Re: ramen worm

[Joerg Winkelmann <jwinkel@example.com>]

Usually, when there is a virus, a trojan or some other
nasty beast going around, one reads: This affects only
Windows systems.
Now it is the other way around: One must read that
the Ramen worm affects only Linux machines and that
Microsoft Windows systems are secure . :-(

Why is this Ramen worm possible?
From the information I could find, it seems that the
Ramen worm attacks RedHat 6.2 and 7.0 systems which are running
versions of rpc.statd and ftpd which are vulnerable.
There will be always bugs and there will also be always
many people using Linux on personal computers not bothering
too much to install all security patches immediately.
Therefore the default configurations of Linux distributions
should be as secure as possible, and this is the point where,
in my opinion, RedHat ( and other distributors) have failed.
Why are these daemons (rpc.statd, ftpd) running at all in a
default configuration?
To use ftpd to provide an anonymous ftp server is probably
not something the average RedHat user has in mind.
Using ftpd for non-anonymous password-authorized file transfer
should not be done anyway, one should use scp instead.
Thus, while a Linux distribution should certainly contain ftpd,
I can not see why ftpd should be running by default.
The default, for all internet services not absolutely necessary
should be not to be started unless explicitly requested.
Whoever wants to start an ftp server (or Web server, or NFS server
or ...) should be able to do so in a few number of easy steps,
but the number of these steps should not be zero.

Just my 0.02 $

Joerg
-- 
e-mail: jwinkel@example.com
Web: http://www.math.unibas.ch/~winkel/index.html

Postal Adress (valid until Sep 2001):
 Joerg Winkelmann
 Graduate School of Mathematical Sciences
 University of Tokyo
 Komaba, Meguro, Tokyo 153-8914
 Japan
 Tel.: 00-81-3-5465-7030