Domain: wildlist.org
Stories and comments across the archive that link to wildlist.org.
Comments · 8
-
Re:Safe... until
Most 'viruses' for Linux are theoretical and don't even come close to posing a legitimate threat to anybody. If you check out the list of viruses currently going around at http://www.wildlist.org/ you'll see that there are, when it comes down to it, zero real Linux viruses. And though a simple script can crash any system, a malicious person attempting to hack through security to place the script is a very different story.
-
Re:a way to make money
As a criminal, let's say that it's going to cost me $10,000 to hire some eastern european hacker to develop malware for my criminal enterprise (number totally made up). I get to chose which platform I have the hacker target - I can target Windows with 90% of the market, I can target OSX with 8% of the market or I can target Linux with 2% of the market (market share numbers also made up, but probably in the right ballpark).
That means that if I'm interested in profit (and this IS a criminal enterprise, so profit is the primary motive), I want to have my hacker target the platform with the highest ROI. That means that the hacker's going to go after Windows and ignore OSX and Linux.
As the Mac's market share increases, it is going to be an increasingly more attractive target for hackers, because the ROI is higher.
Sure - market share is one factor on ROI. But it's not the only factor. Another big part of ROI is how long you get to keep control of your target. If the target doesn't remain compromised very long, then you've wasted your resources (unless of course you only needed a short window - but that's implying a targeted attack and is beyond the scope of this conversation). The thing is, if you look at malware in the wild, you'll find that there are plenty of examples for Unix malware but they just don't survive long (with one exception - more on that shortly). This makes Unix platform poor ROI performers for bot herders to target.
Yet that 8% of the market issue still persists. Is that a significant enough number to warrant interest from malware producers? I don't see why not. An 8% market still a sizable number of potential hosts - far larger than most botnets. The Witty worm demonstrated that not only will small numbers be targeted, but doing so can be very successful. If the Mac's 8% were fertile territory, it would be very much in a botnet herder's interests to target it.
We know 8% market share is suitable because botnet herders are going after smaller targets; namely the 2% Linux market. But there's some caveats to this. First - we're dealing with a very different mode of attack. Researchers at Sophos believe that the attack involves a 6yr-old piece of malware - a virus called Linux/Rst-B. But the interesting thing is that if the virus is being used, it's as something of a simplified rootkit. Hosts are either being intentionally infected by this virus to provide a quick root shell or the attackers are moving around tools that are unintentionally infected. In either case, the existence of this malware is due to an already bad situation. Secondly, we're probably not really dealing with 2% - its more like ~12% of the server market. So we're dealing with a larger market share but hardly the largest (still a strike against marketshare driving attacks).
So what is making Linux worth the ROI? Smaller numbers. Compromised Linux hosts are providing stable controllers for botnets. As one needs fewer controllers than zombies in a botnet, Linux fits the bill nicely. All one needs is a mismanaged server on a stable link and a controller is gained.
So what do we get with all this? Marketshare isn't the driver that people make it out to be. Numbers are important. But there are additional factors that add weight to that importance. In the end, it's all about ROI. And that determines whether a platform makes a good target.
-
Re:i wouldnt
big deal. I'm in a mixed relationship - I'm a mac-nut, and my girlfriend loves windows (hey, she's going out with me, I didn't say she was sane...). She has a 3 gig peecee. When she saw my new powerbook, she loved all the little bits that osx has that are cool (go to the http://www.apple.com/uk/macosx/ site for more info). So, I bought her the cheapest emac, so she could have a play. Here are my points, relating to the post above, and some others further up/down;
the emac was cheaper than the peecee, when a monitor was figured in.
I did save on not needing to buy antivirus/firewall applications, office applications (came free), and then saved me money through not having to set those up and maintain them. In US$ terms, say $400 - $500, once my time is thrown in.
This peecee, although bought a few months ago, about a month before the emac iteration came out, has an upper-quality vid card, decent drive, and enough memory. I replaced the crappy amount of ram that came with the mac (I ain't going to argue with anyone there!) with off the shelf ram, stuck a 160 gig drive in it (which took 20 mins to install, along with a generic DVD burner - not bad for a machine which "isn't" 'user-upgradeable') - all of which would cost the same as for the pc (fujitsu drive - I think - and NEC burner).
From first time power-up on a wiped HD to surfing, 12 mins tops. I defy anyone to do the same with a peecee. Not in a million years could it be done, with the stuff out of the box. Booted up in firewire mode, I could have done it in 4 mins, but I'm not sure if you can do that on a peecee, so that might be cheating. No drivers needed, thank you, a single restart, and a happy user.
Now, the missus ain't no mac convert. We spend a lot of time apart, so we use the video-chatting in ichat a lot (gotta love them free high quality full duplex calls, on free software), but other than that, the machine is just a toy for her. for now. She is using it more and more for general surfing, as it gives more peace of mind than the peecee, and guess what? No antivirus updates to worry about.
This bottom-of-the-line emac wipes the floor with the then top-of-the-ladder peecee when it comes to productivity things for her web site stuff, like Photoshop et al. Okay, so she still uses a basic text editor for html, but then she's crazy, so no speed benefits there. The one game she loves, age of mythology, runs smoother on the mac than on the peecee. I have no idea why, but there you are (same ram - one gig - on both comps, btw)
you are right, there are so many more games for the peecee than the mac, but we are grown-ups now, and don't need them.
besides, if I wanted a game machine, I'd buy a playstation.
you are also right, there are many more applications for the peecee than the mac. You can go here to start your list off http://www.wildlist.org/WildList/RTWL.htm
but most of the others are crap. There aren't that many name apps that either don't have a mac version, or don't have an equivalent. Peecee shareware apps make me laugh, on the whole.
As I said, and I'm sure you have gathered, I'm a mac nut, and biased. But it does annoy me that people are often so stuck in the '90s when it comes to thinking about pricing on macs, and extendibility.
I have the 17" powerbook. It's a lot of coin, more than I would have liked, but there you are. However, when I was buying it, it was a good few hundred pounds cheaper than the almost equivalent peecee laptop, which didn't have all the hardware functionality that the powerbook has. Ok, not everyone needs built in G wireless, bluetooth, gigabit ethernet, dual display video out, backlit keyboard, DVD burner, and speakers that don't sound like a $3 radio, but I do. Did I mention this is a one inch thin computer in an aluminium case, and I can be a regular slashdot weenie and still carry it? also, apart from software upgrades, and one time that a VLC beta caused a kern -
Re:Ironic the Intego released a solution fast enou
We needed an OS X virus just to liven things up! The ratio of viruses in the wild to lab viruses leads one to believe that the Anti virus companies created some to keep them in business. The WildList should be enough to keep all the Antivirus companies on their toes now.
-
Re:virus names
anyone know how they come up with these names? sounds like a fun job, anti-virus virus namer.
Well, usually they seem to just pull some random name from the text inside the virus. For example, "Dark Avenger" was named after the author's nickname, and alternate name "Eddie" comes from the string "Eddie lives... somewhere in time" in virus. Likewise, some virus researchers gave the alias "Shimgapi" to MyDoom because it obviously stored itself in a file named "shimgapi.dll".
As for coming up with the names, here's a an interesting article about virus naming
, discussing some of the problems with getting the virus name nailed down... -
a Clever Retort
My friend and I have a rivalry going on.. reguarding Linux vs Windows. I sent him the link, he sent me a retort.. My point-by-point response to this article.
Jack Clarke, European product manager at McAfee, said, So we will be seeing more Linux viruses as the OS becomes more common and popular.
Mr. Clarke is wrong.
.... let's compare the numbers. ...
There are about 60,000 viruses known for Windows, 40 or so for the Macintosh, about 5 for commercial Unix versions, and perhaps 40 for Linux. Most of the Windows viruses are not important, but many hundreds have caused widespread damage. Two or three of the Macintosh viruses were widespread enough to be of importance. None of the Unix or Linux viruses became widespread - most were confined to the laboratory. >>Editor's note: unfortunately we have been made aware that this quote by Dr. Peeling and Dr. Satchell is incorrect; the independent WildList organization produces a monthly in the wild list of viruses. While the vast majority of viruses in their report are Windows-based, there are still some Linux-based viruses (listed as Other) found in the wild as well.>>
So, the very basis for stating that Mr. Clark (a high ranking official with a well-known anti-virus company) is wrong is flagged by the editor as being invalid. Am I the only one who thinks this is not a small deal? It's also worth nothing that this is the first of two such statements that the editor had to mark as being factually unsound or misleading.
First, look at the two factors that cause email viruses and worms to propagate: social engineering, and poorly designed software. ... Virus writers use social engineering to convince people to do stupid things, .... Poorly designed software makes it easier for social engineering to take place, but such software can also subvert the efforts of a knowledgeable, security-minded individual or organization.
Can anybody explain the use of the word but in the previous sentence? (Look at the sentence again if you're wondering what I mean.)
... It's easy to run executables in the Windows world, and users who get an email with a subject line like Check out this wicked screensaver! and an attachment, too often click on it without thinking first, and bang! we're off to the races and a new worm has taken over their systems.
Even worse, Microsoft's email software is able to infect a user's computer when they do something as innocuous as read an email! Don't believe me? Take a look at Microsoft Security Bulletins MS99-032, MS00-043, MS01-015, MS01-020, MS02-068, or MS03-023, for instance. Notice that's at least one for the last five years.
There is an upcoming editor's note about this along with the following sentence.
And though Microsoft's latest versions of Outlook blocks most executable attachments by default, it's still possible to override those protections.
So, the complaint here is that it is possible for somebody to manually override the security settings put in place by Outlook? Does the autho -
Want a reality check on viruses in the wild?Check the WildList for this month's viruses found in the wild. These are the only ones that actually pose a threat. Looks to me like if you don't run Microsoft Office products, and don't run Microsoft Windows or Microsoft DOS, you're pretty damn safe.
For those of you unfamiliar with virus naming conventions, here's some basics:
Most of the ones w/o a prefix are going to be DOS executeable or MBR/Bootsector infectors.
Prefixes:
JS/- Javascript VBS/ - Visual Basic Script
W32/ - Win32
W95/ - Windows 95
W97M/ - MS Word 97 Macro
WM/ - MS Word Macro
X97M/ - Excel 97 Macro
XM/ - Excel Macro
O97M/ - Office 97 Macro
Realize that Mac Classic OS's are just as vulnerable, and in fact there were viruses being written for them ~1990 or so and possibly before, but they just aren't widespread anymore (WDEF was pretty popular for a while though...). Obviously, with the file protections of *nix, OSX is a bit more resiliant to infection although still perfectly targettable.
If you don't make sure your system is locked down properly, and you run executeable code from untrusted sources, well, you're taking a risk. It's just not all that big right now (contrasted, of course, with the 5+
.scr/.html and .exe/.html combo's I get in my mail box per day aimed at infecting windows...). -
Re:The virus ecosystem
The anti-virus industry depends on the continued introduction of new viruses
Not totally true. Look at April's wild list. Form.A is on the list and has existed for over 10 years.
They don't generally stop improper behavior by all possibly-hostile content
Because behavior blocking doesn't work. It is difficult to distinguish between malicious behavior and things that users want and need to do. Too many false alarms => software disabled.