Slashdot Mirror

← Back to Stories (view on slashdot.org)

Viruses and Market Dominance - Myth or Fact?

Posted by simoniker on from the wash-your-hands-first dept.

rocketjam writes "An article at The Register, authored by Scott Granneman of SecurityFocus, examines the conventional wisdom that if Linux or Mac OS X were as popular as Windows, there would be just as many viruses written for those platforms. Mr. Granneman bluntly says this is wrong, then proceeds to detail the fundamental differences between those OS's and Windows which make Windows an easy and inviting target for virus-writers, as opposed to the Unix-based platforms."

32 of 736 comments (clear)

  1. What about r00tkits? by Leme · · Score: 3, Interesting

    He says "There are about 60,000 viruses known for Windows, 40 or so for the Macintosh, about 5 for commercial Unix versions, and perhaps 40 for Linux."

    What about root kits? I would consider that a virus, not technically speaking, but it's still along the same lines.

    1. Re:What about r00tkits? by fupeg · · Score: 5, Interesting

      You have been socially engineered by Microsoft to think that such things as one-click installs are necesarry and desirable. You have been brainwashed to believe that "if it's not as easy as possible, then it is too hard."

      Even if you think that one-click installs are necesarry, take a look at MacOS. It allows for one-click installs, but if you the program is going to change OS code/settings, then you are warned about it and prompted for a password (a la sudo.) Of course the MS-programming-kernel that used to be your brain will probably respond that having to put in a password makes the OS "broken" ...

      Imagine some software engineer saying "hey you know what would make things really easy for our users, if we could remotely take control of their computers, install patches/extensions, and optimize some of their hardware settings." There you go. That could make installing/setting up/maintaining complex software so much easier, right? Hey there are some really obvious security implications, but eaiser is always better right?

    2. Re:What about r00tkits? by Dun+Malg · · Score: 4, Interesting
      Oh wait they did do that. How come I don't hear sudden stories about massive car thefts with remote devices that can do what the manufacturer does? Or cars that won't start because they are receiving an incorrect kill signal? Oh yeah, because in the effort to make things easier car companies took the time to make them secure.

      [scoff!]
      You think the reason car thieves haven't taken advantage of weaknesses in remote unlock systems is because they're so well designed? Think again, man. The reason no one's making black-market code-grabbers for remote door lock systems is because the slim-jim class of opening tools still work. There's no reason to attempt to exploit a complicated electronic system on the front door when the back door is secured with a plastic padlock labeled "do not cut off this padlock"! If you ask me, Windows is just like cars. They add on all sorts of fancy things but don't fix the security holes that are already there.

      --
      If a job's not worth doing, it's not worth doing right.
    3. Re:What about r00tkits? by pVoid · · Score: 2, Interesting
      The difference is humongous. It's not so blurry.

      Let me break it down to you:

      a trojan horse is code you run on your computer that doesn't do what you thought it did. In my opinion, these are mostly user stupidity.

      a virus is code being injected into a program you run normally. How it gets there is not really part of 'viral activity'. Technically, we have very few virii left these days, most fall into the trojan horse category. Virii were especially popular back in the days of DOS, when modifying a file was rather easier than trying to hide it somewhere (just cause back then you had 3 files on a 5.25" floppy and a fourth file name "DOSKill.com" would arouse suspicion. (now, people just go ahead and hide a file deep inside the windows directory.

      Worms on the other hand are completely external attacks. They propagate themselves without needing user help. Rootkits are 'manual worms'. Worms only work because of security flaws.

      That's the main difference: virii can infect *any* system, so long as the user acts stupid enough. Worms can *only* infect systems which have flaws.

      As far as I'm concerned virii are user responsability. I've never been infected with a virus or trojan horse (mainly because I never run as admin), and really a system is not really at fault if it gets a virus infection. It certainly can't be considered at fault for "making a virus writers job easier" by having easier APIs. After all, one of the ten security commandments are: If your enemy gets you to run code on your computer, it's not your computer anymore.

    4. Re:What about r00tkits? by pVoid · · Score: 2, Interesting
      Yeah, but:

      software installation isn't a daily chore.

      that some software you talk about unfortunately sucks, and should be pressured (by voting with dollars, or by complaining) to be fixed. Blaming OS is not the solution. Said software would run improperly on any system that has a security subsystem.

      PS. as much as it is a PITA for me to run as non admin too, I do get by. Here's two pieces of advice:

      Shift right clicking on an executable will allow you to "Run As...". You can't complain about that because it's basically the equivalent of typing su in *nix and then typing your password. And with WindowsXP they've even made it intelligent enough that the interactive user's environment is loaded.

      Also, the only time you really do need to run as power user or admin is if you want to attach debuggers to other process. Now, I think it's not well known by most people, but in WinXP, you still have the plain vanilla user managment MMC. By default now, users are in the Users group (where as in NT/2k they were in Power Users). You can always add users to the power user group in XP. You can also grant SE_DEBUG_PRIVILEDGE manually to a user group via the security policy manager.

      Last point is loading device drivers. Again only Power Users and up can do that... and you can make yourself a power user, but you should realize you are basically allowing any code to tamper with your kernel by having this priviledge - use at your own discretion. Again, normal programs shouldn't have to load device drivers. The only real annoying thing I've seen is software that requires dongles... But even then, they generally run a seperate service with a different user credential that is in charge of loading the DevDriv.

      All in all, really, there is absolutly no excuse for running as admin.

  2. yes, but the effect might be different by civilengineer · · Score: 5, Interesting

    there would be just as many viruses written for those platforms Probably, there would be as many viruses written, or more, but the effect of the viruses would have been different. As to whether the effects would have been not as bad, equal or worse is difficult to answer.

    --

    New year Resolution: Don't change sig this year
    1. Re:yes, but the effect might be different by pebs · · Score: 5, Interesting

      Take a look at this somewhat related article. It looks almost like its a response to reading Slashdot and responding with a troll.

      --
      #!/
    2. Re:yes, but the effect might be different by flossie · · Score: 2, Interesting

      It was a really good bit of writing until it started going out on a limb to attack Karl Marx and communism half way down the second page. It got a bit predictable there, I wasn't really very surprised to see the old Linux=Communism=Bad equation popping up on the third page.

      --
      flossie

      Write now. Defend liberty

    3. Re:yes, but the effect might be different by ergo98 · · Score: 2, Interesting

      " so, from what this article is saying, lets add more steps and go the complicated way. Thats not what needs to happen."

      This is exactly what the article seems to be saying -- the author is trying to make lemonade out of lemons that a lack of functionality entails.

      This article is generally clueless, and often contradictory, claptrap. It's hardly surprizing that it was "published" on the Register. Let me summarize the article:

      -Linux is more secure because it has less features, forcing the user through more steps to accomplish what they are trying to do, thereby weeding out the clueless.

      -Linux is more secure because most clueful admins run as non-root, while most Windows boxes run as admins. Of course when user friendliness comes into play, users end up running as root too (Lindows).

      -Windows sucks because it pushes code and component reuse, such as the use of Internet Explorer as the HTML rendering engine in Outlook and Outlook Express. This is unlike Linux, oh except for Konquerer and Mozilla that both use modern software reuse, but they're better anyways.

      What is the point of this article? If he simply wants to say "Linux users in general are more clueful", or "lack of features keep out the clueless", or "Linux software is just written better", then he could just say that. Instead it's some ramblings that don't add up. Real security is something like the sandboxed Java or .NET environments, not the fact that your email client is telnet and you don't know how chmod works.

  3. his worst argument... by BobTheLawyer · · Score: 3, Interesting

    is that the relative difficulty a newbie has doing things in Linux makes it more secure.

    And the network effect he mentions is really just a more sophisticated version of the "everybody uses Windows" argument he disparages.

    I'm not qualified to comment on his technical arguments...

    1. Re:his worst argument... by TheFrood · · Score: 2, Interesting

      is that the relative difficulty a newbie has doing things in Linux makes it more secure.

      So you're saying that Linux should make it easier for users to run scripts and executeables they receive in the mail?

      TheFrood

      --
      If you say "I'll probably get modded down for this..." then I will mod you down.
    2. Re:his worst argument... by mcdrewski42 · · Score: 3, Interesting

      As far as I can determine from his article the synopisis is:

      Some people say that number of virii per platform will be roughly equivalent to that platform's marketshare. They are wrong. Windows is different to the other platforms because:
      1) On Windows, applications share architecture making cross-contamination easier.
      2) On other platforms, there are more steps to perform to accomplish simple tasks than on Windows (implying that users really need to work at it to get infected).
      3) On Windows platforms, most people run with admin rights because that's the default.
      4) On Linux, most people don't because they're smart.

      I have to say that I am an OSS advocate and Linux user, but I disagreed with almost everything this person says. To take his points on two basic levels:

      1) The fact that 'consumer' applications and operating system are largely lumped together conceptually by users on Windows platforms is something the Linux community aspires to, not their key differentiator.

      2) The idea that 'most' linux users don't run as root/admin, and 'most' Windows users do is not related to the operating system at all, but to the level of knowledge of each platform's user base. If Linux were to reach the unwashed masses' desktops then most there would either run as root, or have a very simple one-click method to run things as root (ie: to install stuff).

      At the end of the day the social engineering of a trojan/virus on a linux box comes down to nothing more than writing a "hey check out this screensaver" perl script with an ascii encoded payload which prompts for the root password "to install it". Bada-boom, 'one-click' linux infection for the masses.

      --
      /* affect != effect */ void affect(int *thing,int effect) { *thing += effect; }
    3. Re:his worst argument... by M.C.+Hampster · · Score: 2, Interesting

      If Linux were to reach the unwashed masses' desktops then most there would either run as root, or have a very simple one-click method to run things as root (ie: to install stuff).

      Sounds like Lindows...

      --
      Forget the whales - save the babies.
    4. Re:his worst argument... by dekashizl · · Score: 2, Interesting

      I do agree that Windows is sadly insecure. But... Most of the argument in this article are based on a fallacious view of computers as the same home-built hobby kits they were 30 years ago.

      Analagous claim:
      You are less likely to get food poisoning from home-cooking than eating in a restaurant.

      Analagous argument:
      It is more difficult to prepare a meal at home than to order one in a restaurant, therefore you are less likely to do it, and therefore less likely to get food-poisoning.

      My response (to both article's and analagous argument):
      I agree with the claim, but the fact that something is more difficult is not always a positive feature that is fundamental to that thing. By learning to cook or hiring a chef, home-cooked meals become easier. And by Linux software maturing beyond nerd-oriented "mail readers" into productivity suites that normal people will actually use (wherein you CAN actually click on something to run it without jumping through hoops with temp folders, chmods, and sus), so will Linux begin to fall victim to the same ease-of-use that the author holds in his crosshairs.

    5. Re:his worst argument... by CharlesEGrant · · Score: 2, Interesting
      On a UNIX box, if I'm signing on as me (non-admin type), then I can feel pretty good about general security

      People keep saying this, but it totally ignores all of the escalation of privilege bugs that are floating around. See for example here for a recent example on OS X.

      If an ordinary UNIX user can be tricked into running a program, that program can then look for one of the hundreds of common bugs that allow escalation of privilege, and then install itself as root. This can be prevented by keeping current on your patches, and being careful about your configurations, but then you can keep a Windows box relatively secure by the same process. The trouble is that it's a lot of work and seems to be beyond the resources of most casual users regardless of which OS they use.
  4. Well, he bluntly says it's wrong... by lgordon · · Score: 1, Interesting

    The author seems to have a single point--Unix machines have security built in at a ground level (primarily because the root user really is the only one with power to mess things up) and a bunch of fluff material to fill out the article. I figured this guy would look at the systems from a usability standpoint and realize that sometimes you need an OS that has to allow you to install things even if you are clueless, because you don't have a full time system admin. Maybe if he spent more time researching what people actually use computers for instead of using his security buzzword hammer (Social Engineering!) he might have actually put together an insightful article instead of a bunch of not well thought out drivel.

  5. Missing the point? by psydid · · Score: 3, Interesting

    Seems the author misses the very obvious point that many of the weaknesses in Windows are there for user-friendliness. Making it easier for users to open attachments & see HTML mail is practically a requirement for the great mass of users. Yes, they're clueless, and yes, it would be nice if they could get over their fear of slightly more complex interfaces. But it ain't gonna happen.

    Yes, if Linux _in its current form_ was as common as Windows, it would be be much more secure. But we might as well wish for green eggs & ham ... Linux in its current form will never be as popular precisely BECAUSE of those same limitations. It's practically a tautology that any popular operating system, in order to become popular, must make compromises that make worms inevitable.

  6. Symantec Makes It Worse by Anonymous Coward · · Score: 2, Interesting

    Symantec's new 2004 package with required product activation is highly entertaining, as it now suggests that I buy four! copies for my personal PCs alone.

    Give them a call and tell how you feel.

    1-408-253-9600. Hit 3, and then ask to speak to a senior supervisor.

  7. Re:Linux Is Getting There, too! by pla · · Score: 5, Interesting

    If Linux becomes more popular, media recognition and increasingly "dumbed down" distros will make it a good platform virus writers.

    No.

    The very fact that Unix-like OSs have a concept of a "root" account (which the Windows "equivalent", "administrator", does not even come CLOSE to matching in terms of actual separation of permissions), makes it all but invincible to virii.

    Yes, if Linux becomes popular enough for virus authors to target it, we'll see a round of trojans using root exploits - But unlike Windows exploits, very few of these exist to start with, and they will (and do) get fixed within a few hours of discovery.

    Actually, for that reason, I think more Linux virii would help Linux security overall, as it would expose those root exploits faster than we can discover them normally. Yeah, a few boxes would suffer, but the community as a whole would benefit.

  8. How MS does "security" in Outlook by Anonymous Coward · · Score: 1, Interesting

    In MS clients "Exchange Client" and later "Outlook" somebody who receives text in written with Word (yes they did it before) or HTML simply can't even choose "view always as plain text".

    MS added it this feature to Outlook 2002, but you get it together with the famous "activation" which is there not "to protect piracy", but to make you pay for a new Office each time you change machine (since activation IS bound to the hardware)! Talk about MS tax.

  9. Re:Linux Is Getting There, too! by BigBir3d · · Score: 2, Interesting

    My thoughts exactly. While I was reading his arguments, I was thinking "Y'know, half of these reasons are *why* more people don't use Linux...".

    Ditto.

    His argument boiled down to; linux is more secure because it is harder to deal with. By harder, I mean more steps (save, chmod, etc).

    There are plenty of linux servers out there right now that have been 0wn3d by nefarious types, to do their bidding. spamhaus.inc doesn't just 0wn windows servers to do their bidding. But that is not a convenient argument, so I guess we shouldn't go there.

  10. This seems very naive by DrPascal · · Score: 4, Interesting

    The premises of his entire argument are not very sound. He talks about how Linux is safer because it is difficult to run an attachment without knowing how to save it / set execute permissions, and how you can 'only screw up your /home directory' since you don't run as root.

    _Really_ think about this one. In order for Linux to become as popular and intuitive [shiver] as Windows, things like "setting execute permissions" need to be automatic. Installing apps should be relatively simple as well. Look at Lindows! You run as root. Tie that in with a couple of "intuitive" features in a mail client, and you have a handful of rootkit'ed machines.

    Plus, what if everyone magically rolled to Redhat 7.3 when it came out, ditching Windows all together? Since then, we've had two SSH vulnerabilities. Sure, those using Linux applied the necessary patches / updates and we're all safe again... probably within minutes.

    But "Regular User Guy" won't apply that patch. Multiply that by a million users. Now you have millions of machines out there running a rootable linux box.

    OSes will have vulnerabilities. They need to be patched. It ALWAYS comes down to the user. Will Linux be 'safer' than Windows (i.e. less vulnerabilities / worms)? Possibly. But it certainly has nothing to do with its difficulty to become root or inconveniences of a mail application.

    --
    DrPascal: Not the language, the mathematician.
  11. Re:Windows viruses and GNU/Linux by ciaran_o_riordan · · Score: 4, Interesting

    Ah, the strawman. You're arguing against something he didn't say.

    The platform isn't the issue. RMS said that Free Software developers seem to do a better job. This may be because of peer review, or even the threat of peer review etc.

    Ciaran O'Riordan

    --
    Expert in software patents or patent law? Contribute to the ESP wiki!
  12. Some early viruses ran only on UNIX! by c13v3rm0nk3y · · Score: 2, Interesting

    The part I find ironic about this article (most of which I agree with) is that some of the world first viruses were written for, and designed to run on, UNIX.

    At least the early work by Dr. Fred Cohen was certainly done on a variety of boxes, and UNIX figured prominently.

    The shell viruses were particularly interesting to me.

    His book A Short Course in Computer Viruses, ASP Press (1991) is a fantastic read, even for it's age.

    --
    -- clvrmnky
  13. The ONLY reason that Linux has fewer viruses by dilvish_the_damned · · Score: 2, Interesting

    Is becouse I havent written them yet.
    J/K
    It is an interesting point that the author inadvertently brings up: As Linux becomes more talerable to the masses, security is likely to suffer. Or, as security suffers, Linux will become more tolerable to the masses.
    Most users will point to the new shiny things on their desktop and go 'Looky at what I can do!!'. Security takes a far second even if they are aware of the problem.
    Making things hard to do is not the answer. Making things easy to accomplish while maintaining some semblance of security would seem the desirable path. I understand this can be a difficult proposition but trying to leverage the users ignorance to form some sort of security model is just plain counterproductive.
    I think this article points out a shortcoming in the Ease Of Use dept. The rest wouldnt appear all that insightfull.

    --
    I think you underestimate just how much I just dont care.
  14. Re:40 Mac Viruses by 90XDoubleSide · · Score: 2, Interesting

    No viruses have been written that work under Mac OS X yet. See: http://www.macobserver.com/editorial/2003/08/29.1. shtml

    --
    "Reality is just a convenient measure of complexity" -Alvy Ray Smith
  15. Re:interesing by mormop · · Score: 4, Interesting

    i wonder what the commercial applications/implications of this are? any takers?

    I suspect that the commercial implications are minimal at least for a year or three. For a start, a lot of IT decision makers, i.e. accountants and people who have been promoted from middle management with little technical ability will still swallow MS's bullshit. They will also buy Server 2003, optimistically believing that it will be cure all the problems of Server 2000 in the same way they believed 2000 would cure the problems of NT.

    For an example cop this survey. It apparently shows that Europe's IT directors place consistency higher than security and reliability and the human tendency to submit to fear and one's own insecurity rather than to break ranks and try something new will lead a lot of people who have no real faith in their own abilites to stick with what they know, i.e. Windows, regardless of how shit it may be, how many viruses it catches, how many customer's credit card numbers get stolen etc.. They crave stability even if what they have is flawed, at least they know where the buttons are.

    In all honesty, I don't see single OS networks as being a good idea regardless of what your using. There are millions of lines of code in a modern OS and it only takes one cock-up to open a crack through which it can be broken. A lesson in genetics suggests that diversity gives you the best hope of survival when under attack or it can at least slow the attacker as they, or their virus, try to find vulnerabilties in each system.The only way that will be achieved is by opening file formats so that all platforms can exchange data with 100% transparency. This will also create a truly free market causing companies to develop software based on quality, performance, security and reliabilty rather than how pretty the GUI is and how clever this years bunch of graduate marketing twats are. The obvious side effect is the breaking of MS's monopoly and the burgeoning of a new software market that will develop ports and alternatives to existing "industry standard" stuff like AutoCad. Proprietry software companies fear this the most as they will then have to wrestle with real competition.

    I still think that Linux, BSD and Mac are inherently more secure and better coded than Windows though. I also suspect the rot is so deeply set into MS stuff (with a 20 year legacy of putty eye candy before security) that they will never sort it out without a ground up rewrite, somthing they will not do unless forced to.

    Linux developers on the other hand have given a security a starring role since day one and even though there are bound to be flaws they're fixed in short time by developers who don't spend the first week denying a problem exists. It's free, it does what I need and it's users give a shit. What more can I ask for.

    --
    Hmmmmmm..... Deep fried and look like Squirrel.
  16. OS X Administrator != root by MacDork · · Score: 3, Interesting

    The reason it asks for a password is that an OS X 'administrator' is not root. It's staff. There is no root account by default. You have to enable that purposely. The point is that if you double click something that looks like a picture file and it asks you for your admin password, you KNOW something is up. On Windows, double click and you're dead. If it doesn't ask and you're running as an Admin, it might wipe out /Applications and ~/, but it can't touch /System or any other user's files. If you run as a regular user, then only ~/ can be hosed.

  17. Re:whatever by antiMStroll · · Score: 1, Interesting

    Outlook Express is easily uninstalled in 2k. It's part of our regular install routine. Add-Remove Programs and pick the left most bottom icon. Simple as pie. Thanks DOJ!

  18. Re:I hate this argument. by tconnors · · Score: 2, Interesting

    You missed the point. While wiping /home would be 'unfortunate' for you, it reduces the virus' spread.

    Since this article is about the spread of virii on popular systems, let's concider for the moment how most people use computers. Most people have one computer to themselves. They will set up an account for themselves, and probably their entire family uses that one account. They store a year's worth of data on it, and then a virus comes along. Now, you are saying, well, it's only limited to the one account. For most people, this is everything. The OS can be reinstalled. Everything is reproducable, *except* for the data in the user's home directory. And this is precisely the stuff the virii will delete.

    Now, concider the action of spreading. What about being an unpriveleged user stops the spreading of the virii? Blocking of ports below 1024? Doesn't affect sending an email to everyone on the address book.

    The guy also talks about how the lack of a dominant monoculture means virii will never spread under linux (despite the argument being that when Linux is dominant, virii still won't spread). Intel vs AMD vs alpha vs MIPS, whether the user uses mozilla or kmail. Well, condider that when Linux is popular, most people will settle on the program that gets set up by default on the default desktop, using the most popular distribution. We don't see a monoculture *today*, because most Linux users use what they prefer, not what comes by default. Oh, and of course, on an Intel box.

  19. Re:Operating System bugs vs Application level bugs by skurken · · Score: 2, Interesting
    As long as there is software there will be bugs, no matter where it is run.

    I'm not so sure. Lots of errors are introduced simply because programmers write too much new code. Programmering as it is done today is not a branch of engineering, its a craft. One way to industrialize programming would be to go the same way as say civil engineering.

    A civil engineer doesn't design new building elements each time she designs a new structure. Buildings and bridges are constructed from standardized elements with known characteristics and which can be manufactured efficiantly and with high quality.

    Doing the same in programming would perhaps be along the lines of using higher level languages for application development, using real, standardized component frameworks with immutable components and perhaps use a bit of computer science and make (mathematically) sure that what we do will work.

    All this will limit the flexibility that e.g. coding everything from scratch in C will give, but it could also help reducing the number of defects in common software. Bottom line is: if we want to be an industry, we better start behaving like one!

  20. Re:interesing by Biscit · · Score: 2, Interesting

    We run both Windows 2000 and Linux here, but Linux is restricted to development of linux based embedded systems. The view of one IT porffessional I have spoken to is that linux is a vast security hole, his main reasoning being that as the source code of Windows is not publically available, and all the source for linux is easily found, Windows must be intrinsically secure!