will kill all programs on given console and thus letting you make sure that the login prompt you see is actually the one from init, not some trojan program."

Thanks,
KEN
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
ahoffmannCommented:
1) yes,  trojan can steal you password
2) *nix don't need Ctr+Alt+Del, you always can gout or use a screen locker

> BUT ..
if the kernel uses loadable modules (which most people do), it's possible to write a trojan which circumvents the CONFIG_MAGIC_SSRQ, theoretically, somehow

Ken,
what are you loking for?
  - discussion
  - proof that such trojans exist
  - solutions to prevent such trojans
please give a hint, otherwise this thread goes to nowhere, and never ends ...
0
 
ken021600Author Commented:
Hi,

1) my original question was "How does it work? Why trojan horses can be kept out of the door by implementing this mechanism?" and your answer was "they cannot". and i incited another comment from someone else, whcih is contrary to your comment. and i'd like to know whose is correct.

2) my original second question was---it seems UNIX/Linux systems don't have such a "feature". How do *nix people deal with trojan horses? and your comment was "trojans may also be on Unix/Linux systems. Unix admins simply delete them (if they identified them ". this confused me coz if we make a comparison, windows has such a mechanism to prevent trojan programs but *nix don't have one so people would get such an impression "wow windows is better than *nix in terms of fighting with trojans...".

then i got someone else's comment whcih states that we do have such a choice under *nix...

KEN
0
 
ken021600Author Commented:
thanks,
catch you later!

KEN
0
 
ahoffmannCommented:
you catch me, or my opinions/argues?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.