Forgot your password?
typodupeerror
Security Operating Systems Software Windows Linux

Viruses and Market Dominance - Myth or Fact? 736

Posted by simoniker
from the wash-your-hands-first dept.
rocketjam writes "An article at The Register, authored by Scott Granneman of SecurityFocus, examines the conventional wisdom that if Linux or Mac OS X were as popular as Windows, there would be just as many viruses written for those platforms. Mr. Granneman bluntly says this is wrong, then proceeds to detail the fundamental differences between those OS's and Windows which make Windows an easy and inviting target for virus-writers, as opposed to the Unix-based platforms."
This discussion has been archived. No new comments can be posted.

Viruses and Market Dominance - Myth or Fact?

Comments Filter:
  • What about r00tkits? (Score:3, Interesting)

    by Leme (303299) <jboyce@ci.redding.COUGARca.us minus cat> on Monday October 06, 2003 @06:25PM (#7148094)
    He says "There are about 60,000 viruses known for Windows, 40 or so for the Macintosh, about 5 for commercial Unix versions, and perhaps 40 for Linux."

    What about root kits? I would consider that a virus, not technically speaking, but it's still along the same lines.
    • A virus is self replicating.
    • by demaria (122790) on Monday October 06, 2003 @06:32PM (#7148155) Homepage
      Rootkits are probably more like a trojan than virus.

      Personally, I consider viruses, worms and trojans to all fall into the same genus. The differences between the three aren't too important and blurry anyways. They are all hostile code that can affect any system.
      • by jidar (83795)
        a rootkit isn't even marginally similar to the others in that rootkits are ran deliberately by a local assailant. They don't propogate by any means and you are never tricked into running them. They really have nothing to do with this topic.
      • by Population (687281) on Monday October 06, 2003 @08:47PM (#7149269)
        They are very different beasties and they are handled in very different ways.

        A worm is handled by keeping your patches up to date and by NOT RUNNING ANYTHING YOU DON'T NEED.

        A virus is handled by NOT RUNNING AS ROOT.

        A trojan is handled by EDUCATION.

        Microsoft has made the spread of trojans and viruses very easy by automatically running code. Sometimes without the user even knowing that the code has been executed.

        A rootkit usually uses an exploit in a running process to install itself. In this fashion, it is similar to a worm. But it does not automatically spread itself to other machines.

        Or it could be a hacked version of ls that is executed because someone was dumb enough to have . in their path. In which case it is similar to a trojan.

        Different terms to reflect different attacks that are defeated in different ways.

        All the patching in the world will not stop a trojan.

        The best security on your email program will not matter if you're running a vulnerable version of sendmail.

        Only run what you need to run.
        Run with the minimum rights necessary.
        Don't run unknown code.
        Keep your patches current.
        Run tripwire or something similar.
        Review your logs.
      • by pVoid (607584)
        The difference is humongous. It's not so blurry.

        Let me break it down to you:

        a trojan horse is code you run on your computer that doesn't do what you thought it did. In my opinion, these are mostly user stupidity.

        a virus is code being injected into a program you run normally. How it gets there is not really part of 'viral activity'. Technically, we have very few virii left these days, most fall into the trojan horse category. Virii were especially popular back in the days of DOS, when modifying a file

      • Personally, I consider viruses, worms and trojans to all fall into the same genus. The differences between the three aren't too important and blurry anyways. They are all hostile code that can affect any system.

        Hrm. That sounds a little like saying that it's not important for the lay public to know the differences between real (biological) viruses and bacteria--they're both hostile organisms that make us sick, right?

        All well and good until you have people with rhinoviruses going to the doctor and deman

    • by EvilTwinSkippy (112490) <yoda&etoyoc,com> on Monday October 06, 2003 @07:06PM (#7148517) Homepage Journal
      There is a BIG difference between a rootkit and a virus. A rootkit is injected manually by a human being AFTER they burrow through an exploit.

      If that is your definition of a virus, you might as well lump NT crack and the windows 2000 installation CD as Viruses.

  • by civilengineer (669209) on Monday October 06, 2003 @06:28PM (#7148119) Homepage Journal
    there would be just as many viruses written for those platforms Probably, there would be as many viruses written, or more, but the effect of the viruses would have been different. As to whether the effects would have been not as bad, equal or worse is difficult to answer.
    • by pebs (654334) on Monday October 06, 2003 @06:40PM (#7148245) Homepage
      Take a look at this somewhat related article [overclockers.com]. It looks almost like its a response to reading Slashdot and responding with a troll.
      • by incom (570967) on Monday October 06, 2003 @08:25PM (#7149103)
        That article has all the typical anti-linux trolls rolled into one, along with several new ones. For example to those who don't feel like reading it, he compares linux users to terrorists and communists all in the same article. He also blames the majority of viruses and malicious hackers on linux, and p2p software theft as something caused by the linux community. Truly an overdramatized troll.
  • by BobTheLawyer (692026) on Monday October 06, 2003 @06:29PM (#7148124)
    is that the relative difficulty a newbie has doing things in Linux makes it more secure.

    And the network effect he mentions is really just a more sophisticated version of the "everybody uses Windows" argument he disparages.

    I'm not qualified to comment on his technical arguments...
    • by Killean (25381) <steve...kerr@@@wizardint...com> on Monday October 06, 2003 @06:35PM (#7148191) Homepage
      Yeha, I love this quote:

      Further, due to the strong community around Linux, new users will receive education and encouragement in areas such as email security that are currently lacking in the Windows world, which should help to alleviate any concerns on the part of newbies.

      Yeah right. I garuntee if my Mom started using Linux all she'd be doing the same things she's doing now. You can lead a horse to water but you can't make them check if it's contaminated first...

      • As far as I can determine from his article the synopisis is:

        Some people say that number of virii per platform will be roughly equivalent to that platform's marketshare. They are wrong. Windows is different to the other platforms because:
        1) On Windows, applications share architecture making cross-contamination easier.
        2) On other platforms, there are more steps to perform to accomplish simple tasks than on Windows (implying that users really need to work at it to get infected).
        3) On Windows platforms, most

        • If Linux were to reach the unwashed masses' desktops then most there would either run as root, or have a very simple one-click method to run things as root (ie: to install stuff).

          Sounds like Lindows...

        • If Linux were to reach the unwashed masses' desktops then most there would either run as root, or have a very simple one-click method to run things as root (ie: to install stuff)

          I doubt it. Why would Linux go that route rather than doing it like OS X, which is essentially Unix for the "unwashed masses".

    • by Dark Paladin (116525) * <jhummel@johAUDENnhummel.net minus poet> on Monday October 06, 2003 @06:49PM (#7148345) Homepage
      I would state that it depends on the distrubution.

      For example, OS X installs the first user as an Administrator (though several tasks require they enter their password as a sort of sudo command - but most users would simply do so without thinking of the consequences).

      The last time I installed Red Hat (7.2 I believe), it had you set the root user, then create a new normal user - assuming the user logs in as themselves, and not root, then the protections will work.

      I think the best note is "if users act like they should" (which is easier in an office environment than a home one), then virses onto UNIX based systems (GNU/Linux, BSD, or otherwise) won't get very far and will find quick death if spread using the standard "social engineering" ways of the MS Windows world.

      The difference between UNIX systems and Windows ones is that there are fewer protections on Windows to prevent System-level commands from being run. On a UNIX box, if I'm signing on as me (non-admin type), then I can feel pretty good about general security. If I'm on a Windows box, I'm going to have to be double cautious with everything that crosses my email or my browser - whether I actively run it or not.

      So I'd say he made some fallacies, but overall his point is more correct than the cries of "Well, there are less viruses on GNU/Linux and OS X because nobody runs it! Nyah!"
      • by MacDork (560499) on Monday October 06, 2003 @08:47PM (#7149273) Journal
        The reason it asks for a password is that an OS X 'administrator' is not root. It's staff. There is no root account by default. You have to enable that purposely. The point is that if you double click something that looks like a picture file and it asks you for your admin password, you KNOW something is up. On Windows, double click and you're dead. If it doesn't ask and you're running as an Admin, it might wipe out /Applications and ~/, but it can't touch /System or any other user's files. If you run as a regular user, then only ~/ can be hosed.
    • is that the relative difficulty a newbie has doing things in Linux makes it more secure.

      So you're saying that Linux should make it easier for users to run scripts and executeables they receive in the mail?

      TheFrood
    • I do agree that Windows is sadly insecure. But... Most of the argument in this article are based on a fallacious view of computers as the same home-built hobby kits they were 30 years ago.

      Analagous claim:
      You are less likely to get food poisoning from home-cooking than eating in a restaurant.

      Analagous argument:
      It is more difficult to prepare a meal at home than to order one in a restaurant, therefore you are less likely to do it, and therefore less likely to get food-poisoning.

      My response (to b
  • by papasui (567265)
    Sure you can mess up a Windows system easily. I could just as easily compile some code without reading every line of the source and have my entire home directory wiped out, which contains all my settings and documents, you know the important stuff. Every system can be damaged, the extent will vary, but you still need to be careful regardless of the OS you use.
    • You missed the point. While wiping /home would be 'unfortunate' for you, it reduces the virus' spread.
      • by tconnors (91126)
        You missed the point. While wiping /home would be 'unfortunate' for you, it reduces the virus' spread.

        Since this article is about the spread of virii on popular systems, let's concider for the moment how most people use computers. Most people have one computer to themselves. They will set up an account for themselves, and probably their entire family uses that one account. They store a year's worth of data on it, and then a virus comes along. Now, you are saying, well, it's only limited to the one account
  • by Soulfader (527299) <sig@@@sigspace...net> on Monday October 06, 2003 @06:29PM (#7148126) Journal
    "Check out this wicked screensaver!!!! But it um, only runs as root, so you have to su first. Also, chmod and make it executable, please. Thanks!"
  • by kevin_conaway (585204) on Monday October 06, 2003 @06:29PM (#7148130) Homepage
    I think Windows systems suffer more from vulnerabilities at the operating system level (possibly because it tried to integrate so many things) than application level (though they do exist). In Unix like environments, it is the opposite. The operating system is generally secure against remote attacks but it is the applications that run on top of the OS that introduce vulnerabilities.

    As long as there is software there will be bugs, no matter where it is run.
    • "As long as there is software there will be bugs, no matter where it is run."

      This is very true. All it takes is an inexpicably popular piece of software that has a vulnerability in it. Franky, I don't think it'd be hard for somebody to write an interesting app just to do that. Kazaa ring a bell?
  • by PRES_00 (657776) on Monday October 06, 2003 @06:30PM (#7148133)
    Since many Linux distributions are trying hard to get convert desktop users, they are also diminishing the steps required for the launching of an executable virus thus, diminishing security.

    If Linux becomes more popular, media recognition and increasingly "dumbed down" distros will make it a good platform virus writers.
    • by JayBlalock (635935) on Monday October 06, 2003 @06:40PM (#7148252)
      It might make it easier for average users to infect themselves, BUT they won't spread it. Keep in mind, these days, most damage caused by viruses is secondary. SoBig didn't directly damage ANY computers - but it crippled a lot of networks and inboxes because of the huge load of mail it generates.

      And that's what, as far as I know, NO ONE would manage to dumb Linux down to be able to do. All of the big virii like SoBig and Blaster rely on Microsoft's boneheaded insistance on cross-linking every program and giving everything full root rights. Did you know there's one theoretical expoit in Windows, thankfully not done yet, in which an MP3 could be given a corrupt header, which points IE to a virus online, and be activated simply on MOUSEOVER? No joke, it's out in MS's security updates archive.

      So even if it becomes easier for lusers to infect themselves, the chances of an Internet crippling worm are FAR reduced. (and that's even assuming a few standardized builds; the huge multitude of programs available for Linux create a form of security through obscurity)

    • My thoughts exactly. While I was reading his arguments, I was thinking "Y'know, half of these reasons are *why* more people don't use Linux...".
    • by pla (258480) on Monday October 06, 2003 @06:44PM (#7148292) Journal
      If Linux becomes more popular, media recognition and increasingly "dumbed down" distros will make it a good platform virus writers.

      No.

      The very fact that Unix-like OSs have a concept of a "root" account (which the Windows "equivalent", "administrator", does not even come CLOSE to matching in terms of actual separation of permissions), makes it all but invincible to virii.

      Yes, if Linux becomes popular enough for virus authors to target it, we'll see a round of trojans using root exploits - But unlike Windows exploits, very few of these exist to start with, and they will (and do) get fixed within a few hours of discovery.

      Actually, for that reason, I think more Linux virii would help Linux security overall, as it would expose those root exploits faster than we can discover them normally. Yeah, a few boxes would suffer, but the community as a whole would benefit.
    • increasingly "dumbed down" distros will make it a good platform virus writers.

      You'll need to distribute the virus in several versions of rpm....
    • Mod parent up! (Score:3, Insightful)

      by ProtoCat (452381)
      Most of the arguments presented by the article can be dismissed once the lowest common denominator is taken into account. Your average *CONSUMER* does not like having computers being more complicated than they 'really need to be'.

      If and when the so-called great Linux revolution occurs, distros will have to keep the needs of the average consumer in mind. Y'know, the people who outnumber your average slashdot reader in droves? Most of these people have no desire or need to really learn anything beyond what i
  • by Anonymous Coward on Monday October 06, 2003 @06:31PM (#7148145)
    For us oldsters, who were around when Microsoft finally woke up to the significance of the internet, the security problems that M$ faces coincide with their desire for market dominance.

    MS quickly created some powerful internet enabled applications. Outlook is the best example. In order to provide so many 'innovative' goodies and features they had to sacrifice security. Deep system hooks and then trying to justify their inclusion of Internet Explorer forced them to tie IE deeply to the system. A great example of short term profiteering at the cost of long term credibility.

    Just my opinion. But I am 37 and my degree is in International Relations!

    ONE LOVE!

    Grampy
  • But... (Score:3, Insightful)

    by The Gline (173269) on Monday October 06, 2003 @06:32PM (#7148156) Homepage
    Isn't the fact that Windows's vulnerabilities are well known a product of its widespread use? I mean, this just sounds like a self-fulfilling prophecy of sorts.

    Not that it matters to those of us who never patch, no matter what OS you're running. I administer a Win2K based server that has remained stable because I patched it religiously and made sure that it was not easily compromised, and so far nothing has happened to it. (In fact, I had a "white hat" come in and try the usual round of exploits on the box, and none worked.)

    OTOH, a friend of mine administering a Linux server was too busy bragging about his non-stop uptime to upgrade to a non-exploitable version of Apache and got his site defaced. Twice.

    It's not the OS, it's what you do with it.
    • Re:But... (Score:5, Insightful)

      by Sevn (12012) on Monday October 06, 2003 @07:31PM (#7148717) Homepage Journal
      Isn't the fact that Windows's vulnerabilities are well known a product of its widespread use? I mean, this just sounds like a self-fulfilling prophecy of sorts.

      Nope. You should probably read the article. It explains the flaw in your logic. To save you some time, here are the relevant parts.........

      We've all heard it many times when a new Microsoft virus comes out. In fact, I've heard it a couple of times this week already. Someone on a mailing list or discussion forum complains about the latest in a long line of Microsoft email viruses or worms and recommends others consider Mac OS X or Linux as a somewhat safer computing platform. In response, another person named, oh, let's call him "Bill," says, basically, "How ridiculous! The only reason Microsoft software is the target of so many viruses is because it is so widely used! Why, if Linux or Mac OS X was as popular as Windows, there would be just as many viruses written for those platforms!"

      Of course, it's not just "regular folks" on mailing lists who share this opinion. Businesspeople have expressed similar attitudes ... including ones who work for anti-virus companies. Jack Clarke, European product manager at McAfee, said, "So we will be seeing more Linux viruses as the OS becomes more common and popular."

      Mr. Clarke is wrong.

      AND THESE BULLITS....

      **Windows software is either executable or not, depending on the file extension. So if a file ends with ".exe" or ".scr", it can be run as a program (yes, of course, if you change a text file's extension from ".txt" to ".exe", nothing will happen, because it's not magically an executable; I'm talking about real executable programs). It's easy to run executables in the Windows world, and users who get an email with a subject line like "Check out this wicked screensaver!" and an attachment, too often click on it without thinking first, and bang! we're off to the races and a new worm has taken over their systems.

      **Microsoft's email software is able to infect a user's computer when they do something as innocuous as read an email! Don't believe me? Take a look at Microsoft Security Bulletins MS99-032, MS00-043, MS01-015, MS01-020, MS02-068, or MS03-023, for instance. Notice that's at least one for the last five years. And though Microsoft's latest versions of Outlook block most executable attachments by default, it's still possible to override those protections.

      **Further, due to the strong separation between normal users and the privileged root user, our Linux user would have to be running as root to really do any damage to the system. He could damage his /home directory, but that's about it. So the above steps now become the following: read, save, become root, give executable permissions, run. The more steps, the less likely a virus infection becomes, and certainly the less likely a catastrophically spreading virus becomes.

      Those are just a few points from the article. So the real issue has much less to do with market penetration and a lot more to do with Microsoft building an Operating system that seems to be meant to be insecure.
  • by ciaran_o_riordan (662132) on Monday October 06, 2003 @06:33PM (#7148166) Homepage

    RMS commented on this issue earlier this year:

    There are several reasons why GNU/Linux has few viruses:

    1. We designed the GNU system, from the outset in 1984, as a multi-user timesharing system with security features. An ordinary user cannot change the system software. Linux, Torvalds' 1991 kernel, followed this design as well.
    2. We did not make the incredibly stupid decision to design applications so that they execute programs that arrive in the mail.
    3. Free software developers seem to do a better job, overall. (This is the point that the Open Source Movement primarily focuses on. For us in the Free Software Movement, this is a nice bonus, but please mention that freedom is even more important.)
    4. GNU/Linux is less popular than Windows and most virus developers target the more common system.

    If everyone switches to GNU/Linux, reason 4 will go away, but not the others. Therefore, people can expect to have much fewer virus problems in a world of GNU/Linux users than then have now with Windows.

    --END-OF-RMS-TEXT--

    • by realdpk (116490) on Monday October 06, 2003 @06:41PM (#7148262) Homepage Journal
      Of course! I'm certain that once Linux is more popular than Windows, all of the people who used to code for Windows will simultaneously implode, preventing them from writing bad code on Linux.
  • Forget Windows (Score:5, Insightful)

    by mutewinter (688449) on Monday October 06, 2003 @06:34PM (#7148179)
    If people just stopped using Outlook and only used plain text email there'd be much less of a security problem... I doubt Gabe over at Valve is going to be using it again any time soon.
  • "Normal user" (Score:5, Insightful)

    by owlstead (636356) on Monday October 06, 2003 @06:35PM (#7148188)
    Luckily I've already responded to the author in person before this became /.ed.

    As I've pointed out to the author, being just a "normal user" is enough to let the virus spread and to destroy the "normal" users documents.

    I keep seeing this argument over and over again when talking about system stability. But my system would be next to useless if all my documents and configurations would be gone. Maybe it would be easier to recover from backup instead of a full reinstall, but that would be it.

    Most pc's out there are single user (or single family) computers, instead of the old multi-user mainframes. All the important data are in reach of the virus.

    If I get a response I will let you know...
    • Re:"Normal user" (Score:5, Informative)

      by lhand (30548) on Monday October 06, 2003 @07:03PM (#7148485)
      Keep in mind that your losing all your files is a lot different than hosing the entire system. The virus that affected me (say from doing something silly like running an email attachment) does not affect other users of my system. (My wife and kids use my system too. Their data would remain secure.) Finally the *spread* of the virus would be hampered because the virus could only do what *I* can do, so binding arbritary ports, hijacking the web server, infecting critical system library components, is just not possible. The virus may still spread, but it is limited as to the infection vectors available to it.
  • ... that having your /home directory trashed and losing all your settings on a single-user, *nix-based machine is just as bad as having to format/reinstall your MS OS. (This is for home/personal use - any large, competent business should have a recent ghost image ready to go and a backup solution for user data.)

  • ummm (Score:2, Insightful)

    by Ty (15982)
    This sort of social engineering, so easy to accomplish in Windows, requires far more steps and far greater effort on the part of the Linux user. Instead of just reading an email (... just reading an email?!?), a Linux user would have to read the email, save the attachment, give the attachment executable permissions, and then run the executable. Even as less sophisticated users begin to migrate to Linux, they may not understand exactly why they can't just execute attachments, but they will still have to go t
  • Missing the point? (Score:3, Interesting)

    by psydid (73199) on Monday October 06, 2003 @06:36PM (#7148204)
    Seems the author misses the very obvious point that many of the weaknesses in Windows are there for user-friendliness. Making it easier for users to open attachments & see HTML mail is practically a requirement for the great mass of users. Yes, they're clueless, and yes, it would be nice if they could get over their fear of slightly more complex interfaces. But it ain't gonna happen.

    Yes, if Linux _in its current form_ was as common as Windows, it would be be much more secure. But we might as well wish for green eggs & ham ... Linux in its current form will never be as popular precisely BECAUSE of those same limitations. It's practically a tautology that any popular operating system, in order to become popular, must make compromises that make worms inevitable.
  • ... that Microsoft's vulnerability-prone. However, I'm not so quick to accept this guy's suggestion. Viruses are only successful to the author of them if they cause a lot of mischief. Why target a handful of Linux or Mac boxes when you've got a common base many many times larger?

    This guy is right that Windows security sucks, but it's ignorant to dispute that the sheer number of Windows machines out there makes it an attractive target. Look towards Blaster if you don't believe me.
  • by deputydink (173771)
    One of the things that makes Linux a poor target for virus writers is an almost bewildering array of platforms, kernels and architectures.
    System binaries are often in different places even on the same distribution, depending on whether you are using package management or compiling source and sometimes run as different users.

    I've seen about 5 diffenent schemes for laying out apache on the disk and i bet theres tonnes more. and i've seen some old solaris admins that move to linux feel the need to move im
  • by Jason1729 (561790) on Monday October 06, 2003 @06:37PM (#7148221)
    Any OS is only as secure as the user. When an OS has as much market dominance as windows, it will have a lot of stupid users who do things like open email attachments and not install security patches.

    That's why any dominant OS will be a prime target for virus writers.

    Jason
    ProfQuotes [profquotes.com]
  • by bersl2 (689221) on Monday October 06, 2003 @06:37PM (#7148223) Journal
    You can't infect a normal system executable from a normal user on a normal UNIX-like system which, IIRC, is how most true viruses work on Windows. There are security holes; but then again, there are security holes in all software.
  • With the popularity of any OS, it is quike likely that you are going to get an increase in script-kiddies, etc using that OS and thus hacking at it.

    Also, while you might get credence for hacking secure webservers... the major ones are fairly tight, and it might actually be easier to simply look up the hack-of-the-day and write an exploit. Even linux is vulnerable to this if they catch you before a patch. By hacking many windows boxen... said script kiddy can at least say "See all that, I did it! Look at h
  • by SharpFang (651121) on Monday October 06, 2003 @06:40PM (#7148249) Homepage Journal
    Windows "out of the box" is as wide open as the goatse.cx guy. Linux by default usually has some tiny backdoors (say, unpassworded LILO) and is generally hard to break into. Now assume, breaking into the system using self-sustaining program (like virus - you deploy and it proceeds on its own, without "external help") is quite a bit harder than breaking in "manually" (i.e. trying diferent exploits, snooping, spoofing etc). If Linux is so much harder to break in manually, it's just as much harder to spread viruses.
    Plus the "flavour" factor. If there were as many as different "windows distributions" and windows was as customizable as Linux, the viruses would have much harder time to find "exploitable system".
    Now, when we are past the political differences, we may consider how "technically" harder is it to write Linux viruses.
  • by mOoZik (698544) on Monday October 06, 2003 @06:41PM (#7148267) Homepage
    While poor programming may lead to holes, it is only widespread use (and frequency of use) that brings these holes to the surface. There are all sorts of holes found in Linux, BSD's, many open source software, etc, and considering their user base is much smaller, one could venture and say the products put out by microsoft are actually *safer* than open source. Think about it!
  • Unixcorn (Score:2, Insightful)

    by unixcorn (120825)
    It is clear the author of this twaddle has never worked with the masses supporting any type of computer system. If he had, he would know that explaining the steps to open an email attachment and giving it executable permissions to 80% of end users would be like teaching a dog to drive. I get the same blank stares from my "charges" every day while explaining the most rudementary computer related tasks. If I hear "I am not a compter person" one more fricking time, I am going to go on a 5 state killing spree!!
  • by Raptor CK (10482) on Monday October 06, 2003 @06:42PM (#7148279) Journal
    What about wrapping a virus around a rootkit?

    Once anything has root access, it's tough to stop it from making a great many changes to a system, and worming into other systems with the same vulnerability.

    This isn't very different at all from the Windows viruses, where almost everything runs with admin access.

    I'd say that Linux is a VERY tempting target on the server front, it's just that those systems aren't only under a more watchful eye than the common workstation, they're also usually locked down more tightly out of paranoia.

    Now that Win2000/XP has a "Run As" feature built in, home users really shouldn't have default admin access anyway, so it's more of an issue of defaults than anything else.

    This is, of course, coming as long-time Linux admin/Windows PC owner/current Mac OS X user. I've seen all three platforms, and Windows isn't really that bad if you just a) set it up properly, and b) train the users. Perhaps if Microsoft actually made a point of enabling privilege separation out of the box, it wouldn't have all these problems. Of course, this is exactly what's wrong with Lindows, ironically enough. It's engineered just fine, it's just not set up right.

  • by proberts (9821) on Monday October 06, 2003 @06:44PM (#7148296) Homepage
    The number of viruses doesn't map directly to "OS is safer." There are lots of factors, like motivation to create malware, and ease of injection that come into play, and ease of injection is an application issue more than it is an OS issue. Small modifications to the most popular mail application on each platform would have more effect (discounting worms) than anything else outside of motivation of malware authors.

    Secondly, the author obviously lacks clue- modern Windows OS' do *not* execute files based on file type, its a combination of reading the first N bytes of the file, and file type. Rename any .exe to anything else and click on it on a Windows host.

    If you have to go back 4 years to get security bulletin examples, it's because you don't have sufficient information- there are ~30 unpatched IE vulnerabilites that affect IE and Outlook that are public, and another ~20 that aren't. You don't have to go back to 1999 to find examples of why the platform is seriously hosed.

    It's also too bad the author doesn't address rootkits, because it's important to give some overall malware pictures to show that everything isn't rosy on either side of the fence.

    *nix is definitely in a better default state, but it's not the OS that makes that possible (heck, NTFS has filesystem attributes that could likely help.) It's too bad someone with a better understanding of the issues didn't write this article, there are too many holes for serious *doze admins to poke in this one to make it worth passing around.

    [Addressing exec-shield and worms would have given a really good argument for Linux, for instance.]

    Paul

  • For those interested, there's a rebuttal linked from Newsforge which pretty much summarizes a lot of the points made here.

    Direct link to the article here [virusbtn.com].

    I do wish I could get a good, clear, Linux-favoring argument on the security level (or any other level for that matter). I really am concerned about personal zealotry and the less I come off as a Penguinoid, the more believable/convincing I would be.

  • by DrPascal (185005) on Monday October 06, 2003 @06:51PM (#7148359) Homepage
    The premises of his entire argument are not very sound. He talks about how Linux is safer because it is difficult to run an attachment without knowing how to save it / set execute permissions, and how you can 'only screw up your /home directory' since you don't run as root.

    _Really_ think about this one. In order for Linux to become as popular and intuitive [shiver] as Windows, things like "setting execute permissions" need to be automatic. Installing apps should be relatively simple as well. Look at Lindows! You run as root. Tie that in with a couple of "intuitive" features in a mail client, and you have a handful of rootkit'ed machines.

    Plus, what if everyone magically rolled to Redhat 7.3 when it came out, ditching Windows all together? Since then, we've had two SSH vulnerabilities. Sure, those using Linux applied the necessary patches / updates and we're all safe again... probably within minutes.

    But "Regular User Guy" won't apply that patch. Multiply that by a million users. Now you have millions of machines out there running a rootable linux box.

    OSes will have vulnerabilities. They need to be patched. It ALWAYS comes down to the user. Will Linux be 'safer' than Windows (i.e. less vulnerabilities / worms)? Possibly. But it certainly has nothing to do with its difficulty to become root or inconveniences of a mail application.
    • Your argument falls apart easily. One just has to look at Mac OS X. Here's a UNIX variant (BSD nevertheless...) that is easier to use than Windows.

      Ease of use is important but then so is intelligent design. Windows arguably has the former , Linux the latter, but OS X seems to get it right on both counts.

      Windows problems are not limited to poor kernel design (extraneous graphics routines and such are included in the kernel, bad bad bad...) but also extend to the usability front. Cryptic error messages and
    • by Admiral Burrito (11807) on Monday October 06, 2003 @07:37PM (#7148760)
      In order for Linux to become as popular and intuitive [shiver] as Windows, things like "setting execute permissions" need to be automatic. Installing apps should be relatively simple as well.

      An email client is not a program installer. That is what apt/up2date/whatever, and their various GUI front-ends, are for. Those do set execute permissions, among other important functionality (like handling dependencies) that does not belong in an email client.

      OSes will have vulnerabilities. They need to be patched. It ALWAYS comes down to the user.

      Internet Explorer has 31 unpatched vulnerabilities. [pivx.com] How does it "come down to the user" to fix those holes when there are no patches available?

    • Plus, what if everyone magically rolled to Redhat 7.3 when it came out, ditching Windows all together? Since then, we've had two SSH vulnerabilities. Sure, those using Linux applied the necessary patches / updates and we're all safe again... probably within minutes. But "Regular User Guy" won't apply that patch.

      Every install of RedHat I've ever done sure as hell doesn't install and run an SSH daemon by default. And if you turn it on, you can turn it off.

      Hundreds of posts, and not one Slashdotter has poi
  • What about OS X? (Score:5, Insightful)

    by tb3 (313150) on Monday October 06, 2003 @06:51PM (#7148366) Homepage
    I don't like the way he keeps mentioning OS X in the same breath as Linux, but neglects to point out the differences.

    OS X was designed from the beginning as a desktop OS, and the designers have taken these issues into account. For one thing, the root account is disabled. It is not trivial to enable the root account, and it isn't even necessary.

    Secondly, even though OS X ships with a standard mail client it's a good mail client. It can't run applications or scripts with a single click, HTML email is limited to display, no JavaScript can run, and plug-ins don't work.

    I wonder if Apple should thank Microsoft for setting such a bad example!
    • Enabling root is totally non-trivial.

      Applications/Utilities/Net Info Manager:
      Security >> Enable Root User

      Didn't even have to touch the command line or restart or anything. But for the most part you're right about it not being necessary.

      In addition...I like the idea of having a pure System directory. For those of you who don't know, as a programmer you never have to touch the System directory in OS X save kernel extensions.
    • Yes, *but* (Score:3, Insightful)

      by stewby18 (594952)

      For one thing, the root account is disabled. It is not trivial to enable the root account, and it isn't even necessary.

      On the other hand, he doesn't mention that all you have to do is convince someone to enter their Administrator password, and all hell can break loose. I would say you are far more likely to sucessfully socially engineer someone to do that (Check out this wicked screen-saver; you just need to enter your administrator password to install it (a common install procedure)) than to get a *NIX

  • by c13v3rm0nk3y (189767) on Monday October 06, 2003 @06:54PM (#7148389) Homepage

    The part I find ironic about this article (most of which I agree with) is that some of the world first viruses were written for, and designed to run on, UNIX.

    At least the early work by Dr. Fred Cohen [all.net] was certainly done on a variety of boxes, and UNIX figured prominently.

    The shell viruses were particularly interesting to me.

    His book A Short Course in Computer Viruses, ASP Press (1991) is a fantastic read, even for it's age.

  • A couple of things (Score:5, Insightful)

    by Trailer Trash (60756) on Monday October 06, 2003 @07:39PM (#7148774) Homepage

    While I agree with the gist of his article, there are a couple of obvious problems:

    Further, due to the strong community around Linux, new users will receive education and encouragement in areas such as email security that are currently lacking in the Windows world

    That's unlikely. As Linux takes over corporate desktops, the users are not going to be joining LUG's or mailing lists. This has been mostly true up to this point, but mass acceptance will change the demographic of the user community to be more like that of Windows.

    Further, due to the strong separation between normal users and the privileged root user, our Linux user would have to be running as root to really do any damage to the system. He could damage his /home directory, but that's about it.

    It's mind-boggling that this stupid line of reasoning is still used. First, my home directory is the part of the system that I'm most concerned about protecting. Holy shit! That's where my files are. The rest of the OS can be downloaded off the internet or from any CD that I have. But what about the files that I have created? A program destroying my home directory is a far larger problem than a program that mucks up executables or something.

    Second, the modern worm/virus on Windows doesn't need any elevated privileges. The whole point is to spread, and there is absolutely nothing about that process that needs or uses any elevated privileges. Being root is not terribly relevant for the modern worm.

    With all the lost money and productivity over the last decade caused by countless Microsoft-borne viruses and worms, you'd think the company could have changed its procedures in this area, but no.

    And it wouldn't have made a damned bit of difference for the most destructive email worms. Is the author from another planet? I have to wonder.

  • Only /home? (Score:5, Insightful)

    by chill (34294) on Monday October 06, 2003 @07:53PM (#7148885) Journal
    I'd rather wipe out my system, and not touch /home than the other way around. I can reinstall most of the system in short order, but my /home directory contains all the important stuff.

    Remember, it is the *DATA* that is important, not the programs. There are boxes and boxes of the same program on most computer store shelves -- or tons of .tar.gz, .rpm or .iso files for the download.
    • Re:Only /home? (Score:4, Insightful)

      by FooBarWidget (556006) on Tuesday October 07, 2003 @04:26AM (#7151298)
      That's only true for systems with 1 user. Most home computers are family computers, used by you, your wife, your kids, etc. If a virus wipes out my home directory, at least my parents' homes won't be wiped. In Windows on the other hand, *everything* will be wiped.

      "I'd rather wipe out my system, and not touch /home than the other way around"

      Not possible. Either your system *and* home directory is wiped, or your home directory only.
      What would you prefer:
      1. A full system install *and* data restore.
      2. Only data restore.
  • by jbum (121617) on Monday October 06, 2003 @08:07PM (#7148967)
    > the conventional wisdom that if Linux or Mac OS X were as popular as Windows...

    The very features which make Linux less vulnerable to virii also insure that it will
    never be as popular as Windows.

    Try explaining 'chmod' to your mother-in-law.

  • Interesting rebuttal (Score:4, Informative)

    by geekee (591277) on Monday October 06, 2003 @08:08PM (#7148978)
    Here's [virusbtn.com] an interesting rebuttal. The 1st line is "The single biggest security issue facing Linux users at the moment is the misconception perpetuated by highly vocal advocates that Linux is somehow impenetrable to security-based attacks, and in particular, viruses and other malware."
  • by FreekyGeek (19819) <{thinkstoomuch} {at} {gmail.com}> on Monday October 06, 2003 @08:20PM (#7149053)
    A very interesting article, but the author leaves out one very important point: the difficulty of writing a virus for Linux is much higher than writing one for Windows, so fewer people will do it. It takes much greater skill and effort to screw up a UNIX-based system than a winodws system because of the much clearer distinction between user files and system files. Today, a large percentage of Windows viruses are just slight modifications of others, and there even exist "virus toolkits" to generate viruses without much technical knowledge at all. In short, the "script kiddie" factor of relatively clueless people whipping up viruses based on a few instructions received in IRC is much less under UNIX.

    The author does point out, quite correctly, that even if Linux viruses became more widespread, most of them would probably only affect the user space and not currupt the system itself.

"Call immediately. Time is running out. We both need to do something monstrous before we die." -- Message from Ralph Steadman to Hunter Thompson

Working...