Slashdot Mirror
Viruses and Market Dominance - Myth or Fact?
rocketjam writes "An article at The Register, authored by Scott Granneman of SecurityFocus, examines the conventional wisdom that if Linux or Mac OS X were as popular as Windows, there would be just as many viruses written for those platforms. Mr. Granneman bluntly says this is wrong, then proceeds to detail the fundamental differences between those OS's and Windows which make Windows an easy and inviting target for virus-writers, as opposed to the Unix-based platforms."
there would be just as many viruses written for those platforms Probably, there would be as many viruses written, or more, but the effect of the viruses would have been different. As to whether the effects would have been not as bad, equal or worse is difficult to answer.
New year Resolution: Don't change sig this year
If Linux becomes more popular, media recognition and increasingly "dumbed down" distros will make it a good platform virus writers.
No.
The very fact that Unix-like OSs have a concept of a "root" account (which the Windows "equivalent", "administrator", does not even come CLOSE to matching in terms of actual separation of permissions), makes it all but invincible to virii.
Yes, if Linux becomes popular enough for virus authors to target it, we'll see a round of trojans using root exploits - But unlike Windows exploits, very few of these exist to start with, and they will (and do) get fixed within a few hours of discovery.
Actually, for that reason, I think more Linux virii would help Linux security overall, as it would expose those root exploits faster than we can discover them normally. Yeah, a few boxes would suffer, but the community as a whole would benefit.
The premises of his entire argument are not very sound. He talks about how Linux is safer because it is difficult to run an attachment without knowing how to save it / set execute permissions, and how you can 'only screw up your /home directory' since you don't run as root.
_Really_ think about this one. In order for Linux to become as popular and intuitive [shiver] as Windows, things like "setting execute permissions" need to be automatic. Installing apps should be relatively simple as well. Look at Lindows! You run as root. Tie that in with a couple of "intuitive" features in a mail client, and you have a handful of rootkit'ed machines.
Plus, what if everyone magically rolled to Redhat 7.3 when it came out, ditching Windows all together? Since then, we've had two SSH vulnerabilities. Sure, those using Linux applied the necessary patches / updates and we're all safe again... probably within minutes.
But "Regular User Guy" won't apply that patch. Multiply that by a million users. Now you have millions of machines out there running a rootable linux box.
OSes will have vulnerabilities. They need to be patched. It ALWAYS comes down to the user. Will Linux be 'safer' than Windows (i.e. less vulnerabilities / worms)? Possibly. But it certainly has nothing to do with its difficulty to become root or inconveniences of a mail application.
DrPascal: Not the language, the mathematician.
Ah, the strawman. You're arguing against something he didn't say.
The platform isn't the issue. RMS said that Free Software developers seem to do a better job. This may be because of peer review, or even the threat of peer review etc.
Ciaran O'Riordan
Expert in software patents or patent law? Contribute to the ESP wiki!
You have been socially engineered by Microsoft to think that such things as one-click installs are necesarry and desirable. You have been brainwashed to believe that "if it's not as easy as possible, then it is too hard."
...
Even if you think that one-click installs are necesarry, take a look at MacOS. It allows for one-click installs, but if you the program is going to change OS code/settings, then you are warned about it and prompted for a password (a la sudo.) Of course the MS-programming-kernel that used to be your brain will probably respond that having to put in a password makes the OS "broken"
Imagine some software engineer saying "hey you know what would make things really easy for our users, if we could remotely take control of their computers, install patches/extensions, and optimize some of their hardware settings." There you go. That could make installing/setting up/maintaining complex software so much easier, right? Hey there are some really obvious security implications, but eaiser is always better right?
i wonder what the commercial applications/implications of this are? any takers?
I suspect that the commercial implications are minimal at least for a year or three. For a start, a lot of IT decision makers, i.e. accountants and people who have been promoted from middle management with little technical ability will still swallow MS's bullshit. They will also buy Server 2003, optimistically believing that it will be cure all the problems of Server 2000 in the same way they believed 2000 would cure the problems of NT.
For an example cop this survey. It apparently shows that Europe's IT directors place consistency higher than security and reliability and the human tendency to submit to fear and one's own insecurity rather than to break ranks and try something new will lead a lot of people who have no real faith in their own abilites to stick with what they know, i.e. Windows, regardless of how shit it may be, how many viruses it catches, how many customer's credit card numbers get stolen etc.. They crave stability even if what they have is flawed, at least they know where the buttons are.
In all honesty, I don't see single OS networks as being a good idea regardless of what your using. There are millions of lines of code in a modern OS and it only takes one cock-up to open a crack through which it can be broken. A lesson in genetics suggests that diversity gives you the best hope of survival when under attack or it can at least slow the attacker as they, or their virus, try to find vulnerabilties in each system.The only way that will be achieved is by opening file formats so that all platforms can exchange data with 100% transparency. This will also create a truly free market causing companies to develop software based on quality, performance, security and reliabilty rather than how pretty the GUI is and how clever this years bunch of graduate marketing twats are. The obvious side effect is the breaking of MS's monopoly and the burgeoning of a new software market that will develop ports and alternatives to existing "industry standard" stuff like AutoCad. Proprietry software companies fear this the most as they will then have to wrestle with real competition.
I still think that Linux, BSD and Mac are inherently more secure and better coded than Windows though. I also suspect the rot is so deeply set into MS stuff (with a 20 year legacy of putty eye candy before security) that they will never sort it out without a ground up rewrite, somthing they will not do unless forced to.
Linux developers on the other hand have given a security a starring role since day one and even though there are bound to be flaws they're fixed in short time by developers who don't spend the first week denying a problem exists. It's free, it does what I need and it's users give a shit. What more can I ask for.
Hmmmmmm..... Deep fried and look like Squirrel.
[scoff!]
You think the reason car thieves haven't taken advantage of weaknesses in remote unlock systems is because they're so well designed? Think again, man. The reason no one's making black-market code-grabbers for remote door lock systems is because the slim-jim class of opening tools still work. There's no reason to attempt to exploit a complicated electronic system on the front door when the back door is secured with a plastic padlock labeled "do not cut off this padlock"! If you ask me, Windows is just like cars. They add on all sorts of fancy things but don't fix the security holes that are already there.
If a job's not worth doing, it's not worth doing right.