Slashdot Mirror
Cross-Platform Pseudo-Virus: Don't Panic
spam-it-to-me-baby writes: "It's only based on one reported sighting (i.e. it could be bulls**t), but anti-virus software hacks Central Command say they have found the first Windows/Linux cross-platform virus. It appears only to be a proof of concept with no malicious payload, and targets Windows PE files or Linux ELF files once it recognises the infected OS." There are stories at CNET and at Wired as well, not to mention at NewsForge. Despite the Wired story causually saying so, though, this is anything but an "equal opportunity" virus, except in that it seems to infect multiple media sources without discrimination. When was the last time you ran unknown programs (as root) on your machine, then manually copied them (and ran as root) on another machine as well?
An article from Reuters about it:
Reuters
Central Command says it has developed a cure for the virus at its Web site (Avx.Com).
Jethro
Quidquid latine dictum sit, altum viditur.
Are thse daemons *.EXE files that can also run as a windows executable? No? I didn't think so.
GET FREE MONEY!!! You can get a lot of FREE MONEY if you send this file to everybody in your address book and delete all the files on your computer! Do it! All the cool people are doing it!!!!
Tell me what makes you so afraid
Of all those people you say you hate
When was the last time you ran unknown programs (as root) on your machine, then manually copied them (and ran as root) on another machine as well?
.exes they get in the mail, especially if there's any chance of seeing a little skin or some cuss-filled animation.
Considering most people who run Windows run as root by default (9x, ME) or by choice (Administrator-equiv user on NT or 2k), it's not hard to conceive of them running as root on a workstation-based linux machine.
I definitely see less-sophisticated users running a Windows and Linux combo trying out a "cool win/linux app!" that their friends sent them. God knows that a major portion of morons where I work, in SPITE of the long history of trojans/viruses/general maliciousness via email will without question run
Why use binaries when there is the Source? Except for some non-opensoftware I am interested in, 99% of my machine works on homebuilt binaries, directly from source. Not only are these binaries optimised for my particular machine, I am also able to tweak things in the source myself. .c files.
I have yet to see a virus which infects
Apart from that: just take all binaries you use from sites you trust (eg. Netscape from http://www.netscape.com, Blender from http://www.blender.nl).
This is a replacement signature.
While only an idiot runs mystery software as root on a *nix system, what happens when you dual boot into Windows to play that favorite game or run that beloved flight simulator? At this point you *are* essentially running everything as "root", and Linux filesystems are potentially just as accessible and corruptable as windows filesystems (assuming the virus is smart enough to parse the inode map, or a ext2win type driver is loaded in windows).
The infection vector for Linux software may be more via the windows dual-boot option so many of us keep around, rather than the clueless newbie running a downloaded executable as root. If the virus author chooses a target intelligently, one which runs as root by default (for example, say, "getty" or "X"), your Linux system could well become a warren of virial activity no matter how secure the Linux portion of the configuration is.
Using an encrypted filesystem, inaccessible under windows, might prevent this sort of contagion, but of course that wouldn't prevent the windows incarnation of the virus from simply trashing the encrypted data and destroying the Linux installation outright.
The upshot is, if you have Windows installed on your system, and use it in any kind of promiscuous fashion (which, for an operating system as insecure as Windows must include having any kind of connection to the internet), any data anywhere on the hardware is at risk, and all the security Linux or FreeBSD offers you is for naught.
The Future of Human Evolution: Autonomy
I would assume that you downloaded all these daemons from reputable sources not as email attachments. This is also why most software is pgp signed.
W32.Winux contains internal text strings. It also contains the following text: ?[Win32/Linux.Winux] multi-platform virus by Benny/29A? and ?'This GNU program is covered by GPL.?
It appears that the Free Software Foundation's message has finally reached the cracker community.
Code that has to be spread manually is not a "virus."
It doesn't have to be spread manually. Read the analysis - it searches for Windows PE exes and Linux ELF exes and infects them.
However, the analysis states that this virus only searches for and infects executables in its own directory and parent directories. This to me seems fairly harmless. If you were emailed a program infected with this virus, it would surely only infect your temp directory (and root dir, but who would have executables there?) And as you say, this one doesn't propogate over the internet, so the only way you're likely to catch it is running an infected prog emailed to you.
But as they say.. it's a "proof of concept". Where I work, we had a hell of a time with a virus that checked machines in the network neighbourhood for open shares (this was a Windows virus of course) and then searched them for executables to infect. Watch for a virus which can infect Windows exes and Linux ELF exes like this one, but which also aggressively searches shares, NFS mounts, etc. for more files to infect.. that might be something to take more seriously..
Then it can replicate itself into every .doc file
on the server, as well as root the servers for later nastyness. Yikes,
makes my skin crawl just thinking about it.
Most people focus on hardening their externally visible servers, not the ones in the back room that are invisible to the outside world. Now we've got to worry about any server reachable from anything that runs Outlook or Word.
Arrg.
-- ac
As long as you are carefull on what you exec, and you make use of wonderfull tools like:
LIDS
Tripwire
Logcheck
Portsentry
etc.
etc.
etc.
You have a big chance of stopping or in the worst case, minimize the impact of many, many, many possible "linux virus" that may appear now or in the future.
And, for your daemons, services, etc., you can always search the code for something suspicious.
Fair enough, claim that only "idiots" run unknown software on their box, and that because you are so 133t, you compile all software you use.
Which proves what? That you've compiled some software, and *then* run it.
Did you study the source code at length? Check it personally that it didn't have any back doors whatsoever? Hmmmm? Sure it wasn't a trojaned source you downloaded (The server could have been hacked right?)
Just because you compiled from source, doesn't mean your newly-created binaries are therefore perfect and couldn't *possibly* contain a trojan of some sort.
Tell me what makes you so afraid
Of all those people you say you hate
Smells very much like an early April Fool.
--
jambo
system.admin.without.a.clue
-- js.
http://benny29a.kgb.cz/viruses/winux.msg
Fine, I give up. Language evolves. But you're still getting smacked if I ever hear "worm virus" again.
MSK
I forget the exact details, but some bloke demonstrated a trojaned compiler that would recognise that it was compiling the source to login, and insert a back door.
:-)
It would also recognise when it was compiling its own source, and insert the code to insert the backdoor in login...
Read the source all you like - the ultra-paranoid cannot even trust that
Cheers,
Tim
It's official. Most of you are morons.
Why in the world would you ever leave Javascript on for mail and news? You're practically begging to be rooted/pestered. It's just a bad idea to automatically run code from anonymous sources, even if it is supposed to be "safe". Besides can your tell me one legitimate reason to embed Javascript in an email or news post?
Down that path lies madness. On the other hand, the road to hell is paved with melting snowballs.
I read the internet for the articles.
...but I would venture to say that most original viruses began as a 'proof of concept.' While this is all fine and good, the code inevitably seeps out to bored, frustrated, or extreme individuals. These people waste no time incorporating some kind of malicious intent into creative code. I imagine we'll see some zealot take ahold of this, make it damage Windows machines while displaying a colorful message to Linux users like 'aren't you glad you use Linux?' Of course, this may be pushing it but how many times have we seen this progression before?
Why bother.
Uh pretty often. I don't care too much about security, so often I do all my work in root. But then I've never gotten a virus (both on Windows and Linux side), so I'm sure I'm not as paranoid as I could be.
- I don't care if they globalize against free speech. All my best free thoughts are done in my head.
I guess you were not really around when viruses were mostly spread by floppies? Was that really all that long ago?
So installing the new 3l337 version of "/sbin/init" that someone sent me isn't a good idea then?
Only one problem I seee with this logic. When in windows, can you see an ext2 partition on the same drive? NOPE! Windows can't see ext2. The more dangerous one would be if you were logged in as root with your windows drives mounted. Then, you'd infect both partitions. So, if your in windows and get it, not a huge deal. You'd only loose Windows stuff. Personally, I can't see WHY someone would want to write a virus, especially one for Linux since anyone who knows anything about Linux will figure out WHY it's not a good idea to do certain things as root. It only takes one fug up and you will remember that for the rest of your life as you kick it in your head while watching your filesystem go bye bye!! :)
You know that there have been Mac viruses before. There's about 40-50 or so non-Word macro viruses. The reason you don't see as many of them is that the Mac hasn't been as friendly to casual programmers as DOS and Windows have been, and the market penetration is lower. Thus, there are less people messing around with non-professional programming on the Mac who would get the virus-writing urge. It's lack of market penetration has also made it less desireable of a target.
There is no inherent safety to the Classic Mac OS that prevents viruses at all. In fact, the use of shared global memory resources, non-existant memory protection, and nearly non-existant file protection makes it very unsafe. It's just secured by obscurity.
Mac OS X will have all the same strengths and weaknesses of a UNIX system. Unfortunately, the UNIX layer makes basic worm and virus writing easier since the APIs are better known by more people. It won't be long until the first Mac OS X viruses begin propogating. I don't think we'll ever reach the level of DOS/Windows in its heyday, but don't kid yourself into thinking that the Mac is, has been, or ever will be completely immune from rouge code on the system.
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
Hey, I meant no disrespect - it was merely that my lack-of-sleep addled brain couldn't remember his name :-)
Cheers,
Tim
It's official. Most of you are morons.
To be "proof of concept" there needs to be proof. I have yet to see proof, only rumour.
Ah, fair enough. OK, if it's not a proof of concept, it is surely at least a concept. And since it is a concept which seems to me to be perfectly possible, I'm sure that even if this virus is not genuine, other virus-writers will pick up the concept and one day soon there will be one that is.
Yes, I am a cynic, do you have a problem with that?
Not at all.. it's just that there is such a strong Slashbot response to scream "LIES!" whenever the words "virus" and "Linux" are mentioned in the same sentence. It irritates me, and if I'm irritated, I might not be thinking clearly, and might mistake cynicism for zealotry.
(and root dir, but who would have executables there?)
Think COMMAND.COM
Aah, change is good. -- Rafiki
Yeah, but it ain't easy. -- Simba
You can see an ext2 partition on the drive - Windows doesn't have the built in tools to parse the stream of data as a filesystem, but it is possible to write a win9x program to directly read the disk and interpret the filesystem for itself. In WinNT, there are third-party drivers to read ext2 partitions just like another mount.
Tell me what makes you so afraid
Of all those people you say you hate
NT definitely had this problem, but Win2k seems to have solved it (mostly). I used to run as an admin on NT 4, but now I run as a power user on Win2k. The "RUNAS" command line tool lets me do exactly what you suggest - run a command as another user, ie the local admin. (And it lets you run a new shell if you want too.)
o ok feature that if you hold down shift while right-clicking a program (or something like that) the Explorer will let you do a run as.
There's also the massively non-obvious-but-documented-if-you-know-where-to-l
- Alan
Slightly OT, but just had a thought.
Your not allowed to redistribute a GPL program, unless you agree to the liscence (Basic copyright).
If you redistribute a GPL'd binary, you have to (at leat) have the source available freely, to those who you pass the binary on to.
Does this mean that if I infect someone with the virus (deliberatly), I must give them the source, on request? (Answear: Yes)
What if I give them the binary, unwittingly?
What if I intend to give them a different program (e.g. xbill) that is infected. The source is requested, then I give them the xbill source. But that's not the source for the binary - does this mean the GPL cannot be upheld in this cricumstance?
Extremly icy ground, and prbably best handled by lawyers, (one of which I am not), but even so, food for thought.
Stuey!
--
Furthermore it's probably quite possible to have an Administrator-enabled NT trojan that uses the disk manager API to search for and destroy ext2 partitions.
When I hear the word 'innovation', I reach for my pistol.
Remember, this is written in ASSEMBLER. Assembler is the level BELOW compiled code. So if you can do it in compiled code, you can do it (albeit with some difficulty!) in assembler. The file systems are different? OK then, it'll have two separate parts then, one for each OS. Not a problem, it just has to know how each file system constructs its files.
The key thing though is that it can ONLY affect PCs. Other platforms are completely immune - they speak another language entirely (although they may crash when fed a bit of code which looks like total garbage to them). Chances are (from the article) it's specific to Intel Pentiums and above, too, so AMD may be immune as well. Interestingly, it's not really a virus either, since it doesn't attempt to provide a transmission vector to other machines - guess that's why it's just a proof-of-concept rather than an active, in-the-wild one.
The Windows email virii have spread by being written in languages - Javascript and VBS - which are platform-independent, to get the maximum possible coverage. It's interesting that this one has managed to bust its way in by going completely in the other direction - making itself specific enough to the platform that it can work its way in. This is a real "back to basics" approach to virus-writing which hasn't been around since the early days of floppy disks.
Grab.
I've been running pretty successfully as a Power User on NT4/5 for a number of years now.
Big hint: use the RUNAS command (shift-rightclick), and NT4 had a similar facility on the resource kit cd. This will work for every thing but explorer.exe
Really, the medium-privledge Power User login is pretty useful. You can stop-start services (such as mySQL). You can install programs that were designed for W2K into your personal space. There's also some privledge-escalation bugs, so I'd love to run as a plain ol' User, but certain software (ahhm - Netscape) doesn't like those file permissions.
When I hear the word 'innovation', I reach for my pistol.
-- .signature to help me spread.
I'm a signature virus. Please put me in your
What? Linux only has one word processor? Lets see there is the word processor that comes with Applixware, StarOffice, WordPerfect, Abiword and maybe some others I don't know about. You talk as though MS Word was available for Linux.
As for MacOS X being vunderable to virii, it has been out for over 8 months
The previous posters point was 2 fold. First the system with the larger installed base will tend to have more virus writers focused on it. It may have been out for 8 months but only in Beta. It hasn't been officially released. Most using it are professional programmers and people just trying it out. That is not enough to attract the attention of virus writers.
If MacOS X is so completely unimmune from viruses, lets see how many show up in the next year compared to Linux or Windows.
Well I haven't seen a virus worth talking about on Linux. Ever. The virus can only do real damage if the user was running as root or if it takes advantage of a security hole but you can bet that the security hole would be fixed making that virus worthless. Windows will always have viri. You can bet on it. Linux might end up with some viri written for it that affect stupid users but the only reason why Linux would have a virus written for it before the Mac would be because it would have a larger installed base. If MacOS X does achieve success then you could be unpleasantly surprised.
You waste your time, with the x86
Who said Linux only ran on x86?
Molog
So Linus, what are we doing tonight?
So Linus, what are we going to do tonight?
The same thing we do every night Tux. Try to take over the world!
This could infect users on linux systems but shouldn't affect the system itself.
I share my home directory across the network to my windows machine, which would allow my windows machine to infect my user account on the linux box. However, it wouldn't affect other users of the system unless I had write access to their files.
Only two things are infinite, the universe and human stupidity, and I'm not sure about the former. (Einstein)
It would be very annoying, but not as annoying as having to completely reinstall the OS and all the software after a virus hoses some vital DLLs
Why root? On an "everyday" system that has a lot of data crossing between Windows and Linux, it makes sense to give your regular user account read/write access to at least one Windows partition (as opposed to having to su to root every single time you want to copy a file). Out of convenience/laziness/whatever, this'll usually wind up resulting in read/write access to all the Windows partitions.
Ideally, I'd be able to specify read/write access to data and read-only access to the directories with program files. But between the fact that it's a VFAT partition and the fact that Windows likes to mix data, programs, and all sorts of other crap together, the grief would easily exceed the value.
Fair enough, but this has nothing to do with the original claim that Linux files could be infected by running this program in Windows. They can't.
... its been over a year since I've messed around with it).
This isn't true. Lunux files can be infected from windows, if you load a utility which allows you access to the extended 2 filesystem. And yes, there are such utilities available for windows.
If the files can be accessed, they can be modified, which means they can be infected. If you reread my original post you will notice that I refer to exactly such a utility (though the precise name escapes me
The Future of Human Evolution: Autonomy
Err, last I checked, that pretty much made it a virus. Check out the alt.comp.virus FAQ, specifically question 3. This code hits all of the criteria. It's worth pointing out that merely infecting applications on the same machine is how a lot of older viruses (before the Windows-based email worms became popular) spread themselves. This is, more or less, one of the "classic" virus types.
Furthermore, while I don't disagree that the built-in security of Unix greatly restricts the flow of viruses, a cross-platform virus could wreak some serious havoc. A quick "find ~ -name \*.exe -print | wc -l" indicates that I've got 42 DOS executables sitting in my home directory. Some of these are for DOSemu, some are old files that'll never get run again (leftover CGIs from when work's website was NT-based), and a few sets of drivers that I downloaded for machines I was fiddling with. While I probably don't have anything to worry about in this case, it's not that hard to abstract it out to a case where it would spread.
Finally, even if the virus completely failed to spread on any and every Linux platform (which, IMO, is overly optimistic), its behavior on Windows would still classify it as a virus.
Molog
So Linus, what are we doing tonight?
So Linus, what are we going to do tonight?
The same thing we do every night Tux. Try to take over the world!
Dual-booting is the first thing that came to mind reading the editorial comment (could Slashdot editors do less of that -- they're often less than intelligent comments).
If you dual-boot and mount your fat partitions from within Linux, it would infect your executables there.
- Michael T. Babcock (Yes, I blog)
Ext2 0.04 for NT4 read-write
Primary site: http://www.chat.ru/~ashedel
(Link added)
Tell me what makes you so afraid
Of all those people you say you hate
There is at least one utility I know of which allows read/write access to ext2 filesystems from within windows. My point stands ... any security you think you may have gained by running Linux or FreeBSD is completely circumvented the moment you boot windows, whether the offending program makes use of an ext2 tool under windows to infect Linux files (for example) or simply trashes the Linux partition.
Either way your secure operating system has been successfully attacked, and the attack vector which bypasses said security is in fact running an insecure operating system via dual boot on the same hardware.
As an unrelated aside (unrelated to your post, that is), I find it interesting that someone moderated my post down as "flaimbait" for pointing out a well documented security risk. Looks like some MS minions are excersizing their moderator priveleges today.
The Future of Human Evolution: Autonomy
Since the scripting languages for each OS are totally different (with the exception of software that supports Javascript and other web compliant software) from one another (perl,awk,sed,bash, vs. AcitiveX and its sister "technologies"), I can think of no way that a script can infect both systems, especially since it infects other files "in the same folder".
This just looks like one big prank leading up to April Fools, people. Has anyone even heard of this company?
Burn Hollywood Burn
It most certainly is a virus. The traditional virus is always spread by human action. The 'viral 'nature involves attaching itself to executables so that when the executable is run, the virus then replacates to other executables. Later virii had memory-resident portions and such.
Something that moves from computer to computer on a network is a worm.
Something that spreads from executable to executable, using the executable as a primary launch mechanism is a virus.
Actually, Samba does an excellent job of making ext2 partitions available to Windows. In fact, that is it's primary purpose. I myself became quite familiar with it when one of our uses ran the Plan Columbia VB worm on their Win98 desktop and promptly nuked every JPEG file on our Solaris web server.
/bin or something equally sensitive. But, don't pretend that Windows machines having access to file on a Linux system is anything but a common occurance. It would be quite easy to, for example, infect any files in your ~/bin/ directory via a Samba mount.
True, only a moron would let Samba users mount
This all reeks of a publicity stunt or something. First off, the avx page has little to no information about how the virus is spread in Linux, yet gives specific api's for windows. Also, the fix is windows-only. Then, there's a fix at avx last night, when the story breaks. By this morning, CERT and McAfee have still not heard of the virus. Although benny/29A seems to exists, the needle of my bullshit meter is rising upwards.
If was moderating I would.
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
...you run a backup...
Worldcom - Generation Duh!
Reason is the Path to God - Anon
In the original Mac system, due to the very structured executable file format (ie the resource fork) it was trivial to write a virus that infected *any* executable, and perhaps many documents, since you just had to add something to the resources. At the same time DOS (and I think the Unix a.out format) made it a lot more difficult because you had to modify the file so that the code at least jumped to the virus.
This was also combined with the Mac's encouragement for people to mail floppys with stored files and programs around (these virii were transmitted by mail, mostly!)
I'm not sure if the Macintosh system has been fixed, or it is just that it is even easier to write Word virii, but there have been far fewer of these lately. But they were the first well-known ones.
Yes, Unux permission stop an ordinary user from inmfecting other users on the system, and destroying the OS and other sopftware on the machine. Destroying the machine is one of the least damagiing things a virus can do. What's would be worse would be killing all the documents on your home directory, the files which *can't* be replaced off your OS CDs with a simple reinstall. There's absolutely nothing which would stop a virus which says `cool screensaver for Linux (or Unixlike systems)' - download me to your home dir and install me for a single user! going around the net and doing said cool thing for a short amount of time before writing some of /dev/urandom to all the files in your home dir.
And, for that matter, any SetGiD directories you're sharing with other users.
You *can* reinstall postfix if a virus (which ran as root) wiped it. You CAN'T reinstall your thesis if a virus which ran as a USER wipes it.
[Bah Submit as HTML button]
/dev/urandom to all the files in your home dir.
Yes, Unix permission stop an ordinary user from infecting other users on the system, and destroying the OS and other sopftware on the machine. Destroying the machine is one of the least damagiing things a virus can do.
What's would be worse would be killing all the documents on your home directory, the files which *can't* be replaced off your OS CDs with a simple reinstall. There's absolutely nothing which would stop a virus which says `cool screensaver for Linux (or Unixlike systems)' - download me to your home dir and install me for a single user! going around the net and doing said cool thing for a short amount of time before writing some of
And, for that matter, any SetGiD directories you're sharing with other users.
You *can* reinstall postfix if a virus (which needs to run as root to destroy it) wiped it. You CAN'T reinstall your thesis if a virus (which merely needs to run as a USER) wipes it.
And trust me, from the ignorance of the above I've seen in all the posts here, your thesis *will* be wiped.
The average Mac user double clicks on both applications and documents indiscriminately. That makes passing Trojans on the Mac a cinch. Just give an executable a Microsoft Word icon, or a QuickTime icon or whatever, and then mail it, encoded with MacBinary.
If I wanted to write an Internet worm that affected the Mac, that would be easy too. I'd probably write it in AppleScript.
It's been so long since Mac users really had to worry about viruses that most of them are complacent. Complacency does not equal security.
BTW, please don't do the things I've described. As someone who's written a couple of viruses in my day (yes, I was even lame enough to use the non-word "virii"), viruses are trivial examples of programming that are annoying and a pain in the ass. There are countless better ways to demonstrate your superiority over other people than to waste everyone's time by writing viruses.
Want to show off your programming skills? Write a word processor that's competitive with MS Word, so the world doesn't need to worry about macro viruses anymore. Writing applications is difficult, challenging, and time consuming. Writing 2K worth of virus code doesn't impress me.
--
Breakfast served all day!
Knowing they exist and having to deal with them are two different deals. You assume every Mac user uses Word.
Huh? When did I say that? I'm a long time Mac user, and I religiously avoid installing MS software on my home machine. I still use Appleworks (once Clarisworks) for the simple papers I have to write.
As for MacOS X being vunderable to virii, it has been out for over 8 months (Public Beta - 1.5 years if you count MacOS X Server) and not one virus has shown up. Since normal usage of X prevents root access, viruses are going to be difficult to write.
Oh, wow. 8 months. 8 months of Beta software used only by early adopters. Give it time.
Having used the Public Beta for quite a while, I disagree with your assertion about root access. Very many system tasks, including installing software for all users to use, involves clicking a little lock icon and giving the software the root password. A trojan posing as a system tool or an installer could very easily get root access from an unsuspecting Mac user. Worse, a virus could hijack a user executed process that provides hooks into root access via a similar method.
However, few viruses will need to play those kinds of tricks on the user. Root kits are an established problem in the UNIX world. Mac OS X brings a whole new installed base of unsophisticated UNIX admins running the same versions of the web server, FTP server, NFS server, etc. that come with Mac OS X. Just a click of a few button in the system panels, and you can publish a page to the web via your very own web server -- the same web server that is on every other Mac OS X machine. If an exploit is found against that version, it won't be long before a root kit could be made against every Mac OS X machine with their web server turned on. "Hello! You have root!"
Mac OS X will be a UNIX cracker's dream. Hundreds of thousands of UNIX machines will be on-line with admins who don't know a thing about security. Why should they? The Mac's strength has been keeping that kind of thing out of the user's hair. With an installed base greater than Red Hat and a far less technically sophisticated person, on average, administrating each system, Mac OS X is a much more desireable target than Linux. UNIX worm writers will easily be able to apply their skills to Mac OS X without having the learn the radically different Classic Mac OS or Carbon APIs. Plus they are much easier to remotely administrate/exploit than Classic Mac OS machines. Trust me. UNIX is as much a weakness for the Mac as it is a strength.
If MacOS X is so completely unimmune from viruses, lets see how many show up in the next year compared to Linux or Windows. I would rather use my computer to make money than fighting viruses. You waste your time, with the x86 -- I need a new pool boy...
You know, if you'd bothered paying attention, it should've been obvious that I'm a Mac user myself. I'm also somewhat experienced with UNIX, and I think I know a little about the problems that it brings along with its strengths to the Macintosh. The last thing Mac users need is advocates who are insulting to people they think aren't Mac users and who spout dogma that is just plain wrong.
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").