trojan horse and user authentication under UNIX/Linux

Posted on 2002-07-06
Last Modified: 2010-04-20

i was told that Windows2000 has this "feature": you have to press crtl+alt+del to log in, and by doing this, you won't become a victim of trojan horses.

My questions are:
1) How does it work? Why trojan horses can be kept out of the door by implementing this mechanism?

2) it seems UNIX/Linux systems don't have such a "feature". How do *nix people deal with trojan horses?

Question by:ken021600
  • 4
  • 3
LVL 51

Expert Comment

ID: 7133814
nonsense, IMHO
1) they cannot
2) trojans may also be on Unix/Linux systems. Unix admins simply delete them (if they identified them :-))

Author Comment

ID: 7134256
nice to see you again!

1) well here is what i heard: "the only program that can trap the ctrl-del-alt sequence is windows itself. so you can be sure that when you press that key sequence, you are typing your credentials in your windows login screen, and not a trojan horse program designed to look like the windows login screen."

so are you saying that it's still very possible to steal someone's login and password using trojan horses even though they follow the ctrl-alt-del sequence? is so, how?

2) well, maybe by the time admins find them, it's already too late...

so are you saying that *nix systems don't have such a mechanism like that under windows?

BUT, i was told: "the linux equivalent is the secure access key, which is enabled with the kernel option CONFIG_MAGIC_SYSRQ. it's useful when you want to be sure there are no trojan program is running at console and which could grab your password whe you would try to login. it will kill all programs on given console and thus letting you make sure that the login prompt you see is actually the one from init, not some trojan program."

LVL 51

Expert Comment

ID: 7134706
1) yes,  trojan can steal you password
2) *nix don't need Ctr+Alt+Del, you always can gout or use a screen locker

> BUT ..
if the kernel uses loadable modules (which most people do), it's possible to write a trojan which circumvents the CONFIG_MAGIC_SSRQ, theoretically, somehow

what are you loking for?
  - discussion
  - proof that such trojans exist
  - solutions to prevent such trojans
please give a hint, otherwise this thread goes to nowhere, and never ends ...
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline


Author Comment

ID: 7134829

1) my original question was "How does it work? Why trojan horses can be kept out of the door by implementing this mechanism?" and your answer was "they cannot". and i incited another comment from someone else, whcih is contrary to your comment. and i'd like to know whose is correct.

2) my original second question was---it seems UNIX/Linux systems don't have such a "feature". How do *nix people deal with trojan horses? and your comment was "trojans may also be on Unix/Linux systems. Unix admins simply delete them (if they identified them ". this confused me coz if we make a comparison, windows has such a mechanism to prevent trojan programs but *nix don't have one so people would get such an impression "wow windows is better than *nix in terms of fighting with trojans...".

then i got someone else's comment whcih states that we do have such a choice under *nix...

LVL 51

Accepted Solution

ahoffmann earned 50 total points
ID: 7135761
"real" trojans do not rely on user permissions, they infect the system as root (*nix) or administrator (windoze)
   So for both OS a mechanism such as "Ctrl+Alt+Del" cannot be kill all trojans, it might be possible that the trojans running under user ID are killed, but how would they be detected? If the mechanism simply would kill all user processes, you never can use scheduled tasks, crons.
You know the purpose of trojans? hide themselfs as something looking proper. IMHO it is nearly impossible to write a mechanism which would kill **all** and **any** trojans, except with a complete reinstall of the OS from a save media.

I don't know of such a mechanism for *nix (except logout from xdm/X server), even there might there exist one somehow, somewhere. But it is not really necessary, 'cause it much harder to get root access on *nix, than to get administrator permissions on M$. Without root permissions, a trojan cannot harm a *nix (except the admin opened the system for any access from every user). This is different to any M$ system.
M$ claims it is the more modern (3 years?) system than *nix, but *nix works since roughly 30 years without any virus (but indeed trojans, and I do not say that there are no viruses possible).

To check a system for malware (trojan, virus), it need be done with max. permissions (root, administrator), anything else is, more or less useless. And you need to take some precautions (like TripWire) so that you can identify the malware.

I cannot proof that such a mechanism prevents you from trojans (on windoze), I just can argue that it is nonsense if it does not a complete reinstall of the system.
Well, some trojans may be catched, but real ones are aware of such a mechanism, except reinstall.

Disclaimer: this is not a flame against one OS, and/or a pro for another. Statistics about malware just tell you which systems are commonly infected, and which are simply working since years (without much infections).

Author Comment

ID: 7137563
catch you later!

LVL 51

Expert Comment

ID: 7138556
you catch me, or my opinions/argues?

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
Join Greg Farro and Ethan Banks from Packet Pushers ( and Greg Ross from Paessler ( for a discussion about smart network …
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now