Why do we get infected...

Whats the golden rule to stay away from viruses? What do you do to make
sure you dont get infected? Dont install software from untrusted
source, run Antivirus, dont execute attachments unless they are from
trusted source or without scanning them through Antivirus etc? Do you
think this will ensure that you would never get infected? Answer is No!

I personally dont prefer running antivirus on my machine. It makes your
system crawling slow. But when you are running windows, you have to make
sure you run one. Ever wondered how these viruses get into your systems?
Most of the viruses get into the systems through vulnerabilities in
software. A vulnerability is a bug in software of which you can take
some advantage. Vulnerabilities are more vulnerable if they can be
remotely exploited. Vulnerabilities can be of any sort. But most
dangerous of them are some which can let attacker execute some code on
target machine by exploiting them remotely. And one major category of
the remotely exploitable vulnerability is "Buffer Overruns".

Buffer Overrun is a bug in which you allocate some buffer (memory) and
while filling it up you forget to check bounds of it. In a way allowing it
to overflow. The matter is made worse when the allocated buffer is used
to store some externally provided entity. Something which user provides
to software. This can allow the attacker to execute some arbitrary code
on the system running such software. Detailed description of how buffer
overruns work can be found in a classical paper published in a Phrack
magazine called "Smashing the stack for fun and profit"

Buffer overrun is a very common error which you can make while coding in
C, C++. 90% of such errors maybe exploitable. And if they are remotely
exploitable, then you have a virus targeted at that vulnerability.
Buffer Overruns are scarier than this! So, now what are the things that
can get you infected?

You tried to view an image sent you by your friend. The image was
specially crafted to exploit the problem with your jpeg rendering
engine. You get infected.

You tried to open short movie clip you downloaded from server, The movie
had exploited bug in your movie player's codec. You get infected.

You visited a web-page which exploited some javascript vulnerability,
You get infected.

You play safe and disable javascript and visit a web-page, page exploits
vulnerability with HTML rendering engine. You get infected.

Worst! you plug in your network cable, attacker sends a vulnerable
packet to you that exploits some vulnerability in your kernel networking
code. You get infected.

Whatever you do you cannot make sure you dont get infected. But sure,
prevention is better than cure! Either use antivirus or dont use Windows :D

Linux and Viruses

Why Linux doesn't have problem of viruses? Is Linux most secure Operating System? No! Believe me, there is nothing like perfectly secure in the world. But then why does Windows only suffer with such a huge problem of viruses?

The fact being that Windows is most widely used desktop OS. Most of the virus writers prefer to write viruses for windows. Writing virus for windows guaranties you mass spreading and infection. But that is not the only reason. How many people do you know always use windows with a non privileged account? Most of the Windows users log in with Administrator account. Dont be surprised if people laugh on a Linux / Unix user logging on as always as root. Windows does not follow good practices in this sense to discourage people for using Administrator account for normal usage. Where as there are certain Linux programs which will warn you if you are trying to run them as root. When you have logged onto your system with privileged user and when you are attacked by a virus you are bound to cause more damage to the system since they execute code as a privileged user.

Also there are certain areas where Windows does not follow best of the security practices. Its possible for a non privileged windows users to create or register DLL files and also cause some damage to the system. Where as in Linux anything else than root is largely restricted to their home directory and maybe some shared data. Enforcement of security by default is far better in Linux.

One of the important factor about Linux is it runs on large number of platforms. Linux as an Operating System is not standardized. All distributions are different from each other. There are various number of programs aimed at certain purpose. Where as Windows has standard mail client MS Outlook / Outlook Express,IE as the browser. Which makes virus writers life easy, as every Windows machine will have all these programs. Linux users use variety of mail client, so virus aimed at particular mail client may not harm all Linux systems. This makes virus writing for Linux rather difficult (But not impossible!).

Super User Do! (sudo)

sudo (Super User do) is an excellent and yet extremely simple utility.
sudo lets ordinary user to execute commands as super user (root)
Any user can execute privileged program using sudo command.
sudo will ask for that users password before executing any command
(Note it doesn't ask you root password) sudo can be configured to
gain finer control over who can execute what. People can be restricted
to execute certain commands such as halt, reboot etc. Yet they can
execute other commands without providing root password.

sudo configuration can also be stored in LDAP. This allows finer control
over distributed set of machines. All machines can read configuration from
LDAP server which localizes the configuration and management of sudo
for multiple machines.

Ubuntu comes with preconfigured sudo. Ubuntu has null root password
that is no one can log into root account directly. First user who registers on
the ubuntu box is given all privileges through sudo on that machine.
If the privileged person wants to login as root he can do so using
command

sudo su

The most important feature of sudo is that it enables logging. sudo logs
the commands you execute with the user name. And this is what many
people use it for.

This sounds very good approach in terms of security, but I don't totally
agree with it. Say there are 3 users who have got full privileges with sudo.
All of them can execute any command by providing their own password
to sudo. This means that we now have nearly 3 root equivalent accounts
and 3 root equivalent passwords to protect! Also the configuration is
rather trickier. When I configured sudo I started with exclusion principle.
Users were disallowed to execute certain programs, rest of the programs
can be executed by users. This is really dangerous as the programs which
you are allowing are virtually infinite set, so its always better to use inclusion
principle here. Only allow certain programs can be executed as root.
Maybe rest of the programs can be allowed to run as some less privileged
user or the same user (As pointed out by Milan :D)

All I can say its something very useful for people using it for personal
desktops or in the environment where there are limited users.

links:
Sodores Manual

Building cheapest gateway machine.

What would you like your gateway machine to have? I consider
most people will want at least following things in a gateway,

1. Firewall
2. DHCP Server
3. Easy administration tools
4. Monitoring Tools

And also there may be less essential things like

1. Caching DNS Server
2. Caching Proxy Server
3. HTTP Server

Most latest router products can give all above things out of the
box. But most of the routers are considerably expensive. Now
what if you have ran out of budget to buy such funky routers?
Well you dot need to worry! You can build a cheapest gateway
machine with cost as less as FREE!

There are plenty of Linux distributions (Open Source and
Commercial) available aimed for this purpose. These distros
provide out of the box services which a gateway or a server
machine might need.

Most of these distributions provide you excellent monitoring and
administration tools. Some have web based administration interface.
There are good bandwidth management tools available. Firewall is
conventional iptables / ipfilter based firewalls and also custom and
open source front-ends for configuring the same.

Major feature about these firewalls is that they also provide you Live
CD distributions. Configuration files can be saved to floppy discs
or also on the USB disks. You can also create your own custom CD
with configuration burnt on it. So, in case if your gateway machine
goes down, pickup this CD put it into other machine and then that
machine can readily start functioning as the gateway. Effective way
to handle fail-over! Most of these distros provide good support for
hardware (As Linux does anyway!) one can run it on any machine like
old Pentium machine to any new high-end machine. But you ideally
don't need a powerful machine. In case of Live CD distos, you don't
even need any hard-drive.

Some of the firewall distros are -
Devil Linux
IP Cop Firewall
Smoothwall
Coyote Linux
ClarkConnect Gateway/Server

Static Inner classes?

Ever tried serializing the inner class object with non serializable
outer class? We cannot do this! By default compiler adds a reference
to the outer class in the inner class. Remember! we need to access
some attributes of outer class at times. This explicit referencing helps
at that time. When you try to serialize the inner class object you will
get an error.

Now what do we do if we want an inner class object to be serialized?
There is a way to do it. This is where you can use static inner class!.
A static inner class doesn't get a reference to the outer class when
compiled. Its treated as any other standalone class all together. When
an inner class is compiled its actually compiled into a class file with
name OuterClass$InnerClass.class where as the static inner class gets
its own seperate InnerClass.class file. This also meas that you cannot
access OuterClass members from static inner class since we no
longer have any reference to the outer class.