Comments on: MySQL worm halted

After infecting thousands of computers, the bot software has been cut off from its command center, essentially halting its spread.

[Dachi]

port 3306 does not require root

But most services run on ports under 1024 and do require root. This is an example of why require root privs to run < 1024 is not necessarily a more secure design.

[Johnny Mnemonic]

Not quite correct

Since these are ports reserved for priviledged
services they require "root" to bind to the port
but the services are not required to run "as"
root. In other words, a properly designed deamon
(service) must intiate as root to bind to say port
80 "http" but can serve requests with limited
priviledges. Most well designed servers run
"chrooted" to limit file system access. One
exception in the past was sendmail which had
security problems when a buffer overflow issue
gave you root access. These issues are easily
avoided by limiting priviledges. A good design
would be something like Apache that follows this
rule.

[Not Bugged]

Port binding

Some Linux distributions, Debian is one of them, will not enable binding to eternal interfaces by default. The server will only bind to the loopback address (127.0.0.1), or in the case of services like X which support UNIX domain sockets, a unix domain socket will be used. This, as well as the reduction in privelage and requirement to create a password on installation, gives increased security by default.