The Answer Gang

fat versus inodes

From narender

Answered By Heather Stern

dear sir ,

i want to know why the viruses are so common in dos and windows while unix is ammune to these ?

[Heather] In order to spread effectively, viruses have to gain system-level privileges and abuse them. In DOS and Windows, system level priveleges have no "natural" defenses - all requests for system services are on behalf of the same user, you.

NT has slightly better natural defenses, but also gets some interesting ones.

The ability of viruses to spread seems to be enhanced by some other features which you would otherwise find handy, like the ability of several apps to share a single macro language.

This is why there are so many antivirus companies - even after they've gone and bought each other up a bunch. They're in the business of selling immune systems and the ability to spot that the machine is "ill" before the symptoms get obvious.

is it all due to inodes concept in the unix ?

[Heather] No. UNIX family OS' all expect different applications to run in seperated memory spaces, called a process. If a process (even owned by the same user) tries to wander out of its allowed space it is killed (that's called a sementation violation, or segfault). In addition normal users don't have full system privileges. Beyond that, we have a great many macro languages available and few systems have the same configuration enough that a virus can be sure of one or another feature being present. Having to make decisions makes such "invaders" large - larger invaders are more easily spotted, or may set off other defenses. So while in theory it's not impossible for a Linux virus to exist, it's much harder.

The main case I know of was basically a research virus - it could only spread if the system's user also did a few things to improve his ability to access the system as root when working remotely. Very few people do that, or even want to.

We have much more to fear from crackers trying to generate these failures deliberately, than from viruses trying to invade our systems automatically.

However, it's worth noting that LILO is a master boot record - it looks different, but it's still an mbr, so any virus you catch in a dual boot system that attacks the mbr, will attack your LILO. That it's code "coming from Linux" won't save it. It does have a few defenses, but it's not very big. Many other bootloaders exist too, and if you're living in a virus rich environment you might want to use one that specifically has some antivirus features.

if so will you please tell me in more detail the responcible differences between fat and inodes tables ?

needing yr help
regards
narender

[Heather] Well, it's not the responsible thing, but it's a fair question.

FAT is a table at the beginning of the disk, which divides the disk up into "clusters" and marks how each cluster is used. (There's actually two tables, so that there is a safe copy in case of problems, but normally, they contain the exact same data.)

inodes contain a small amount of information (called metadata) about the things they point to, and the things they point to can be put anywhere on the disk, because part of the metadata says where that is. We have a different way of keeping track of what disk space is still free to allocate. For more about this, study about the "superblock" since we do have things that affect how many inodes we can use, and so on, as options when we format a disk under linux.

So it is simplest to say that the difference is that FAT directly represents the disk, but Linux' system indirectly represents the disk.

This page edited and maintained by the Editors of Linux Gazette Copyright © 2001
Published in issue 65 of Linux Gazette April 2001

HTML script maintained by Heather Stern of Starshine Technical Services, http://www.starshine.org/

1   2   3   4   5   6   7   8   9   10   11   12   13   14   15   16   17   18   19   20   21   22   23   24   25   26   27   28   29