Slashdot Mirror

← Back to Stories (view on slashdot.org)

£10,000 Prize for Linux Virus Challenge Re-Issued

Posted by CmdrTaco on from the take-two dept.

mutantcamel writes "Eddie Bleasdale, the director of NetProject has been offering £10,000 to the first hacker to infect his Linux machine with a virus for the last two years, and so far no one has hit the jackpot. He's re-announced his challenge to virus writers following a Gartner report which told IT depts. not to trust MS server software because of recent worm attacks on their servers, but a Microsoft exec said yesterday that the hugely successful worm attacks were due to 'tardy' sysadmins."

16 of 296 comments (clear)

  1. Win the price by tcc · · Score: 3, Insightful

    And will you be called a "gifted programmer" a "security expert" or a "terrorist"?

    In these times and with all of what's happening with all the laws passed, I wouldn't even dare touching that kind of contest, sure it's gonna make a possible winner popular, but could be also seen as a prime suspect for writing trojan code, and since law enforcement at higher levels often tries to find someone to blame, well, you know the rest.... (as in wrongfully accused, lack of proofs and still convicted, etc etc).

    --
    --- Metamoderating abusive downgraders since my 300th post.
    1. Re:Win the price by bugg · · Score: 2, Insightful
      And will you be called a "gifted programmer"
      If you're under-18 and live with gifted white parents.

      a "security expert"
      If you're in your mid 30s and wear a tie.

      or a "terrorist"?
      If you're an Arab, a Muslim, or are even Arab-looking.

      Sad, but probably true.

      --
      -bugg
  2. Re:Virus challenge ... by DumbSwede · · Score: 3, Insightful
    Yeah and don't forget those criminals Orville and Wilbur Wright who broke the law of Gravity.

    The point here isn't to encourage a plethora of Linux viruses, but to show how relatively safe Linux is compared to Micro-suck. Plus any security hole found, would no doubt be plugged much quicker than a Windows security flaw, which probably has to be reviewed by marketing and the legal department before a fix is forthcoming.

    --
    Letter To Iran
  3. Re:Virus challenge ... by kypper · · Score: 3, Insightful
    So ... write a virus and get rewarded for it? What kind of world do we live in where criminals get rewarded?!


    Wow... I'm sure that will get modded as troll, but he has an interesting point. I question whether some gov agency won't step in and try to arrest anyone who manages to do it.

    Remind you of the DVD-encrypt stuff? I know I am not stupid enough to try and prove to the world that I can wreak havok. Especially not now. That reward will go on unclaimed.

  4. If businesses want to make their networks secure by Skapare · · Score: 4, Insightful

    If businesses want to make their networks secure, they need to hire someone who cares and knows how, and pay well to get that person. Then don't hinder them with petty things like bureaucracy. They should report directly to the CTO or CIO, or actually be the CTO or CIO.

    --
    now we need to go OSS in diesel cars
  5. Re:This is Stupid by Anonymous Coward · · Score: 1, Insightful

    Finally someone talking sense. I don't use MS Windows so i'm not a Microsoft Lover but if you don't update programs with security patches regardless of what OS you use , you're gonna get bit.

  6. Have you ever worked as a real sysadmin? by dustpuppy · · Score: 5, Insightful

    I agree that some of the responsibility lies with the sysadmin, but then again, the OS should be designed well enough that the patches are minimal.

    I work in an enterprise unix environment and getting time for outages to apply patches is incredibly tough when you are running 24x7 systems that are critical to the operation of the customer.

    Sure, we try to patch systems when we find out about security holes, but there comes a time when you cannot simply afford to take your systems down every week to apply new patches. Now I don't deal with MS stuff so I can't comment authoritively, but it seems that the number of patches with MS products is never ending. This stops being a sysadmin problem and becomes a vendor (ie Microsoft) issue. Ultimately, it's a sloppy coding issue that lies with Microsoft.

    1. Re:Have you ever worked as a real sysadmin? by InsaneGeek · · Score: 3, Insightful

      Not to start a flame war, but your argument is fairly week. This same argument would apply Linux distros, if you went by the shear number of security issues they have had over the past years. So far this year Redhat alone has had over 54 vulnerabilities (which is more than the 42 that Windows has had so far). And don't get me started on the 2.4 kernel fiasco, it's one thing to release early and release often, but it's another to have multiple kernels get released within mere days of each other because they introduced new bugs due to sloppy code.

      I've seen a whole lot of sloppy code coming out of Unix centrix projects (gives me shivers at night). But I think that the problem that MS has is less with sloppy code (I think their code really isn't any more sloppy than the rest of the world), but their OS design around one user instead of multiple users. MS has a much better file level security model then most unix platforms (throw ACL's and you've got a contender), but everything & everybody pretty much has to have hooks as an admin user. It's really the equivalent of having Grandma sitting in front of a Linux system as a root user; if Microsoft could take the single user admin privilege (for both the user and the apps) away then the issue would really start to go away.

  7. Re:Virus challenge ... by firewort · · Score: 3, Insightful

    Just let Ashcroft call all virus-authors terrorists, then see what's criminal!

    the 4th Amendment- it was nice while it lasted...

    --

  8. Windows Update? by sharkey · · Score: 5, Insightful

    Microsoft exec said yesterday that the hugely successful worm attacks were due to 'tardy' sysadmins.

    So the admins responsible for Windows Update are considered 'tards by Microsoft? After all, windowsupdate.microsoft.com was reportedly "hacked by Chinese" this summer.

    --

    --
    "Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
  9. of course no one will win the contest... by Bacteriophage · · Score: 2, Insightful

    I'll bet that if those gifted hackers using Linux entered this contest, it would only be a matter of time before someone did it. The problem is, none of these hackers using linux want to ruin the "secure" reputation of the OS by winning this contest. Instead of worrying about ruining its reputation, try and make a virus for it so the linux community can then come up with an update for the kernel or whatever to make it secure again.

    --
    "Be regular and orderly in your life, so that you may be violent and original in your work." -Flaubert
  10. Proves Nothing by Bud+Dwyer · · Score: 2, Insightful
    I'm running Windows 98, and using a little common sense, I've never had any trouble with Viruses. Does this prove that Windows 98 is as good as Linux?


    More to the point: It's stupid and lazy people who get viruses, regardless of their OS. If Linux ever becomes widespread, it will have a bigger virus problem than Microsoft ever has.

  11. Re:This is Stupid by BlowCat · · Score: 3, Insightful
    You cant compare an upgraded and constantly patched linux box to a default Win2k installation.
    I don't understand what you are rererring to. The Gartner report discourage using IIS on maintained systems. It is not about default installations.

    The guy just holds a contest. You can do the same with a Windows box. It won't mean that you are comparing patched Windows with the default Linux installation. It will only mean that you are testing how stable patched Windows can be.

    Too bad that a lot of slashdot moderators sympatize to M$ so much that they moderate up very weak arguments that just please them.

  12. Re:something weird on netcraft by mike_g · · Score: 2, Insightful
    quoted from netcraft

    Webservers that operate behind a load balancer, reverse proxy server or a firewall will often report the operating system of the load balancer, reverse proxy or firewall server. Hence reports of 'Microsoft/IIS on Linux' indicate that either the web server is behind a Linux server that is acting as a reverse proxy, has been configured to send a different signature or Microsoft have released a version of IIS for Linux.

    And If you look at the history info for download.microsoft.com it shows that it is an akamai site. As well all know akamai runs linux.

  13. Makes me wonder... by trilucid · · Score: 3, Insightful


    I have to admit that *some* (okay, maybe a lot/most) of the infections were purely due to poor server administration. The story doesn't stop there though.

    I offer up as proof of what follows my Apache logs on my home machine for the last month. It's amazing how many machines out there seem incredibly interested in files such as "cmd.exe" and "root.exe", which (gasp!) don't exist on my Linux box. What's funnier is the fact that the vast majority of these attacks came from the BellSouth DSL network and various cable networks. I actually got to the point where I was ready to write a Perl script to grep up the nefarious log entries, nmap 'em automatically, and ship the results off to BellSouth's abuse department every 12 hours...

    The point I'm trying to make is simply that the biggest vector for the spread of this crap is home machines. MS can yap all day long about how poor admin'ing causes this, while they fail to admit that they've put horribly insecure web server software in the hands of average Joe and Jane Consumer. Now, I'm not saying it's all MS's fault; Joe and Jane are very much to blame too for not bothering to click "Start -> Windows Update" every once in a while.

    But I won't accept that MS can claim any sort of innocence on this. What about other /.'ers? How have your logs looked recently? Were the attacks on your network(s) mostly from commercial servers, or home-based machines?

  14. Tardy admins by Mark+Bainter · · Score: 2, Insightful
    Hrm. I would just like to point out that MS created admins that are afraid to apply patches. Worse yet, they created admins who don't understand their importance and relevance. They reduced the admin to a grunting buffoon and now they want to complain that they didn't do a good enough job protecting their O/S from its own shoddy development.

    --
    "No nation could preserve its freedom in the midst of continual warfare."
    --James Madison