OK..
Console access is alvays on a tty device, you can easily scan these to detect programs. just as you can easily scan the keyboard buffer in windows...
windows 0 /1
Linux 0/1
On windows you can instal a keylogger, the system asks no questions abauot programs being installed.
On linux you can install a program, the syste asks no questions about programs being installed, (installed mening coppide to a location on the harddrive
windosw 0 /2
Linux 0/2
On windows (assuming you are using an administrative account) you can execute anything that is excecutable.
On Linux (assuming you are using an adminstrative account) you can execute anything that is executable.
Windows 0/3
Linux 0/3
Windows can be set up to log internet traffic
Linux can be set up to log internet traffic
windows 1/4
Linux 1/4
On windows programs can be called something seemingly important to try to avoid detection, windows makes no checks that a program called llsas.exe is actually the same system file that it needs.
On Linux programs can be called something seemingly important to try to avoid detection, Linux makes no checks that a program called apache/vi/tty1 is actually the same file that it would normally be running.
windows 1/5
linux 1/5
So there we have the five main things that a keylogger would do.
Assuming both systems are setup and used the same
they both failed abismally...
the only point they each scorred was that they *could* be set up to log internet access.
Of course could doesn't necessarily mean does... and doesn't even make sure that you are checking yuor logs for nithernet access either...
There is however some saving grace in that both wnidows and (most distos of linux) have built in firewalls...
the only difference there benig that the windosw firewall will actually warn you of an unidentified process trying to accesss the internet...
All in all both systems are much the same from the point of view of securty, they both suffer from the exact same weaknesses when they are setup and usde in the same way...
There was a link I posted some time ago to a security report about how an executable could be executed with root privellages when logged as a normal user...
now was that the fault of linux, of the fault of thunderbird for wrongly procesing mail attachments?
System instability is (overall) more the fault of programs running on the system rather than the system...
for all you who A, have a c compiler...
and B, want to see the point prooved
first lok at this...
Code:
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <ctype.h>
void main()
{
int x, from, to, page;
unsigned char *space;
space = (char *)malloc(0x10000);
if(space==NULL)
{
printf("\n\n\rCannot allocate memory, please try again later\n\n\r");
exit(1);
}
printf("writing Memory\n\n\r");
printf("writting to memory location.\n\r");
for (x=0;x<=65535;x++)
{
*(space+x)=x;
printf("%d\r",x);
}
printf("Reading Memory\n\n\r");
from = 0;
to = 65535;
printf("\n\n\rAddress\tHex\t\t\t\t\tAscii\n\r");
for (x=from;x<=to;)
{/*print the start of the line, to and from line adresses and hex information*/
page=page+1;
printf("%5ld\t",x);
for (z=0;z<=11;z++)
{
if ((z+x>to)||(z+x>65535)) /*check if address is outside of allocated memory range*/
{
printf(" _ "); /*if it is outside of range print _*/
}
else
{
printf("%2x ",*(space+x+z));
}
}
printf("\t");
for (y=0;y<=11;y++)
{
if (y+x>to) /*check if address is outside of allocated memory range*/
{
printf("_ "); /*if it is outside of range print _*/
}
else
{
if ((*(space+y+x)<127)&&(*(space+y+x)>33)) /*check if charector is printable*/
{
printf("%c ",*(space+x+y));
}
if ((*(space+y+x)>127)||(*(space+y+x)<33))
{
printf("* "); /*if charector is not printable then print star */
}
}
}
printf("\n\r");
x=x+12;
if (page==20)
{
printf("press C to continue or X to exit");
scanf("\n%c",&choice);
fflush(stdin);/*fluses out multiple entries*/
choice[0] = toupper(choice[0]);
if (choice[0]=='X')
{
exit(1);
}
page=0;
printf("\n\n\rAddress\tHex\t\t\t\t\tAscii\n\r");
}
}
}
works fine... allocates a memory space, reads and writes within that memory space...
now see this...
Code:
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <ctype.h>
void main()
{
int x, from, to, page;
unsigned char *space;
space = (char *)malloc(0x10000);
if(space==NULL)
{
printf("\n\n\rCannot allocate memory, please try again later\n\n\r");
exit(1);
}
printf("writing Memory\n\n\r");
printf("writting to memory location.\n\r");
for (x=0;x<=65535;x++)
{
*(space+x)=x;
printf("%d\r",x);
}
printf("Reading Memory\n\n\r");
from = 0;
to = 65545;
printf("\n\n\rAddress\tHex\t\t\t\t\tAscii\n\r");
for (x=from;x<=to;)
{/*print the start of the line, to and from line adresses and hex information*/
page=page+1;
printf("%5ld\t",x);
for (z=0;z<=11;z++)
{
printf("%2x ",*(space+x+z));
}
printf("\t");
for (y=0;y<=11;y++)
{
if ((*(space+y+x)<127)&&(*(space+y+x)>33)) /*check if charector is printable*/
{
printf("%c ",*(space+x+y));
}
if ((*(space+y+x)>127)||(*(space+y+x)<33))
{
printf("* "); /*if charector is not printable then print star */
}
}
printf("\n\r");
x=x+12;
if (page==20)
{
printf("press C to continue or X to exit");
scanf("\n%c",&choice);
fflush(stdin);/*fluses out multiple entries*/
choice[0] = toupper(choice[0]);
if (choice[0]=='X')
{
exit(1);
}
page=0;
printf("\n\n\rAddress\tHex\t\t\t\t\tAscii\n\r");
}
}
}
On windows XP, this should cause an error and cause the program to ext, OS will be fine...
Windows 98 this will blue screen,
will crash (ie BSOD equiv on early Mac versions, and I've not seen the results on Linux...
but believe me, if it doesn't crash, (either the program or the system, then the implications are much worse)...