OpenSSH Trojan

Pawel lfs-security at
Sat Aug 3 04:07:59 PDT 2002

At 11:44 AM 8/3/2002 +0800, you wrote:

>However, I personally don't think it's wise to bank on protection at
>all.  I pay attention to this stuff because I have to, as a basic matter
>of responsibility, but I have zero faith in it.  I think real security
>(as close as you get to that) comes from some sort of constant automated
>backup system so you can roll back whatever damage happens.
>Even if that's not feasible I think it's always more practical to set
>things up so you can quickly recover from damage, rather than spend huge
>effort trying to avoid cracks in the first place.  It's just too easy
>for people to keep finding and using new exploits; there will never be
>any end to them and we'll never be fully protected against them.

Yes, an automated backup system is very important and can easily be
implemented using rsync or whatever, but everything depends on what the
machine is used for. If it's a public workstation then you can zap it at
any time with yesterday's backup, but what if it's an e-commerce server?
A backup might help you find and remove a planted rootkit but if
someone gets a hold of the client information you're screwed anyway.
A backup system is for cleaning up after the event, a better way
would be to keep the event from happening in the first place.

>I used to run the computers for a school here, which used Win98.  In
>practical terms that's as insecure an environment as you're likely to
>find.  How did I handle it?  I set up every user PC so Windows could be
>automatically re-installed through the network just by booting with the
>right option.  Then whenever I smelled any small bit of trouble I just
>pushed a couple keys and zapped the whole thing (and believe me, I never
>hesitated to do that).  The result of this sort of caution: in five
>years running the computers nobody in the place ever took the slightest
>bit of damage from viruses and worms, while schools around us got
>trashed by every new pest that came along.  That's pretty good
>considering I never bothered with any of this "personal firewall" or
>anti-virus crap Windows users put too much faith in.

Well, win98 is a different story, because we all know there's no way
to protect a box running it. I agree that a backup and a quick zap
is the best way to go in a situation like this.


Unsubscribe: send email to listar at
and put 'unsubscribe lfs-security' in the subject header of the message

More information about the lfs-security mailing list