Viruses and Market Dominance - Myth or Fact? 736
rocketjam writes "An article at The Register, authored by Scott Granneman of SecurityFocus, examines the conventional wisdom that if Linux or Mac OS X were as popular as Windows, there would be just as many viruses written for those platforms. Mr. Granneman bluntly says this is wrong, then proceeds to detail the fundamental differences between those OS's and Windows which make Windows an easy and inviting target for virus-writers, as opposed to the Unix-based platforms."
What about r00tkits? (Score:3, Interesting)
What about root kits? I would consider that a virus, not technically speaking, but it's still along the same lines.
Re:What about r00tkits? (Score:2, Informative)
Re:What about r00tkits? (Score:3, Funny)
Re:What about r00tkits? (Score:2)
Re:What about r00tkits? (Score:5, Insightful)
Personally, I consider viruses, worms and trojans to all fall into the same genus. The differences between the three aren't too important and blurry anyways. They are all hostile code that can affect any system.
Re:What about r00tkits? (Score:3, Informative)
If you can't tell the difference, you'll be owned. (Score:5, Informative)
A worm is handled by keeping your patches up to date and by NOT RUNNING ANYTHING YOU DON'T NEED.
A virus is handled by NOT RUNNING AS ROOT.
A trojan is handled by EDUCATION.
Microsoft has made the spread of trojans and viruses very easy by automatically running code. Sometimes without the user even knowing that the code has been executed.
A rootkit usually uses an exploit in a running process to install itself. In this fashion, it is similar to a worm. But it does not automatically spread itself to other machines.
Or it could be a hacked version of ls that is executed because someone was dumb enough to have . in their path. In which case it is similar to a trojan.
Different terms to reflect different attacks that are defeated in different ways.
All the patching in the world will not stop a trojan.
The best security on your email program will not matter if you're running a vulnerable version of sendmail.
Only run what you need to run.
Run with the minimum rights necessary.
Don't run unknown code.
Keep your patches current.
Run tripwire or something similar.
Review your logs.
Re:What about r00tkits? (Score:3, Interesting)
Let me break it down to you:
a trojan horse is code you run on your computer that doesn't do what you thought it did. In my opinion, these are mostly user stupidity.
a virus is code being injected into a program you run normally. How it gets there is not really part of 'viral activity'. Technically, we have very few virii left these days, most fall into the trojan horse category. Virii were especially popular back in the days of DOS, when modifying a file
Re:What about r00tkits? (Score:3, Interesting)
software installation isn't a daily chore.
that some software you talk about unfortunately sucks, and should be pressured (by voting with dollars, or by complaining) to be fixed. Blaming OS is not the solution. Said software would run improperly on any system that has a security subsystem.
PS. as much as it is a PITA for me to run as non admin too, I do get by. Here's two pieces of advice:
Shift right clicking on an executable will allow you to "Run As...". You can't complain about that because i
Re:What about r00tkits? (Score:3, Informative)
Hrm. That sounds a little like saying that it's not important for the lay public to know the differences between real (biological) viruses and bacteria--they're both hostile organisms that make us sick, right?
All well and good until you have people with rhinoviruses going to the doctor and deman
Re:What about r00tkits? (Score:4, Informative)
If that is your definition of a virus, you might as well lump NT crack and the windows 2000 installation CD as Viruses.
Re:What about r00tkits? (Score:5, Interesting)
Even if you think that one-click installs are necesarry, take a look at MacOS. It allows for one-click installs, but if you the program is going to change OS code/settings, then you are warned about it and prompted for a password (a la sudo.) Of course the MS-programming-kernel that used to be your brain will probably respond that having to put in a password makes the OS "broken"
Imagine some software engineer saying "hey you know what would make things really easy for our users, if we could remotely take control of their computers, install patches/extensions, and optimize some of their hardware settings." There you go. That could make installing/setting up/maintaining complex software so much easier, right? Hey there are some really obvious security implications, but eaiser is always better right?
Re:What about r00tkits? (Score:3)
No, consumer feedback from years of user research has socially engineered Microsoft into believing it is necessary and desirable, because this is EXACTLY what people want.
Have you even tried running Windows post-NT without administrator privilegs, and how it also doesn't let you change things without an administrator password? Your post was just endless FUD spawned from a chip on yo
Re:What about r00tkits? (Score:5, Interesting)
[scoff!]
You think the reason car thieves haven't taken advantage of weaknesses in remote unlock systems is because they're so well designed? Think again, man. The reason no one's making black-market code-grabbers for remote door lock systems is because the slim-jim class of opening tools still work. There's no reason to attempt to exploit a complicated electronic system on the front door when the back door is secured with a plastic padlock labeled "do not cut off this padlock"! If you ask me, Windows is just like cars. They add on all sorts of fancy things but don't fix the security holes that are already there.
Re:What about r00tkits? (Score:3, Informative)
Time to install RH 9.0 Linux with Apache, SQL and development tools and patch to date: 3 hrs. Time to install Windows 2K Server + IIS, MS-SQL Server and IIS and patch up to date. One day minimum and the process of patching isn't so automated (lots of separate downloads).
'nuff said?
Oh and up2date at least uses signatures.
Re:What about r00tkits? (Score:3, Insightful)
Re:What about r00tkits? (Score:3, Insightful)
yes, but the effect might be different (Score:5, Interesting)
Re:yes, but the effect might be different (Score:5, Interesting)
Re:yes, but the effect might be different (Score:5, Insightful)
Re:yes, but the effect might be different (Score:3, Insightful)
An article that links Windows exploits and theft of code as a reflection of Open Source is the sanest thing you've read about this incident? What other black-helicopters-from-Open-Source-world stories have you been reading?
The author of this article does not understand the culture nor history of what he criticizes. Or he understands it well enough to know what buttons to push.
Misguided. Maybe sociopathic. Ha
Re:yes, but the effect might be different (Score:5, Insightful)
I think that was the first sentence:
It could be analogous to blaming the engineers if they had painted a big target on sensitive areas of the building, and provided planes a lighted approach for hitting them.
But, it gets even better:
When are you notified that you may need a kevlar vest? Again, this would be a more fitting analogy if the person not wearing a vest was in, say.. Iraq 8 months ago and had a US Army emblem stitched on their uniform. If you buy software, I think it's a reasonable expectation that it won't be broken due to negligence. If I purchased a car, I'd be pretty pissed off if I found out the company made it very easy to open it without my keyless entry fob. That's a much more fitting analogy. Analogies suck to argue with, so lets just keep on the real subject:
Yes, this is why we demonize Microsoft. Not because they violate HTTP, SSL, CSS, and countless other standards. Not because they violate business laws, and are sued for it. We demonize them because they attract idiots better than us. I'm glad he cleared that up for me, because I was wondering why I didn't run Windows. It's not just my surprise, Ed has one too:
I suppose I'm part of the culture, and I don't glorify nor justify. In fact, I say it's wrong. So do a lot of people. So, again, half-baked claims with no factual backing. Yes, I'm sure several people did say that Half-Life will now have Linux binaries. If any of them said it seriously, I doubt they have the capabilities to build them anyway. Any joke taken out of context can make someone look like a dick. Or a Communist, right Ed?
I didn't realize that thieves were happy only getting what they need and no more. Perhaps you should ask Microsoft since it's documented that they have stolen a few things. I can definitely see how they take only what they need. Like $40B in cash reserves.
But when we talk about P2P, that's when Communism really rears it's ugly head. Not Capitalism and market dominance nor supply and demand, which is the very cornerstone of capitalist economics:
The replacement to the RIAA? I'm not sure, how about CDBaby or the other houses that are opening up? Why are there so many famous artists that loathe the RIAA? How many famous artists have you sat down and talked to about record contracts. I can name one, and he makes more money now touring as a legendary band (from the 60s) than he ever did from his 6 platinum records. Even he wants to get on the internet distribution bandwagon. But,
his worst argument... (Score:3, Interesting)
And the network effect he mentions is really just a more sophisticated version of the "everybody uses Windows" argument he disparages.
I'm not qualified to comment on his technical arguments...
Re:his worst argument... (Score:5, Insightful)
Further, due to the strong community around Linux, new users will receive education and encouragement in areas such as email security that are currently lacking in the Windows world, which should help to alleviate any concerns on the part of newbies.
Yeah right. I garuntee if my Mom started using Linux all she'd be doing the same things she's doing now. You can lead a horse to water but you can't make them check if it's contaminated first...
Re:his worst argument... (Score:3, Interesting)
Some people say that number of virii per platform will be roughly equivalent to that platform's marketshare. They are wrong. Windows is different to the other platforms because:
1) On Windows, applications share architecture making cross-contamination easier.
2) On other platforms, there are more steps to perform to accomplish simple tasks than on Windows (implying that users really need to work at it to get infected).
3) On Windows platforms, most
Re:his worst argument... (Score:3, Interesting)
Sounds like Lindows...
Re:his worst argument... (Score:3, Informative)
I doubt it. Why would Linux go that route rather than doing it like OS X, which is essentially Unix for the "unwashed masses".
Re:his worst argument... (Score:3, Insightful)
Which is why I said "any consumer Windows OS". The first NT based OS targeted at consumers (as opposed to businesses) was WinXP.
Yes, a lot of software assumes admin rights when it really has no place doing so (even OpenOffice for Windows requires Admin rights to install!) However, for a similar task under unix, try installing Perl and a bunch of CPAN modules on a
Re:his worst argument... (Score:5, Insightful)
For example, OS X installs the first user as an Administrator (though several tasks require they enter their password as a sort of sudo command - but most users would simply do so without thinking of the consequences).
The last time I installed Red Hat (7.2 I believe), it had you set the root user, then create a new normal user - assuming the user logs in as themselves, and not root, then the protections will work.
I think the best note is "if users act like they should" (which is easier in an office environment than a home one), then virses onto UNIX based systems (GNU/Linux, BSD, or otherwise) won't get very far and will find quick death if spread using the standard "social engineering" ways of the MS Windows world.
The difference between UNIX systems and Windows ones is that there are fewer protections on Windows to prevent System-level commands from being run. On a UNIX box, if I'm signing on as me (non-admin type), then I can feel pretty good about general security. If I'm on a Windows box, I'm going to have to be double cautious with everything that crosses my email or my browser - whether I actively run it or not.
So I'd say he made some fallacies, but overall his point is more correct than the cries of "Well, there are less viruses on GNU/Linux and OS X because nobody runs it! Nyah!"
OS X Administrator != root (Score:4, Interesting)
Re:his worst argument... (Score:3, Interesting)
So you're saying that Linux should make it easier for users to run scripts and executeables they receive in the mail?
TheFrood
Re:his worst argument... (Score:3, Interesting)
Analagous claim:
You are less likely to get food poisoning from home-cooking than eating in a restaurant.
Analagous argument:
It is more difficult to prepare a meal at home than to order one in a restaurant, therefore you are less likely to do it, and therefore less likely to get food-poisoning.
My response (to b
I hate this argument. (Score:2, Insightful)
Re:I hate this argument. (Score:2)
Re:I hate this argument. (Score:3, Interesting)
Since this article is about the spread of virii on popular systems, let's concider for the moment how most people use computers. Most people have one computer to themselves. They will set up an account for themselves, and probably their entire family uses that one account. They store a year's worth of data on it, and then a virus comes along. Now, you are saying, well, it's only limited to the one account
I see the problem. (Score:5, Funny)
Operating System bugs vs Application level bugs (Score:5, Insightful)
As long as there is software there will be bugs, no matter where it is run.
Re:Operating System bugs vs Application level bugs (Score:2)
This is very true. All it takes is an inexpicably popular piece of software that has a vulnerability in it. Franky, I don't think it'd be hard for somebody to write an interesting app just to do that. Kazaa ring a bell?
Linux Is Getting There, too! (Score:5, Insightful)
If Linux becomes more popular, media recognition and increasingly "dumbed down" distros will make it a good platform virus writers.
Re:Linux Is Getting There, too! (Score:5, Insightful)
And that's what, as far as I know, NO ONE would manage to dumb Linux down to be able to do. All of the big virii like SoBig and Blaster rely on Microsoft's boneheaded insistance on cross-linking every program and giving everything full root rights. Did you know there's one theoretical expoit in Windows, thankfully not done yet, in which an MP3 could be given a corrupt header, which points IE to a virus online, and be activated simply on MOUSEOVER? No joke, it's out in MS's security updates archive.
So even if it becomes easier for lusers to infect themselves, the chances of an Internet crippling worm are FAR reduced. (and that's even assuming a few standardized builds; the huge multitude of programs available for Linux create a form of security through obscurity)
Re:Linux Is Getting There, too! (Score:5, Informative)
Re:Linux Is Getting There, too! (Score:3, Insightful)
Re:Linux Is Getting There, too! (Score:5, Interesting)
No.
The very fact that Unix-like OSs have a concept of a "root" account (which the Windows "equivalent", "administrator", does not even come CLOSE to matching in terms of actual separation of permissions), makes it all but invincible to virii.
Yes, if Linux becomes popular enough for virus authors to target it, we'll see a round of trojans using root exploits - But unlike Windows exploits, very few of these exist to start with, and they will (and do) get fixed within a few hours of discovery.
Actually, for that reason, I think more Linux virii would help Linux security overall, as it would expose those root exploits faster than we can discover them normally. Yeah, a few boxes would suffer, but the community as a whole would benefit.
Re:Linux Is Getting There, too! (Score:2)
You'll need to distribute the virus in several versions of rpm....
Mod parent up! (Score:3, Insightful)
If and when the so-called great Linux revolution occurs, distros will have to keep the needs of the average consumer in mind. Y'know, the people who outnumber your average slashdot reader in droves? Most of these people have no desire or need to really learn anything beyond what i
Its all about the money (Score:3, Insightful)
MS quickly created some powerful internet enabled applications. Outlook is the best example. In order to provide so many 'innovative' goodies and features they had to sacrifice security. Deep system hooks and then trying to justify their inclusion of Internet Explorer forced them to tie IE deeply to the system. A great example of short term profiteering at the cost of long term credibility.
Just my opinion. But I am 37 and my degree is in International Relations!
ONE LOVE!
Grampy
But... (Score:3, Insightful)
Not that it matters to those of us who never patch, no matter what OS you're running. I administer a Win2K based server that has remained stable because I patched it religiously and made sure that it was not easily compromised, and so far nothing has happened to it. (In fact, I had a "white hat" come in and try the usual round of exploits on the box, and none worked.)
OTOH, a friend of mine administering a Linux server was too busy bragging about his non-stop uptime to upgrade to a non-exploitable version of Apache and got his site defaced. Twice.
It's not the OS, it's what you do with it.
Re:But... (Score:5, Insightful)
Nope. You should probably read the article. It explains the flaw in your logic. To save you some time, here are the relevant parts.........
We've all heard it many times when a new Microsoft virus comes out. In fact, I've heard it a couple of times this week already. Someone on a mailing list or discussion forum complains about the latest in a long line of Microsoft email viruses or worms and recommends others consider Mac OS X or Linux as a somewhat safer computing platform. In response, another person named, oh, let's call him "Bill," says, basically, "How ridiculous! The only reason Microsoft software is the target of so many viruses is because it is so widely used! Why, if Linux or Mac OS X was as popular as Windows, there would be just as many viruses written for those platforms!"
Of course, it's not just "regular folks" on mailing lists who share this opinion. Businesspeople have expressed similar attitudes
Mr. Clarke is wrong.
AND THESE BULLITS....
**Windows software is either executable or not, depending on the file extension. So if a file ends with ".exe" or ".scr", it can be run as a program (yes, of course, if you change a text file's extension from ".txt" to ".exe", nothing will happen, because it's not magically an executable; I'm talking about real executable programs). It's easy to run executables in the Windows world, and users who get an email with a subject line like "Check out this wicked screensaver!" and an attachment, too often click on it without thinking first, and bang! we're off to the races and a new worm has taken over their systems.
**Microsoft's email software is able to infect a user's computer when they do something as innocuous as read an email! Don't believe me? Take a look at Microsoft Security Bulletins MS99-032, MS00-043, MS01-015, MS01-020, MS02-068, or MS03-023, for instance. Notice that's at least one for the last five years. And though Microsoft's latest versions of Outlook block most executable attachments by default, it's still possible to override those protections.
**Further, due to the strong separation between normal users and the privileged root user, our Linux user would have to be running as root to really do any damage to the system. He could damage his
Those are just a few points from the article. So the real issue has much less to do with market penetration and a lot more to do with Microsoft building an Operating system that seems to be meant to be insecure.
Windows viruses and GNU/Linux (Score:5, Insightful)
RMS commented on this issue earlier this year:
There are several reasons why GNU/Linux has few viruses:
If everyone switches to GNU/Linux, reason 4 will go away, but not the others. Therefore, people can expect to have much fewer virus problems in a world of GNU/Linux users than then have now with Windows.
--END-OF-RMS-TEXT--
Re:Windows viruses and GNU/Linux (Score:5, Funny)
Re:Windows viruses and GNU/Linux (Score:5, Interesting)
The platform isn't the issue. RMS said that Free Software developers seem to do a better job. This may be because of peer review, or even the threat of peer review etc.
Ciaran O'Riordan
Re:Windows viruses and GNU/Linux (Score:3, Insightful)
Re:Not all but more (Score:4, Informative)
The good folks at Red Hat have come up with a cool way to avoid some of the problems of monoculture in GNU/Linux: position independent executables. Addresses of code segments can be randomized at load time by the dynamic linker. The result is that common techniques for writing buffer overflow exploits no longer work, because every executable on every server is different. You can no longer insert code into a buffer whose length is not checked and then override the return address to point to it, because you don't know what return address to use. Worms can't spread if this technique is used.
While this technique still doesn't stop people from exploiting cross-site scripting bugs, it's progress.
Forget Windows (Score:5, Insightful)
"Normal user" (Score:5, Insightful)
As I've pointed out to the author, being just a "normal user" is enough to let the virus spread and to destroy the "normal" users documents.
I keep seeing this argument over and over again when talking about system stability. But my system would be next to useless if all my documents and configurations would be gone. Maybe it would be easier to recover from backup instead of a full reinstall, but that would be it.
Most pc's out there are single user (or single family) computers, instead of the old multi-user mainframes. All the important data are in reach of the virus.
If I get a response I will let you know...
Re:"Normal user" (Score:5, Informative)
I still argue.. (Score:2)
ummm (Score:2, Insightful)
Missing the point? (Score:3, Interesting)
Yes, if Linux _in its current form_ was as common as Windows, it would be be much more secure. But we might as well wish for green eggs & ham
No one is debating.. (Score:2)
This guy is right that Windows security sucks, but it's ignorant to dispute that the sheer number of Windows machines out there makes it an attractive target. Look towards Blaster if you don't believe me.
Architecture (Score:2, Funny)
System binaries are often in different places even on the same distribution, depending on whether you are using package management or compiling source and sometimes run as different users.
I've seen about 5 diffenent schemes for laying out apache on the disk and i bet theres tonnes more. and i've seen some old solaris admins that move to linux feel the need to move im
The users are a factor (Score:3, Insightful)
That's why any dominant OS will be a prime target for virus writers.
Jason
ProfQuotes [profquotes.com]
Most executables are +w only by root (Score:5, Informative)
How about, partly true (Score:2)
Also, while you might get credence for hacking secure webservers... the major ones are fairly tight, and it might actually be easier to simply look up the hack-of-the-day and write an exploit. Even linux is vulnerable to this if they catch you before a patch. By hacking many windows boxen... said script kiddy can at least say "See all that, I did it! Look at h
Differences... (Score:5, Funny)
Plus the "flavour" factor. If there were as many as different "windows distributions" and windows was as customizable as Linux, the viruses would have much harder time to find "exploitable system".
Now, when we are past the political differences, we may consider how "technically" harder is it to write Linux viruses.
disappointing article (Score:3, Insightful)
Unixcorn (Score:2, Insightful)
It's not that simple, is it? (Score:3, Insightful)
Once anything has root access, it's tough to stop it from making a great many changes to a system, and worming into other systems with the same vulnerability.
This isn't very different at all from the Windows viruses, where almost everything runs with admin access.
I'd say that Linux is a VERY tempting target on the server front, it's just that those systems aren't only under a more watchful eye than the common workstation, they're also usually locked down more tightly out of paranoia.
Now that Win2000/XP has a "Run As" feature built in, home users really shouldn't have default admin access anyway, so it's more of an issue of defaults than anything else.
This is, of course, coming as long-time Linux admin/Windows PC owner/current Mac OS X user. I've seen all three platforms, and Windows isn't really that bad if you just a) set it up properly, and b) train the users. Perhaps if Microsoft actually made a point of enabling privilege separation out of the box, it wouldn't have all these problems. Of course, this is exactly what's wrong with Lindows, ironically enough. It's engineered just fine, it's just not set up right.
Good conclusion, bad logic (Score:3, Informative)
Secondly, the author obviously lacks clue- modern Windows OS' do *not* execute files based on file type, its a combination of reading the first N bytes of the file, and file type. Rename any
If you have to go back 4 years to get security bulletin examples, it's because you don't have sufficient information- there are ~30 unpatched IE vulnerabilites that affect IE and Outlook that are public, and another ~20 that aren't. You don't have to go back to 1999 to find examples of why the platform is seriously hosed.
It's also too bad the author doesn't address rootkits, because it's important to give some overall malware pictures to show that everything isn't rosy on either side of the fence.
*nix is definitely in a better default state, but it's not the OS that makes that possible (heck, NTFS has filesystem attributes that could likely help.) It's too bad someone with a better understanding of the issues didn't write this article, there are too many holes for serious *doze admins to poke in this one to make it worth passing around.
[Addressing exec-shield and worms would have given a really good argument for Linux, for instance.]
Paul
Rebuttal linked from newsforge (Score:2, Informative)
For those interested, there's a rebuttal linked from Newsforge which pretty much summarizes a lot of the points made here.
Direct link to the article here [virusbtn.com].
I do wish I could get a good, clear, Linux-favoring argument on the security level (or any other level for that matter). I really am concerned about personal zealotry and the less I come off as a Penguinoid, the more believable/convincing I would be.
This seems very naive (Score:5, Interesting)
_Really_ think about this one. In order for Linux to become as popular and intuitive [shiver] as Windows, things like "setting execute permissions" need to be automatic. Installing apps should be relatively simple as well. Look at Lindows! You run as root. Tie that in with a couple of "intuitive" features in a mail client, and you have a handful of rootkit'ed machines.
Plus, what if everyone magically rolled to Redhat 7.3 when it came out, ditching Windows all together? Since then, we've had two SSH vulnerabilities. Sure, those using Linux applied the necessary patches / updates and we're all safe again... probably within minutes.
But "Regular User Guy" won't apply that patch. Multiply that by a million users. Now you have millions of machines out there running a rootable linux box.
OSes will have vulnerabilities. They need to be patched. It ALWAYS comes down to the user. Will Linux be 'safer' than Windows (i.e. less vulnerabilities / worms)? Possibly. But it certainly has nothing to do with its difficulty to become root or inconveniences of a mail application.
Re:This seems very naive (Score:3, Insightful)
Ease of use is important but then so is intelligent design. Windows arguably has the former , Linux the latter, but OS X seems to get it right on both counts.
Windows problems are not limited to poor kernel design (extraneous graphics routines and such are included in the kernel, bad bad bad...) but also extend to the usability front. Cryptic error messages and
Re:This seems very naive (Score:4, Informative)
An email client is not a program installer. That is what apt/up2date/whatever, and their various GUI front-ends, are for. Those do set execute permissions, among other important functionality (like handling dependencies) that does not belong in an email client.
Internet Explorer has 31 unpatched vulnerabilities. [pivx.com] How does it "come down to the user" to fix those holes when there are no patches available?
Slight flaw in your logic (Score:3, Insightful)
Every install of RedHat I've ever done sure as hell doesn't install and run an SSH daemon by default. And if you turn it on, you can turn it off.
Hundreds of posts, and not one Slashdotter has poi
What about OS X? (Score:5, Insightful)
OS X was designed from the beginning as a desktop OS, and the designers have taken these issues into account. For one thing, the root account is disabled. It is not trivial to enable the root account, and it isn't even necessary.
Secondly, even though OS X ships with a standard mail client it's a good mail client. It can't run applications or scripts with a single click, HTML email is limited to display, no JavaScript can run, and plug-ins don't work.
I wonder if Apple should thank Microsoft for setting such a bad example!
Enabling root? (Score:3, Informative)
Applications/Utilities/Net Info Manager:
Security >> Enable Root User
Didn't even have to touch the command line or restart or anything. But for the most part you're right about it not being necessary.
In addition...I like the idea of having a pure System directory. For those of you who don't know, as a programmer you never have to touch the System directory in OS X save kernel extensions.
Yes, *but* (Score:3, Insightful)
For one thing, the root account is disabled. It is not trivial to enable the root account, and it isn't even necessary.
On the other hand, he doesn't mention that all you have to do is convince someone to enter their Administrator password, and all hell can break loose. I would say you are far more likely to sucessfully socially engineer someone to do that (Check out this wicked screen-saver; you just need to enter your administrator password to install it (a common install procedure)) than to get a *NIX
Some early viruses ran only on UNIX! (Score:3, Interesting)
The part I find ironic about this article (most of which I agree with) is that some of the world first viruses were written for, and designed to run on, UNIX.
At least the early work by Dr. Fred Cohen [all.net] was certainly done on a variety of boxes, and UNIX figured prominently.
The shell viruses were particularly interesting to me.
His book A Short Course in Computer Viruses, ASP Press (1991) is a fantastic read, even for it's age.
A couple of things (Score:5, Insightful)
While I agree with the gist of his article, there are a couple of obvious problems:
Further, due to the strong community around Linux, new users will receive education and encouragement in areas such as email security that are currently lacking in the Windows world
That's unlikely. As Linux takes over corporate desktops, the users are not going to be joining LUG's or mailing lists. This has been mostly true up to this point, but mass acceptance will change the demographic of the user community to be more like that of Windows.
Further, due to the strong separation between normal users and the privileged root user, our Linux user would have to be running as root to really do any damage to the system. He could damage his /home directory, but that's about it.
It's mind-boggling that this stupid line of reasoning is still used. First, my home directory is the part of the system that I'm most concerned about protecting. Holy shit! That's where my files are. The rest of the OS can be downloaded off the internet or from any CD that I have. But what about the files that I have created? A program destroying my home directory is a far larger problem than a program that mucks up executables or something.
Second, the modern worm/virus on Windows doesn't need any elevated privileges. The whole point is to spread, and there is absolutely nothing about that process that needs or uses any elevated privileges. Being root is not terribly relevant for the modern worm.
With all the lost money and productivity over the last decade caused by countless Microsoft-borne viruses and worms, you'd think the company could have changed its procedures in this area, but no.
And it wouldn't have made a damned bit of difference for the most destructive email worms. Is the author from another planet? I have to wonder.
Only /home? (Score:5, Insightful)
Remember, it is the *DATA* that is important, not the programs. There are boxes and boxes of the same program on most computer store shelves -- or tons of
Re:Only /home? (Score:4, Insightful)
"I'd rather wipe out my system, and not touch
Not possible. Either your system *and* home directory is wiped, or your home directory only.
What would you prefer:
1. A full system install *and* data restore.
2. Only data restore.
Ease-of-use ~ Ease-of-infection (Score:5, Insightful)
The very features which make Linux less vulnerable to virii also insure that it will
never be as popular as Windows.
Try explaining 'chmod' to your mother-in-law.
Interesting rebuttal (Score:4, Informative)
Difficulty is a factor too (Score:5, Insightful)
The author does point out, quite correctly, that even if Linux viruses became more widespread, most of them would probably only affect the user space and not currupt the system itself.
Re:meh (Score:3, Funny)
Opinions are like assholes, everyone's got one.
And they all stink.
Re:Unix-based ... (Score:5, Insightful)
I'm not sure if this is a troll or not, but Linux is indeed UNIX-based. It is "inspired by" UNIX (as opposed to having code in common).
Linux uses all of the old UNIX concepts of fork(), inodes, etc. For non-UNIX inspired systems, see OS/400, VMS, etc. These do not have UNIX primatives.
As a Linux user, I am proud that Linux is a UNIX derived (at least in spirit) system. It has a base of history, knowledge and experience from which to build. Would starting purely from scratch be better? I hardly think so.
I learned UNIX programming on SunOS. My SunOS knowledge works just fine on Linux (although not on OS/400 and hardly on Windows... unless you count what little POSIX compliance they barely put in).
Long live UNIX/Linux!
Re:Unix-based ... (Score:3, Funny)
Now if you could remit to SCO $699.00 we would appreciate it.... Darl McBride
Re:Unix-based ... (Score:3, Informative)
POSIX is an API. When we say "UNIX" we generally refer to the POSIX API. An API's whole point is to abstract the particulars of an implementation. For example, Perl actually implements fork on windows through the use of independent interpreters runing in a threaded environment. Java, also is an API which facilitates things like graphics and asynchronous file access (strangely similar to UNIX IO selection btw).
To say that GNU's Not Unix with a s
Re:Unix-based ... (Score:3, Informative)
Re:Let's Keep the Party Going (Score:2, Funny)
Re:No widespread viruses on Linux? (Score:2)
Nice to know the article had good research, eh?
Symantec Makes It Worse (Score:2, Interesting)
Give them a call and tell how you feel.
1-408-253-9600. Hit 3, and then ask to speak to a senior supervisor.
Re:whatever (Score:5, Insightful)
Outlook Express isn't removable from Win2k onwards. MS considers it part of the OS. So it is the OS's fault.
If Linux came with unremovable email clients, then your argument would be valid.
Re:whatever (Score:3, Insightful)
Proof? Most daemons nowadays are running as non-priviledged users or are explicitly chroot to prevent standard abuse. The only easy exploits are buffer overflow and those will only work on similar architectures and kernel versions. I'm not sure it's even technically feasible to write a virus that even comes close to spreadi
Re:YES and NO... (Score:5, Insightful)
Re:Good and bad points (Score:3, Insightful)
Hard to run executable attachments being a lack-of-feature: no, it IS a feature. 99% of the Windows malware going around depends on users unwittingly running executable attachments. Making it easy for Linux users to suffer the same fate is NOT a feature, and in particular not a desirable one.
Application vs. OS: MS itself is the one that integrated the HTML component into the core OS. And they can't fix it, because things like Windows Help also use that component. If you fix the behavior for e-mail, you bre
Re:MacOS (Score:4, Informative)
MacOS Classic didn't have so much in the way of auto-execute, auto-run etc. stuff- compare that to Windows. MacOS did copy one feature from Windows: auto-running programs on insertion of a CD, for ease of use. MacOS got a well-known worm, one of the 40 or so that have been recorded in Mac history, called the Autostart worm. There was also a way to stop it: turn off auto-start in the Quicktime control panel. And MacOS didn't go around turning it back on for you, either.
Most Mac-capable viruses are exclusively Microsoft software viruses for the simple reason that most are Office macro viruses.
The article author has a point. Leave the OS sitting there like a lump rather than scampering about trying to convince you that it's intelligent and friendly, and you don't get the viruses. Viruses REQUIRE a degree of autonomy from the OS. Even the example of how you could edit login .rc files on Linux take advantage of a degree of autonomy present in the OS, that auto-runs common programs to save you the trouble. If you logged in and manually typed everything in initrc every time, not even a user-space virus could auto-run, even if you'd run it yourself and infected your linux box. It requires the autonomy of an OS that's doing trusted stuff.
Old MacOS has very little of that, and as a result can be incredibly reliable IF you have it in a condition that's not bugladen: too many extensions and microsoft programs that run OS-level support code at all times, and you're hosed.
Even then, the coding culture of old MacOS was to let the user totally run the show. Not so many labor saving devices- not so many vectors for hostile code to work. It's that simple.
Re:40 Mac Viruses (Score:3, Interesting)
Re:interesing (Score:5, Interesting)
I suspect that the commercial implications are minimal at least for a year or three. For a start, a lot of IT decision makers, i.e. accountants and people who have been promoted from middle management with little technical ability will still swallow MS's bullshit. They will also buy Server 2003, optimistically believing that it will be cure all the problems of Server 2000 in the same way they believed 2000 would cure the problems of NT.
For an example cop this survey [theregister.co.uk]. It apparently shows that Europe's IT directors place consistency higher than security and reliability and the human tendency to submit to fear and one's own insecurity rather than to break ranks and try something new will lead a lot of people who have no real faith in their own abilites to stick with what they know, i.e. Windows, regardless of how shit it may be, how many viruses it catches, how many customer's credit card numbers get stolen etc.. They crave stability even if what they have is flawed, at least they know where the buttons are.
In all honesty, I don't see single OS networks as being a good idea regardless of what your using. There are millions of lines of code in a modern OS and it only takes one cock-up to open a crack through which it can be broken. A lesson in genetics suggests that diversity gives you the best hope of survival when under attack or it can at least slow the attacker as they, or their virus, try to find vulnerabilties in each system.The only way that will be achieved is by opening file formats so that all platforms can exchange data with 100% transparency. This will also create a truly free market causing companies to develop software based on quality, performance, security and reliabilty rather than how pretty the GUI is and how clever this years bunch of graduate marketing twats are. The obvious side effect is the breaking of MS's monopoly and the burgeoning of a new software market that will develop ports and alternatives to existing "industry standard" stuff like AutoCad. Proprietry software companies fear this the most as they will then have to wrestle with real competition.
I still think that Linux, BSD and Mac are inherently more secure and better coded than Windows though. I also suspect the rot is so deeply set into MS stuff (with a 20 year legacy of putty eye candy before security) that they will never sort it out without a ground up rewrite, somthing they will not do unless forced to.
Linux developers on the other hand have given a security a starring role since day one and even though there are bound to be flaws they're fixed in short time by developers who don't spend the first week denying a problem exists. It's free, it does what I need and it's users give a shit. What more can I ask for.
Re:interesing (Score:3, Insightful)
While the workings of consumer electronics can be made transparent to end users, computers are a different entity all together.
My original point is based on the problem that a lot of IT decisions are mad