trojan horse and user authentication under UNIX/Linux

Posted on 2002-07-06
Last Modified: 2010-04-20

i was told that Windows2000 has this "feature": you have to press crtl+alt+del to log in, and by doing this, you won't become a victim of trojan horses.

My questions are:
1) How does it work? Why trojan horses can be kept out of the door by implementing this mechanism?

2) it seems UNIX/Linux systems don't have such a "feature". How do *nix people deal with trojan horses?

Question by:ken021600
  • 4
  • 3
LVL 51

Expert Comment

ID: 7133814
nonsense, IMHO
1) they cannot
2) trojans may also be on Unix/Linux systems. Unix admins simply delete them (if they identified them :-))

Author Comment

ID: 7134256
nice to see you again!

1) well here is what i heard: "the only program that can trap the ctrl-del-alt sequence is windows itself. so you can be sure that when you press that key sequence, you are typing your credentials in your windows login screen, and not a trojan horse program designed to look like the windows login screen."

so are you saying that it's still very possible to steal someone's login and password using trojan horses even though they follow the ctrl-alt-del sequence? is so, how?

2) well, maybe by the time admins find them, it's already too late...

so are you saying that *nix systems don't have such a mechanism like that under windows?

BUT, i was told: "the linux equivalent is the secure access key, which is enabled with the kernel option CONFIG_MAGIC_SYSRQ. it's useful when you want to be sure there are no trojan program is running at console and which could grab your password whe you would try to login. it will kill all programs on given console and thus letting you make sure that the login prompt you see is actually the one from init, not some trojan program."

LVL 51

Expert Comment

ID: 7134706
1) yes,  trojan can steal you password
2) *nix don't need Ctr+Alt+Del, you always can gout or use a screen locker

> BUT ..
if the kernel uses loadable modules (which most people do), it's possible to write a trojan which circumvents the CONFIG_MAGIC_SSRQ, theoretically, somehow

what are you loking for?
  - discussion
  - proof that such trojans exist
  - solutions to prevent such trojans
please give a hint, otherwise this thread goes to nowhere, and never ends ...
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.


Author Comment

ID: 7134829

1) my original question was "How does it work? Why trojan horses can be kept out of the door by implementing this mechanism?" and your answer was "they cannot". and i incited another comment from someone else, whcih is contrary to your comment. and i'd like to know whose is correct.

2) my original second question was---it seems UNIX/Linux systems don't have such a "feature". How do *nix people deal with trojan horses? and your comment was "trojans may also be on Unix/Linux systems. Unix admins simply delete them (if they identified them ". this confused me coz if we make a comparison, windows has such a mechanism to prevent trojan programs but *nix don't have one so people would get such an impression "wow windows is better than *nix in terms of fighting with trojans...".

then i got someone else's comment whcih states that we do have such a choice under *nix...

LVL 51

Accepted Solution

ahoffmann earned 50 total points
ID: 7135761
"real" trojans do not rely on user permissions, they infect the system as root (*nix) or administrator (windoze)
   So for both OS a mechanism such as "Ctrl+Alt+Del" cannot be kill all trojans, it might be possible that the trojans running under user ID are killed, but how would they be detected? If the mechanism simply would kill all user processes, you never can use scheduled tasks, crons.
You know the purpose of trojans? hide themselfs as something looking proper. IMHO it is nearly impossible to write a mechanism which would kill **all** and **any** trojans, except with a complete reinstall of the OS from a save media.

I don't know of such a mechanism for *nix (except logout from xdm/X server), even there might there exist one somehow, somewhere. But it is not really necessary, 'cause it much harder to get root access on *nix, than to get administrator permissions on M$. Without root permissions, a trojan cannot harm a *nix (except the admin opened the system for any access from every user). This is different to any M$ system.
M$ claims it is the more modern (3 years?) system than *nix, but *nix works since roughly 30 years without any virus (but indeed trojans, and I do not say that there are no viruses possible).

To check a system for malware (trojan, virus), it need be done with max. permissions (root, administrator), anything else is, more or less useless. And you need to take some precautions (like TripWire) so that you can identify the malware.

I cannot proof that such a mechanism prevents you from trojans (on windoze), I just can argue that it is nonsense if it does not a complete reinstall of the system.
Well, some trojans may be catched, but real ones are aware of such a mechanism, except reinstall.

Disclaimer: this is not a flame against one OS, and/or a pro for another. Statistics about malware just tell you which systems are commonly infected, and which are simply working since years (without much infections).

Author Comment

ID: 7137563
catch you later!

LVL 51

Expert Comment

ID: 7138556
you catch me, or my opinions/argues?

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
In my business, I use the LTS (Long Term Support) versions of Linux. My workstations do real work, and so I rarely have the patience to deal with silly problems caused by an upgraded kernel that had experimental software on it to begin with from a r…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now