£10,000 Prize for Linux Virus Challenge Re-Issued

mutantcamel writes "Eddie Bleasdale, the director of NetProject has been offering £10,000 to the first hacker to infect his Linux machine with a virus for the last two years, and so far no one has hit the jackpot. He's re-announced his challenge to virus writers following a Gartner report which told IT depts. not to trust MS server software because of recent worm attacks on their servers, but a Microsoft exec said yesterday that the hugely successful worm attacks were due to 'tardy' sysadmins."

Virus challenge ...

[zangdesign]

So ... write a virus and get rewarded for it? What kind of world do we live in where criminals get rewarded?!

I guess crime does pay ...

Re:Virus challenge ...

[DumbSwede]

Using a virus is bad, but not criminal.

If by use, you mean release, with the possibility of economic disruption by corruption of files, denial of service, etc. How is that not Criminal?

A focused attack on this one computer is probably not illegal, despite Ashcroff's pronouncements, because it is invited. If you write something, and never release it, that is probably not illegal, though of course if you write a virus, and it is discovered, and the legal system can prove (in the sense convince a jury) that there is reasonable intent to distribute, well that is problematic. Best not to write viruses in general.

For those who wish to pursue this contest, do so in an academic environment. Document your intent, your safe guards, and have your colleges review your safe guards.

This is Stupid

Keep in mind that default Redhat installation ships with many bugs that all need to be patched. Saying someone can't hack this kids linux box is a reason not to trust MS is just plain stupid. If IT dept. would patch their software and not open idiot attachments you couldnt infect MS BOXES EITHER. Its all about PATCHING, no matter which OS you use.

Think about it, most MS bugs had patches before they went widescale. If you had taken time to install these patches you wouldn't have been infected. In addition, don't open EXE's that ask for your advice and its extremely hard to infect an NT system as well.

You cant compare an upgraded and constantly patched linux box to a default Win2k installation.

Irresponisble

[Hieronymus+Howard]

Does anyone else think that it is irresponsible to try to persuade virus writers to target Linux? What happens if someone is successful and unleashes a particularly nasty linux virus on us?

Let the virus kiddies stick to targeting Windoze.

HH

Re:'tardy' sysadmins

[Skapare]

I do find myself somewhat agreeing with Microsoft on this. Bugs happen. Open source may have fewer of them, but they happen with open source, too. Very few open source systems are secure "out of the box". Any admin that assumes otherwise, for BSD, or Linux, or Microsoft Windows, is a retard. Comparing an improperly administered system of one class to a tightly secured system of another is really pointless. It's comparing a retard to someone who knows what they are doing, and cares.

Two years and Nothing??

[narfbot]

I'm guessing the virus writers gave up already. I'm sure 10,000 pounds is not worth the time of two years. It sounds to me that it's impossible. They should increase that amount by an exponent of 100 and see what happens.

But it's even more funny that they have to pay people to attempt to write a virus, on a free and open source system. This only means one thing...Linux really works!

Windows is secure ....

... provided you're not stupid.

I offer 10$ canadian (or 0.10$ US if you will) to anyone who can infect my box, 24.112.8.23.

And please no DOS attacks....

RedHat next best thing to Microsoft

[Felinoid]

Your right about RedHat. They throw together the worst Linux destro.
RedHat has lost track of the whole idea of a destro. It's a "value added" Linux.. a better Linux than you'd get if you did it yourself.
Not RedHat..

The whole point is you shouldn't need to patch it.
The defects found in RedHat and Windows are really stupid.
Yeah don't run attachments.. smart idea.. Let's rember that this is a FEATURE Microsoft ADDED. It's not a defect. Windows was made this way.
Give Microsoft a break for the first virus. Ok done.. Need the first infection to learn. Well great but the stupid patch is on the human side.

Let's also remember that Windows is designed to be "user friendly" in other words users don't know better. Linux is made with the os develupers in mind.. not the avrage user. So before you could run an e-mail virus you'd have to know enough about Linux to recognise the virus for what it is.

Now before we get ferther on the "RedHat".. RedHat is not Linux... RedHat is one single destro that compeates with Microsoft for the title of "the most bugs"... and last I heard RedHat held the title.. Not Microsoft.

Going into the past there have been many brown bag Unixes that were far worse than anything Microsoft put out. It's not like Microsoft or RedHat has ever achived the title of "all time most buggy".
But those companys went away. Pushed under by Sun Microsystems long before Linux saw the light of day.

Yes you can pick out a Linux destro that is as bad if not worse than Microsoft.. I know RedHat isn't the only brain dead destro.
So you can't just buy the first Linux destro on the shelfs any more than you could buy the first used car you see.

But you can't shop around for a better Windows.

Finnaly as I understand Windows admin are fearful of Microsoft patches. They are worried the fix will be worse than the disease...
That fear dosen't seem to be shared by Linux counterparts.

Ideally a Linux destro should be fine out of the box needing no patching. Not all destros have this advantage so you do need to shop around.

A lot more preferable to patching Windows and hoping the patches don't make things worse.

Basicly for Linux you need to train users there is no way around this.
If you want Windows to work correctly you have to train the users as well.

Now what advantage did Windows have over Linux? Not needing to train anybody.
Oh.. yeah well I guess thats not the case anymore.

There aren't any viruses for Linux at the moment.
If you want to argue the future fine be my guest but let's leave it at right now Windows has the lead in viruses. Linux won't catch up even if we wanted it to...

So wrong, where do I start?

[ttfkam]

Customers asked for an easy-to-use installer. Who delivered? Debian? Not even close. Debian is great for administration after it's installed, but getting it on the box in the first place has historically always been much harder than it needed to be.

"The defects found in RedHat and Windows are really stupid."

You haven't programmed much have you? (At all? No, patching a C file a couple of times and writing some bash scripts does not count as programming much) Most programmers know that there will be (not might be) bugs in the code. As far as stupid defects, yes they've both had their share. However RedHat is nowhere near Windows in terms of sheer volume of severe bugs. I don't know where you got your data. The last one that I saw was clearly biased (they counted general Linux bugs and RedHat-specific bugs together even though there was significant overlap).

Also note that RedHat uses newer versions of programs than most other Linux distributions. They don't hide this fact. I applaud them for it. Why? Because if they didn't, glibc2 would not have been adopted as quickly as it was. And what about the "broken" compiler that came out with RedHat 7? People railed and hollered because they couldn't compile their kernels. Actually they could, but people conveniently forgot that RedHat posted notices in big letters that they have to use the older version of the compiler to compile (oh no! you have to use kgcc instead of gcc! how will users ever figure that out, especially if RedHat explicitly tells them that they have to). Yes there were bugs in the compiler. It was patched, but the kernel still didn't build. Why not? Because there was code in the kernel that was not compliant with the C99 standard. People's C++ code wouldn't compile anymore. Why? Because a lot of C++ code is plainly incompatible with the ISO98 standard of C++. You know that thing that Slashdotters are always railing about: STANDARDS. Or do you advocate ignoring standards when they don't suit you? Wouldn't that make you like Microsoft? These are standards that were ratified and publically announced two and three years ago. How can you say that they snuck up on you?

What does C99 give you?

void myfunction ( int size ) { char foo[size]; }

Allocated on the stack so no need for malloc or free (and less corresponding bugs) and basically eliminates the hacks out there to accomplish them same like alloca.

What does ISO98 C++ give you? The Standard Template Library. 'Nuff said.

These are examples, but are indicative of a general trend.

1. New library or suite that is noticeably better comes out
2. RedHat recognizes that it is better, includes it in their distribution, tests, and releases
3. People bitch and moan about how it breaks things that don't come with the distribution
4. Everyone blames RedHat for doing a horrible job
5. Because it is being used, the library in question gets a shakedown and most bugs are worked out quickly
6. People reluctantly fix their programs to work with the updated library/suite so that they can run on RedHat
7. In the course of fixing, people come across the advantages of the new library/suite and herald its arrival
8. People deride the older version
9. People forget it was RedHat that drove the newer, better library/suite into general use
10. Goto 1 because geek memories appear to be very short

If you want a closer-to-perfect RedHat box, install a copy from two versions ago and install all of the associated patches for it. This will be about the equivalent of a standard Debian install: very secure, but quite out of date. If you run Debian unstable or testing, while having more up-to-date software, you find that many of those "stupid defects" find their way into that distribution as well.