Checksums don't help that much - virus writers would treat it as "part
of the set of alterations that need to be made" and then the checksum
becomes zero protection.
Your system binaries are safe from the virus (from my understanding of the
poor writeup) if you are sensible about your system - ie, don't run stuff
as the root user, don't login as root, ensure that your binaries are owned
by root etc.
If users have their own binaries, then they should take adequate care
over them (find ~ -type f -perm +111 | xargs chmod a-w) to ensure that
they are not writable (this applies to your argument as well).
Once you're in this situation:
1. Users can't write to their executables without first chmod'ing them.
(won't take long for a virus writer to get the idea that they should
chmod +w them first).
2. If a user binary becomes infected, only people able to run that binary
also become infected. Certainly root should under no circumstances
run any program which a user has compiled - the user may have some
nice code in there which creates another root user in /etc/passwd
with no password entry.
3. Since you're only running system programs as root (and by that I mean
stuff for administration, not stuff like mail clients, news readers
etc), your system binaries should not become infected.
Therefore, if you follow good easy system administration techniques, then
you end up minimising the risk of getting:
1. viruses
2. trojans
3. malicious users
cracking your system. If you don't follow these techniques, then you're
asking for lots of trouble, and no amount of checksumming/signing/etc
will ever save you.
-- Russell King (rmk@arm.linux.org.uk) The developer of ARM Linux http://www.arm.linux.org.uk/personal/aboutme.html- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/