"I will show how it is possible in a few easy steps to write a
perfectly valid email borne virus for modern desktop Linux. I will
do so not because I want to put down Linux. Quite the opposite: I
like and support Linux, which is all I'm running at home and at
work. I'm a big supporter of free and open software as readers of
this blog will know. But if there are any security risks, even in
my favorite OS or distribution then they will need to be discussed.
Even more important: A false sense of security is worse than a lack
of security. And unsubstantiated claims of superiority don't help
in a reasonable discussion either.
"Some notes before we get started I should point out: The
vulnerabilities we will be taking advantage of are 'features' of
the most popular modern Linux desktop environments, Gnome and KDE.
The actual core of Linux itself does not have any of these
vulnerabilities. A Linux (or any other *nix) system without running
Gnome or KDE will not exhibit any of these problems, which is one
of the huge advantages of properly separating the core OS from
other applications such as the desktop environment."
