Slashdot Mirror

← Back to Stories (view on slashdot.org)

Viruses and Market Dominance - Myth or Fact?

Posted by simoniker on from the wash-your-hands-first dept.

rocketjam writes "An article at The Register, authored by Scott Granneman of SecurityFocus, examines the conventional wisdom that if Linux or Mac OS X were as popular as Windows, there would be just as many viruses written for those platforms. Mr. Granneman bluntly says this is wrong, then proceeds to detail the fundamental differences between those OS's and Windows which make Windows an easy and inviting target for virus-writers, as opposed to the Unix-based platforms."

4 of 736 comments (clear)

  1. Most executables are +w only by root by bersl2 · · Score: 4, Informative

    You can't infect a normal system executable from a normal user on a normal UNIX-like system which, IIRC, is how most true viruses work on Windows. There are security holes; but then again, there are security holes in all software.

  2. Re:"Normal user" by lhand · · Score: 4, Informative

    Keep in mind that your losing all your files is a lot different than hosing the entire system. The virus that affected me (say from doing something silly like running an email attachment) does not affect other users of my system. (My wife and kids use my system too. Their data would remain secure.) Finally the *spread* of the virus would be hampered because the virus could only do what *I* can do, so binding arbritary ports, hijacking the web server, infecting critical system library components, is just not possible. The virus may still spread, but it is limited as to the infection vectors available to it.

  3. Re:Linux Is Getting There, too! by plam · · Score: 4, Informative

    I was skeptical, so I used Google to look up said vulnerability. Huh. Good thing I don't use Windows!

  4. If you can't tell the difference, you'll be owned. by Population · · Score: 4, Informative

    They are very different beasties and they are handled in very different ways.

    A worm is handled by keeping your patches up to date and by NOT RUNNING ANYTHING YOU DON'T NEED.

    A virus is handled by NOT RUNNING AS ROOT.

    A trojan is handled by EDUCATION.

    Microsoft has made the spread of trojans and viruses very easy by automatically running code. Sometimes without the user even knowing that the code has been executed.

    A rootkit usually uses an exploit in a running process to install itself. In this fashion, it is similar to a worm. But it does not automatically spread itself to other machines.

    Or it could be a hacked version of ls that is executed because someone was dumb enough to have . in their path. In which case it is similar to a trojan.

    Different terms to reflect different attacks that are defeated in different ways.

    All the patching in the world will not stop a trojan.

    The best security on your email program will not matter if you're running a vulnerable version of sendmail.

    Only run what you need to run.
    Run with the minimum rights necessary.
    Don't run unknown code.
    Keep your patches current.
    Run tripwire or something similar.
    Review your logs.