Back Orifice?...sounds like BS to me...opinions?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
this was posted in the ubuntu ng

Quoted text here. Click to load it

Re: Back Orifice?...sounds like BS to me...opinions?

On Sat, 15 Dec 2007, in the Usenet newsgroup, in article

Quoted text here. Click to load it

in an article

Date: Fri, 14 Dec 2007 23:49:41 -0600
Subject: A story of a CURRENT LINUX EXPLOIT...

which is an off-shoot of the on-going thread "avast!".  Really brief
point - that "avast!" thread is highly spiced with troll droppings.
The main topic is the presence/absence of Linux viruses.  As with
most trolls, this thread is full of opinions, razor edged definitions,
and the inability of any of the debaters to consider any part of the
other sides arguments.  There's also a lot of name calling, which
adds nothing to the discussion.

OK, if you are not subscribed to the Bugtraq mailing list (and if you
are serious about computer security, you probably should be) as you're
posting from supernews using pan, point your newsreader at the group
'mailing.unix.bugtraq' and/or 'muc.lists.bugtraq' which are moderately
active (~400 articles/month) mirrors of the Bugtraq mailing list.
Search through that, and see how many articles mention Linux (answer -
quite a few, nearly all announcing important security updates for
Debian, Gentoo, Mandriva, and Ubuntu distributions).  Then look
through the articles and notice how many of the articles contain the
word 'Linux' and 'virus'.   Two over the last month:

Subject: Cisco Security Advisory: Cisco Security Agent for Windows
 System Driver Remote Buffer Overflow Vulnerability

from Cisco, mentioning that this does NOT apply to Linux, and

Subject: Filesystem access in DOSBox 0.72

which says it's possible to get a local exploit, but that the
application author disagrees.

Of course, you could always wander over to your favorite search engine
and look for the words 'Linux' and 'virus' in the past year.

Bottom line - stay with packages supplied _by_ your distribution (in
the specific case of Ubuntu, you can also use "official" Debian
packages as well). If you can't find a specific application and/or
version there, search first at other distributions (and use alien
to convert it to a Debian package) or grab the source tarball from
the distribution and compile that. Second choice would be to go to
the application author's site and grab the source there. The LAST
choice would be to grab the source from some other site, review it,
and then compile.  Grabbing a pre-compiled binary from some site
you've never heard of before puts you into the same risk area that
the average windoze luser runs in, with a somewhat similar chance
of finding malware, which is to say "not a good idea".

Running a non-windoze operating system does not make you mal-ware
proof, or even mal-ware resistant. A recent article in Bugtraq
mentions a trojan installed on OSX - an operating system loosely
based on FreeBSD. The trojan gets installed when the luser visits
some pr0n site, and a pop-up message tells him that he must install
a plug-in to view the pr0n. The id10t happily does so, providing the
root password because the trojan needs root privileges.  Are you going
to blame the O/S for that trojan?  The web browser?  Or the fool who
visits the pr0n site because his computer skills match his personal
skills, and there isn't a chance in he!! that a member of the
appropriate sex would ever find him worth more than a glance?  Social
Engineering - Because there is no patch for human stupidity.

        Old guy

Re: Back Orifice?...sounds like BS to me...opinions?

Quoted text here. Click to load it

It's a classic ;)

Quoted text here. Click to load it

A BO "exploit"? BO is/was a Windows remote control tool/trojan
(depending on who you'd ask), that included both Windows and Linux
*clients* (the part that used the trojan). So this guy likely has the
first ported-to-Linux BO install, amazing. (Or he's looking to drop
the image of Linux security down to the level of Windows using tall
tales like this one.)

Quoted text here. Click to load it

Funny, I use Tor now and then but it never "infected" me. Likely
someone is capitalizing on the Windows trojan, also called "Tor" by
some AV-vendors, nothing to do with privacy/anonymous Tor, to create a
healthy dose of FUD.

Quoted text here. Click to load it

An an exploit or a remote control tool?

Quoted text here. Click to load it

To an certain Ubuntu forum to smack a certain someone with a clue-stick


 [** America, the police state **]
Whoooose! What's that noise? Why, it's US citizen's
rights, going down the toilet with Bush flushing.

Re: Back Orifice?...sounds like BS to me...opinions?

mr.b wrote:

Quoted text here. Click to load it

You failed to post a link or URL...

Quoted text here. Click to load it

Step into reality... it's all bullshit untill it's proven as fact. Since
this hasn't hit the net as big news... it's a local event and probably a
figment of someones imagination. And I'm being nice here...


Jerry McBride (

Site Timeline