trojan horse and user authentication under UNIX/Linux

Posted on 2002-07-06
Last Modified: 2010-04-20

i was told that Windows2000 has this "feature": you have to press crtl+alt+del to log in, and by doing this, you won't become a victim of trojan horses.

My questions are:
1) How does it work? Why trojan horses can be kept out of the door by implementing this mechanism?

2) it seems UNIX/Linux systems don't have such a "feature". How do *nix people deal with trojan horses?

Question by:ken021600
  • 4
  • 3
LVL 51

Expert Comment

ID: 7133814
nonsense, IMHO
1) they cannot
2) trojans may also be on Unix/Linux systems. Unix admins simply delete them (if they identified them :-))

Author Comment

ID: 7134256
nice to see you again!

1) well here is what i heard: "the only program that can trap the ctrl-del-alt sequence is windows itself. so you can be sure that when you press that key sequence, you are typing your credentials in your windows login screen, and not a trojan horse program designed to look like the windows login screen."

so are you saying that it's still very possible to steal someone's login and password using trojan horses even though they follow the ctrl-alt-del sequence? is so, how?

2) well, maybe by the time admins find them, it's already too late...

so are you saying that *nix systems don't have such a mechanism like that under windows?

BUT, i was told: "the linux equivalent is the secure access key, which is enabled with the kernel option CONFIG_MAGIC_SYSRQ. it's useful when you want to be sure there are no trojan program is running at console and which could grab your password whe you would try to login. it will kill all programs on given console and thus letting you make sure that the login prompt you see is actually the one from init, not some trojan program."

LVL 51

Expert Comment

ID: 7134706
1) yes,  trojan can steal you password
2) *nix don't need Ctr+Alt+Del, you always can gout or use a screen locker

> BUT ..
if the kernel uses loadable modules (which most people do), it's possible to write a trojan which circumvents the CONFIG_MAGIC_SSRQ, theoretically, somehow

what are you loking for?
  - discussion
  - proof that such trojans exist
  - solutions to prevent such trojans
please give a hint, otherwise this thread goes to nowhere, and never ends ...
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.


Author Comment

ID: 7134829

1) my original question was "How does it work? Why trojan horses can be kept out of the door by implementing this mechanism?" and your answer was "they cannot". and i incited another comment from someone else, whcih is contrary to your comment. and i'd like to know whose is correct.

2) my original second question was---it seems UNIX/Linux systems don't have such a "feature". How do *nix people deal with trojan horses? and your comment was "trojans may also be on Unix/Linux systems. Unix admins simply delete them (if they identified them ". this confused me coz if we make a comparison, windows has such a mechanism to prevent trojan programs but *nix don't have one so people would get such an impression "wow windows is better than *nix in terms of fighting with trojans...".

then i got someone else's comment whcih states that we do have such a choice under *nix...

LVL 51

Accepted Solution

ahoffmann earned 50 total points
ID: 7135761
"real" trojans do not rely on user permissions, they infect the system as root (*nix) or administrator (windoze)
   So for both OS a mechanism such as "Ctrl+Alt+Del" cannot be kill all trojans, it might be possible that the trojans running under user ID are killed, but how would they be detected? If the mechanism simply would kill all user processes, you never can use scheduled tasks, crons.
You know the purpose of trojans? hide themselfs as something looking proper. IMHO it is nearly impossible to write a mechanism which would kill **all** and **any** trojans, except with a complete reinstall of the OS from a save media.

I don't know of such a mechanism for *nix (except logout from xdm/X server), even there might there exist one somehow, somewhere. But it is not really necessary, 'cause it much harder to get root access on *nix, than to get administrator permissions on M$. Without root permissions, a trojan cannot harm a *nix (except the admin opened the system for any access from every user). This is different to any M$ system.
M$ claims it is the more modern (3 years?) system than *nix, but *nix works since roughly 30 years without any virus (but indeed trojans, and I do not say that there are no viruses possible).

To check a system for malware (trojan, virus), it need be done with max. permissions (root, administrator), anything else is, more or less useless. And you need to take some precautions (like TripWire) so that you can identify the malware.

I cannot proof that such a mechanism prevents you from trojans (on windoze), I just can argue that it is nonsense if it does not a complete reinstall of the system.
Well, some trojans may be catched, but real ones are aware of such a mechanism, except reinstall.

Disclaimer: this is not a flame against one OS, and/or a pro for another. Statistics about malware just tell you which systems are commonly infected, and which are simply working since years (without much infections).

Author Comment

ID: 7137563
catch you later!

LVL 51

Expert Comment

ID: 7138556
you catch me, or my opinions/argues?

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
how to install java on RHEL image on EC2 4 42
awk variable in printf 1 34
CLI command keep running after close 7 37
parallel rsync issues with Ubuntu 1 30
Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
Join Greg Farro and Ethan Banks from Packet Pushers ( and Greg Ross from Paessler ( for a discussion about smart network …
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question