Slashdot Mirror

← Back to Stories (view on slashdot.org)

Don't Forget That Worms Happen Everywhere

Posted by CmdrTaco on from the stuff-to-think-about dept.

friday2k writes "Securityfocus has a nice column on Worms and their origin in 1988. It explains what everybody should never forget. We have dealt with *NIX worms (Sadmind, li0n, ...) and they will come back again. Maybe then the MS fanatics will laugh and say: didn't we always tell you Open Source is insecure (too?) ..."

7 of 391 comments (clear)

  1. different cultures... by webmaven · · Score: 5, Insightful

    I think that the real reason that MS systems were hit so hard by Code Red and it's descendents is that there is a real difference in the culture of the respective developer communities.

    There is no reason why all those home systems and corporate desktops should have IIS running in the first place. There is also no reason (generally) for a home linux system to be running, say, BIND or wu-ftpd.

    So why does Microsoft encourage the installation of unneccessary software on it's systems, and why doesn't it make it easier to not install those services in the first place?

    It comes down to culture. Unix-like operating systems are minimalist and modular, because the development communities appreciate elegant code (not neccessarily elegant interfaces).

    Whereas Microsoft prizes a DWIM (Do What I Mean) approach, which encourages adding functionality 'just-in-case', as Microsoft seems to think that actually asking a user to install a component is a failure on their part.

    In the long run, elegant, minimalistic code is easier to understand, and therefore easier to secure (examples are Sendmail vs. qmail, or BIND vs. djbdns).

    --
    The real Webmaven is user ID 27463. I don't rate an imposter, because my ID is such a lame-ass high number.
  2. Not quite by matty · · Score: 4, Insightful

    If as many people tried to comprimise UNIX systems as often as they do Microsoft systems, you can bet that we'd be seeing some pretty serious UNIX viruses.

    Your basic premise is correct that there are more people trying to break MS systems than Unix/Linux systems, but U/L will never be as vulnerable for a number of reasons:

    1.) There are several flavors of Unix and dozens/hundreds of distributions of Linux, not to mention all the different version numbers of each of those. This would dramatically impede the spread of any worm. Almost every MS-based site has IIS 5.0 and it is this homogeneousness the allows things like Code Red to spread so quickly and effectively.

    2.) Unix/Linux systems in general are easier and safer to patch. Almost every MS patch requires a system restart and it is not at all unusual for the patch to break something else. I have never had a security update break anything on my Debian systems, nor have I ever had to restart the whole system. The service updated (such as the recent Horde/IMP updates) is restarted and the user doesn't even know, even if he/she is using the system at that moment (I know this because I did it as a test case here at work. Someone was reading their email on our IMP system while I upgraded the system. Yeah, a bit dangerous, but we're a small company and no one would have gotten in trouble. Regardless, she didn't even know anything had happened).

    3.) Security holes are much more frequent on MS systems. We all have heard about the fact that the last known remote root exploit for Apache was over 3 1/2 years ago. There have been a few security patches since then, but nothing nearly so troublesome as Code Red. I read somewhere that there have been over 40 serious holes in IIS this year alone, although I don't remember where I read it and it may be apocryphal.

    Bottom line is that while it may be true that if as many people who are attacking MS systems starting attacking Unix/Linux systems, we might see more issues on U/L, it is also true that Unix & Linux are better engineered from the start, easier to upgrade and more varied, all of which make them much more secure inherantly than MS solutions.

    Cheers...........

  3. It can happen by huh_ · · Score: 5, Insightful

    You all say that Unix admins know more, or that open source programs have patches out faster, but what about all those people who know little about linux and install it. They can just as easily leave their computers unpatched, running 24/7 using some cable provider. More and more people are trying out linux, it doesn't mean all of them are smart. So of course the same thing can happen.

    1. Re:It can happen by Rick+the+Red · · Score: 5, Insightful
      You're absolutely right, which is why it's just as important for Linux distributions to come locked down tight as it is for Windows distributions to come locked down tight. Microsoft isn't listening; are RedHat and the others?

      Also, Microsoft is supposed to be open to XP configuration changes by the hardware vendors. Does that extend to default security settings? If so, we can only hope that PC Magazine and the rest will rate new computers on how secure they are out-of-the-box. Are Dell, Compaq, Gateway, and the others listening? Is the computer press listening? If I know Dells come secure but Gateways ship Microsoft-default-wide-open, I'll recommend Dell to my friends and family. If I know Debian comes secure but RedHat installs wide open I'll recommend Debian. But only if I know, and I'll only know if the press does their job and tells me.

      This is a social problem, not a technical problem, and it requires a social solution. That means that everyone in the society must play their part -- the companies, the press, and the consumers. If Microsoft won't be a good citizen, bad on them. But why should they be a good citizen if their enemies are not, and especially if their friends are not?

      --
      If all this should have a reason, we would be the last to know.
  4. except by linuxpng · · Score: 5, Insightful

    don't most UNIX admins need to know something about the OS other than the size of the install base therefore actually patching their security holes in a reasonable amount of time. Let's not forget the issue is NOT microsoft's security hole. All oses have that, it's that the userbase is not up to date on installing the security fixes. We just hope everyone who bashes MS will patch their own holes come unix worm time.

  5. I'm a heretic, baby by kisrael · · Score: 5, Insightful

    I'm not a very close observer to any of these things, but it seems like the recently noticed telnetd exploit has really screwed over more sites than Code Red has, which seems more of a bandwidth hog. I mean, a years-old simple string buffer overflow giving root access on so many linux boxes is inexcusable for people trying to "sell" Linux on its general security and reliability...

    --
    SO YOU'RE GOING TO DIE: The Comic for Dealing with Death
    1. Re:I'm a heretic, baby by The+Troll+Catcher · · Score: 4, Insightful

      Of course, the very fact that you're running telnetd at all means you don't give two craps about security.Do you have ANY IDEA how easy it is to sniff passwords from telnet? I tell you, it's scary. When someone rooted a box here a while back, I looked thru the sniffer log and found working root passwords for a number of HP-UX machines here...