Slashdot Mirror
Viruses and Market Dominance - Myth or Fact?
rocketjam writes "An article at The Register, authored by Scott Granneman of SecurityFocus, examines the conventional wisdom that if Linux or Mac OS X were as popular as Windows, there would be just as many viruses written for those platforms. Mr. Granneman bluntly says this is wrong, then proceeds to detail the fundamental differences between those OS's and Windows which make Windows an easy and inviting target for virus-writers, as opposed to the Unix-based platforms."
He says "There are about 60,000 viruses known for Windows, 40 or so for the Macintosh, about 5 for commercial Unix versions, and perhaps 40 for Linux."
What about root kits? I would consider that a virus, not technically speaking, but it's still along the same lines.
by Anonymous Coward on 05:25 PM October 6th, 2003 (#7148096)
Opinions are like assholes, everyone's got one.
And they all stink.
there would be just as many viruses written for those platforms Probably, there would be as many viruses written, or more, but the effect of the viruses would have been different. As to whether the effects would have been not as bad, equal or worse is difficult to answer.
New year Resolution: Don't change sig this year
is that the relative difficulty a newbie has doing things in Linux makes it more secure.
And the network effect he mentions is really just a more sophisticated version of the "everybody uses Windows" argument he disparages.
I'm not qualified to comment on his technical arguments...
"Check out this wicked screensaver!!!! But it um, only runs as root, so you have to su first. Also, chmod and make it executable, please. Thanks!"
I think Windows systems suffer more from vulnerabilities at the operating system level (possibly because it tried to integrate so many things) than application level (though they do exist). In Unix like environments, it is the opposite. The operating system is generally secure against remote attacks but it is the applications that run on top of the OS that introduce vulnerabilities.
As long as there is software there will be bugs, no matter where it is run.
Since many Linux distributions are trying hard to get convert desktop users, they are also diminishing the steps required for the launching of an executable virus thus, diminishing security.
If Linux becomes more popular, media recognition and increasingly "dumbed down" distros will make it a good platform virus writers.
For us oldsters, who were around when Microsoft finally woke up to the significance of the internet, the security problems that M$ faces coincide with their desire for market dominance.
MS quickly created some powerful internet enabled applications. Outlook is the best example. In order to provide so many 'innovative' goodies and features they had to sacrifice security. Deep system hooks and then trying to justify their inclusion of Internet Explorer forced them to tie IE deeply to the system. A great example of short term profiteering at the cost of long term credibility.
Just my opinion. But I am 37 and my degree is in International Relations!
ONE LOVE!
Grampy
I'm not sure if this is a troll or not, but Linux is indeed UNIX-based. It is "inspired by" UNIX (as opposed to having code in common).
Linux uses all of the old UNIX concepts of fork(), inodes, etc. For non-UNIX inspired systems, see OS/400, VMS, etc. These do not have UNIX primatives.
As a Linux user, I am proud that Linux is a UNIX derived (at least in spirit) system. It has a base of history, knowledge and experience from which to build. Would starting purely from scratch be better? I hardly think so.
I learned UNIX programming on SunOS. My SunOS knowledge works just fine on Linux (although not on OS/400 and hardly on Windows... unless you count what little POSIX compliance they barely put in).
Long live UNIX/Linux!
Sarcasm and hyperbole are the final refuges for weak minds
Isn't the fact that Windows's vulnerabilities are well known a product of its widespread use? I mean, this just sounds like a self-fulfilling prophecy of sorts.
Not that it matters to those of us who never patch, no matter what OS you're running. I administer a Win2K based server that has remained stable because I patched it religiously and made sure that it was not easily compromised, and so far nothing has happened to it. (In fact, I had a "white hat" come in and try the usual round of exploits on the box, and none worked.)
OTOH, a friend of mine administering a Linux server was too busy bragging about his non-stop uptime to upgrade to a non-exploitable version of Apache and got his site defaced. Twice.
It's not the OS, it's what you do with it.
Honorary Member of Jackie Chan's Kung Fu Process Servers
Please. Let's just remove this comment.
RMS commented on this issue earlier this year:
There are several reasons why GNU/Linux has few viruses:
If everyone switches to GNU/Linux, reason 4 will go away, but not the others. Therefore, people can expect to have much fewer virus problems in a world of GNU/Linux users than then have now with Windows.
--END-OF-RMS-TEXT--
Expert in software patents or patent law? Contribute to the ESP wiki!
If people just stopped using Outlook and only used plain text email there'd be much less of a security problem... I doubt Gabe over at Valve is going to be using it again any time soon.
Luckily I've already responded to the author in person before this became /.ed.
As I've pointed out to the author, being just a "normal user" is enough to let the virus spread and to destroy the "normal" users documents.
I keep seeing this argument over and over again when talking about system stability. But my system would be next to useless if all my documents and configurations would be gone. Maybe it would be easier to recover from backup instead of a full reinstall, but that would be it.
Most pc's out there are single user (or single family) computers, instead of the old multi-user mainframes. All the important data are in reach of the virus.
If I get a response I will let you know...
Yes, until someone decides to add that functionality to a mail program. Things like having a 4 step process to read email attachments is WHY linux is not seeing mainstream growth. The average person cares a heck of a lot more about convenience than security.
Seems the author misses the very obvious point that many of the weaknesses in Windows are there for user-friendliness. Making it easier for users to open attachments & see HTML mail is practically a requirement for the great mass of users. Yes, they're clueless, and yes, it would be nice if they could get over their fear of slightly more complex interfaces. But it ain't gonna happen.
... Linux in its current form will never be as popular precisely BECAUSE of those same limitations. It's practically a tautology that any popular operating system, in order to become popular, must make compromises that make worms inevitable.
Yes, if Linux _in its current form_ was as common as Windows, it would be be much more secure. But we might as well wish for green eggs & ham
One of the things that makes Linux a poor target for virus writers is an almost bewildering array of platforms, kernels and architectures.
/etc.
System binaries are often in different places even on the same distribution, depending on whether you are using package management or compiling source and sometimes run as different users.
I've seen about 5 diffenent schemes for laying out apache on the disk and i bet theres tonnes more. and i've seen some old solaris admins that move to linux feel the need to move important binaries into
there are alot of reasons why linux has less viruses than windows and none of them have to do with marketshare or bad admins. That being said, i wonder if it couldn't hurt to fuck with your filesystems just in case i'm wrong...
Any OS is only as secure as the user. When an OS has as much market dominance as windows, it will have a lot of stupid users who do things like open email attachments and not install security patches.
That's why any dominant OS will be a prime target for virus writers.
Jason
ProfQuotes
You can't infect a normal system executable from a normal user on a normal UNIX-like system which, IIRC, is how most true viruses work on Windows. There are security holes; but then again, there are security holes in all software.
Windows "out of the box" is as wide open as the goatse.cx guy. Linux by default usually has some tiny backdoors (say, unpassworded LILO) and is generally hard to break into. Now assume, breaking into the system using self-sustaining program (like virus - you deploy and it proceeds on its own, without "external help") is quite a bit harder than breaking in "manually" (i.e. trying diferent exploits, snooping, spoofing etc). If Linux is so much harder to break in manually, it's just as much harder to spread viruses.
Plus the "flavour" factor. If there were as many as different "windows distributions" and windows was as customizable as Linux, the viruses would have much harder time to find "exploitable system".
Now, when we are past the political differences, we may consider how "technically" harder is it to write Linux viruses.
45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
While poor programming may lead to holes, it is only widespread use (and frequency of use) that brings these holes to the surface. There are all sorts of holes found in Linux, BSD's, many open source software, etc, and considering their user base is much smaller, one could venture and say the products put out by microsoft are actually *safer* than open source. Think about it!
A blog like any other.
It is clear the author of this twaddle has never worked with the masses supporting any type of computer system. If he had, he would know that explaining the steps to open an email attachment and giving it executable permissions to 80% of end users would be like teaching a dog to drive. I get the same blank stares from my "charges" every day while explaining the most rudementary computer related tasks. If I hear "I am not a compter person" one more fricking time, I am going to go on a 5 state killing spree!!
I welcome the ease of use of Windows and I am happy to pay for the virus protection and fix an occaisional fuck-up. At least it keeps those blank stares from cluttering up my dreams at night.....
What about wrapping a virus around a rootkit?
Once anything has root access, it's tough to stop it from making a great many changes to a system, and worming into other systems with the same vulnerability.
This isn't very different at all from the Windows viruses, where almost everything runs with admin access.
I'd say that Linux is a VERY tempting target on the server front, it's just that those systems aren't only under a more watchful eye than the common workstation, they're also usually locked down more tightly out of paranoia.
Now that Win2000/XP has a "Run As" feature built in, home users really shouldn't have default admin access anyway, so it's more of an issue of defaults than anything else.
This is, of course, coming as long-time Linux admin/Windows PC owner/current Mac OS X user. I've seen all three platforms, and Windows isn't really that bad if you just a) set it up properly, and b) train the users. Perhaps if Microsoft actually made a point of enabling privilege separation out of the box, it wouldn't have all these problems. Of course, this is exactly what's wrong with Lindows, ironically enough. It's engineered just fine, it's just not set up right.
Raptor
"Procrastination is great. It gives me a lot more time to do things that I'm never going to do."
Symantec's new 2004 package with required product activation is highly entertaining, as it now suggests that I buy four! copies for my personal PCs alone.
Give them a call and tell how you feel.
1-408-253-9600. Hit 3, and then ask to speak to a senior supervisor.
The number of viruses doesn't map directly to "OS is safer." There are lots of factors, like motivation to create malware, and ease of injection that come into play, and ease of injection is an application issue more than it is an OS issue. Small modifications to the most popular mail application on each platform would have more effect (discounting worms) than anything else outside of motivation of malware authors.
.exe to anything else and click on it on a Windows host.
Secondly, the author obviously lacks clue- modern Windows OS' do *not* execute files based on file type, its a combination of reading the first N bytes of the file, and file type. Rename any
If you have to go back 4 years to get security bulletin examples, it's because you don't have sufficient information- there are ~30 unpatched IE vulnerabilites that affect IE and Outlook that are public, and another ~20 that aren't. You don't have to go back to 1999 to find examples of why the platform is seriously hosed.
It's also too bad the author doesn't address rootkits, because it's important to give some overall malware pictures to show that everything isn't rosy on either side of the fence.
*nix is definitely in a better default state, but it's not the OS that makes that possible (heck, NTFS has filesystem attributes that could likely help.) It's too bad someone with a better understanding of the issues didn't write this article, there are too many holes for serious *doze admins to poke in this one to make it worth passing around.
[Addressing exec-shield and worms would have given a really good argument for Linux, for instance.]
Paul
http://www.pauldrobertson.com
it isn't the OS's fault, it is outlook and if linux blows up, then "outlook for linux" would be just as vunerable
Outlook Express isn't removable from Win2k onwards. MS considers it part of the OS. So it is the OS's fault.
If Linux came with unremovable email clients, then your argument would be valid.
For those interested, there's a rebuttal linked from Newsforge which pretty much summarizes a lot of the points made here.
Direct link to the article here.
I do wish I could get a good, clear, Linux-favoring argument on the security level (or any other level for that matter). I really am concerned about personal zealotry and the less I come off as a Penguinoid, the more believable/convincing I would be.
One of the things the author touches on, but fails to grasp fully, is that, part of the reason Linux is not now, and won't be for some time, adopted by Joe Sixpack, is that it is a complex PITA to install and run stuff on. Average people like simple. They want to get an email from George down the hall, with an attachment, click on it and have it run. If this means that they have to login as root all the time, and just give everything execute permissions, they will. The author recognizes that most of the problems exist between the chair and the keyboard, but then gives some nebulous, hand wavy, excuse that, if the world ran Linux, people would be better educated. Bullshit. People are going to be just as lazy, and just as ignorant about computers as they are now, they are going to do those dumb things that get them in trouble now, no matter which OS they are running. Even the added complexity will give way eventually. Someone will realize that they can make money selling a version of Linux that is "easy to use". And people will buy it, because they don't want to deal with the hassle. While I realize this is anethma to the /. crowd, most people don't care about the ability to modify the kernel if they want to (they don't!). They just want that 'puter thingy to show them the screen saver their friend sent them, and if they have to choose between a really secure OS, and one that just does it, they will pick the one that just does it. They will install programs that allow them to just run executables in an email, hell most of them will probably install a mail client that automatically launches executables if they think it will make things even eaiser on them. Face it, most people are scared of computers, and if they have to do anything more complex than launch OE and solitare, they are lost, and the author expects them to change, why? Because the Linux advocates will teach them better, he says this while ignoring the fact that many of us who deal with Windows on a daily basis have been trying rather hard to get people to lock up their Windows boxes a little better, without any success. Heck, my own girlfriend bitches about Mozilla on my machine, because it actually does things like block cookies, pop-ups, and java-script, unless you tell it otherwise. And she's probably a bit better about computers than the average person. Sure, the viruses will be different if/when Linux takes over the desktop (and establishes its own monoculture, probably be either RH or Lindows), but there will always be a security hole in the chair/keyboard interface.
Necessity is the mother of invention.
Laziness is the father.
Most of the arguments presented by the article can be dismissed once the lowest common denominator is taken into account. Your average *CONSUMER* does not like having computers being more complicated than they 'really need to be'.
If and when the so-called great Linux revolution occurs, distros will have to keep the needs of the average consumer in mind. Y'know, the people who outnumber your average slashdot reader in droves? Most of these people have no desire or need to really learn anything beyond what it takes to turn on the machine, open a browser and check their email, maybe running an IM client and the occassional game. Having any expectations of them learning commandline tools such as chmod is pushing it. Microsoft's design choices weren't always out of their own stupidity so much as knowing the majority of potential customers -- the customers with the biggest numbers, thus ones you'd need to be a dominant OS -- aren't informed and *don't wish to be*.
Feel free to wring your hands over it.
The premises of his entire argument are not very sound. He talks about how Linux is safer because it is difficult to run an attachment without knowing how to save it / set execute permissions, and how you can 'only screw up your /home directory' since you don't run as root.
_Really_ think about this one. In order for Linux to become as popular and intuitive [shiver] as Windows, things like "setting execute permissions" need to be automatic. Installing apps should be relatively simple as well. Look at Lindows! You run as root. Tie that in with a couple of "intuitive" features in a mail client, and you have a handful of rootkit'ed machines.
Plus, what if everyone magically rolled to Redhat 7.3 when it came out, ditching Windows all together? Since then, we've had two SSH vulnerabilities. Sure, those using Linux applied the necessary patches / updates and we're all safe again... probably within minutes.
But "Regular User Guy" won't apply that patch. Multiply that by a million users. Now you have millions of machines out there running a rootable linux box.
OSes will have vulnerabilities. They need to be patched. It ALWAYS comes down to the user. Will Linux be 'safer' than Windows (i.e. less vulnerabilities / worms)? Possibly. But it certainly has nothing to do with its difficulty to become root or inconveniences of a mail application.
DrPascal: Not the language, the mathematician.
I don't like the way he keeps mentioning OS X in the same breath as Linux, but neglects to point out the differences.
OS X was designed from the beginning as a desktop OS, and the designers have taken these issues into account. For one thing, the root account is disabled. It is not trivial to enable the root account, and it isn't even necessary.
Secondly, even though OS X ships with a standard mail client it's a good mail client. It can't run applications or scripts with a single click, HTML email is limited to display, no JavaScript can run, and plug-ins don't work.
I wonder if Apple should thank Microsoft for setting such a bad example!
www.lucernesys.comHorizon: Calendar-based personal finance
The part I find ironic about this article (most of which I agree with) is that some of the world first viruses were written for, and designed to run on, UNIX.
At least the early work by Dr. Fred Cohen was certainly done on a variety of boxes, and UNIX figured prominently.
The shell viruses were particularly interesting to me.
His book A Short Course in Computer Viruses, ASP Press (1991) is a fantastic read, even for it's age.
-- clvrmnky
I just realized, damn it, I've been trolled again.
There is no trap so deadly as the trap you set for yourself
-Raymond Chandler, The Long Goodbye
As a Linux user, I am proud that Linux is a UNIX derived (at least in spirit) system. It has a base of history, knowledge and experience from which to build. Would starting purely from scratch be better? I hardly think so.
Now if you could remit to SCO $699.00 we would appreciate it.... Darl McBride
MacOS Classic used to have many of the same programs as Windows such as Outlook and stuff and the os has only one user with full access (aka root access). Still, there were not as many virus problems as Windows has, then and today. May be there is something the article missed.
Hard to run executable attachments being a lack-of-feature: no, it IS a feature. 99% of the Windows malware going around depends on users unwittingly running executable attachments. Making it easy for Linux users to suffer the same fate is NOT a feature, and in particular not a desirable one.
Application vs. OS: MS itself is the one that integrated the HTML component into the core OS. And they can't fix it, because things like Windows Help also use that component. If you fix the behavior for e-mail, you break Windows Help. If you leave the behavior available for Windows Help, it's also available in e-mail. This is the price you pay for integration, and it's a high one.
Lately I see this argument coming up a whole lot, saying one common application+os makes a weak enviorment.
This has been known for a while, is definetly a valid point. But is linux really so much less monocolture than windows? and will it be able to keep the diversity it has when the public smartens up and makes the switch?
What percentage of the linux systems in the world run an openssh server, and were volnerable lately? and what would have happened to a worm written to exploite this.
Most systems in linux you have several good alternatives commonly used, but not all. And when creating a system for the masses one of the most important things is to be standard.
You can't expect everybody to learn how to do everything twice!
If linux will ever reach the masses it will have to be a version very similar in behaviou and UI for practicly everyone.
This leads to the dreaded monocolture enviorment.
Me.
While I agree with the gist of his article, there are a couple of obvious problems:
Further, due to the strong community around Linux, new users will receive education and encouragement in areas such as email security that are currently lacking in the Windows world
That's unlikely. As Linux takes over corporate desktops, the users are not going to be joining LUG's or mailing lists. This has been mostly true up to this point, but mass acceptance will change the demographic of the user community to be more like that of Windows.
Further, due to the strong separation between normal users and the privileged root user, our Linux user would have to be running as root to really do any damage to the system. He could damage his /home directory, but that's about it.
It's mind-boggling that this stupid line of reasoning is still used. First, my home directory is the part of the system that I'm most concerned about protecting. Holy shit! That's where my files are. The rest of the OS can be downloaded off the internet or from any CD that I have. But what about the files that I have created? A program destroying my home directory is a far larger problem than a program that mucks up executables or something.
Second, the modern worm/virus on Windows doesn't need any elevated privileges. The whole point is to spread, and there is absolutely nothing about that process that needs or uses any elevated privileges. Being root is not terribly relevant for the modern worm.
With all the lost money and productivity over the last decade caused by countless Microsoft-borne viruses and worms, you'd think the company could have changed its procedures in this area, but no.
And it wouldn't have made a damned bit of difference for the most destructive email worms. Is the author from another planet? I have to wonder.
Do you have ESP?
Is becouse I havent written them yet.
J/K
It is an interesting point that the author inadvertently brings up: As Linux becomes more talerable to the masses, security is likely to suffer. Or, as security suffers, Linux will become more tolerable to the masses.
Most users will point to the new shiny things on their desktop and go 'Looky at what I can do!!'. Security takes a far second even if they are aware of the problem.
Making things hard to do is not the answer. Making things easy to accomplish while maintaining some semblance of security would seem the desirable path. I understand this can be a difficult proposition but trying to leverage the users ignorance to form some sort of security model is just plain counterproductive.
I think this article points out a shortcoming in the Ease Of Use dept. The rest wouldnt appear all that insightfull.
I think you underestimate just how much I just dont care.
No viruses have been written that work under Mac OS X yet. See: http://www.macobserver.com/editorial/2003/08/29.1. shtml
"Reality is just a convenient measure of complexity" -Alvy Ray Smith
I'd rather wipe out my system, and not touch /home than the other way around. I can reinstall most of the system in short order, but my /home directory contains all the important stuff.
.tar.gz, .rpm or .iso files for the download.
Remember, it is the *DATA* that is important, not the programs. There are boxes and boxes of the same program on most computer store shelves -- or tons of
Learning HOW to think is more important than learning WHAT to think.
"Instead of just reading an email (...just reading an email?!?), a Linux user would have to read the email, save the attachment, give the attachment executable permissions, and then run the executable."
And people wonder why Linux isn't sweeping the market. Simplicity sells, and for good reasons. I'm a technophile and I value security, but even I don't want to go through a dozen and a half steps just to open a file that I 'know' to be safe.
The Windows operating systems certainly have their problems - particularly with how certain defaults are set up. However making life more difficult for the end user definitely won't win any support.
It's clear that the author includes worms in his definition of "viruses." The first worm I had ever heard of was the Morris Worm, which most certainly did impact UNIX machines, and was very widespread in terms of percentage of infected machines back in 1988.
I agree with the premise to some degree, but I consider a significant amount of the author's "evidence" to be FUD, distorted or simply wrong.
The good folks at Red Hat have come up with a cool way to avoid some of the problems of monoculture in GNU/Linux: position independent executables. Addresses of code segments can be randomized at load time by the dynamic linker. The result is that common techniques for writing buffer overflow exploits no longer work, because every executable on every server is different. You can no longer insert code into a buffer whose length is not checked and then override the return address to point to it, because you don't know what return address to use. Worms can't spread if this technique is used.
While this technique still doesn't stop people from exploiting cross-site scripting bugs, it's progress.
> the conventional wisdom that if Linux or Mac OS X were as popular as Windows...
The very features which make Linux less vulnerable to virii also insure that it will
never be as popular as Windows.
Try explaining 'chmod' to your mother-in-law.
Here's an interesting rebuttal. The 1st line is "The single biggest security issue facing Linux users at the moment is the misconception perpetuated by highly vocal advocates that Linux is somehow impenetrable to security-based attacks, and in particular, viruses and other malware."
Vote for Pedro
A very interesting article, but the author leaves out one very important point: the difficulty of writing a virus for Linux is much higher than writing one for Windows, so fewer people will do it. It takes much greater skill and effort to screw up a UNIX-based system than a winodws system because of the much clearer distinction between user files and system files. Today, a large percentage of Windows viruses are just slight modifications of others, and there even exist "virus toolkits" to generate viruses without much technical knowledge at all. In short, the "script kiddie" factor of relatively clueless people whipping up viruses based on a few instructions received in IRC is much less under UNIX.
The author does point out, quite correctly, that even if Linux viruses became more widespread, most of them would probably only affect the user space and not currupt the system itself.
i wonder what the commercial applications/implications of this are? any takers?
I suspect that the commercial implications are minimal at least for a year or three. For a start, a lot of IT decision makers, i.e. accountants and people who have been promoted from middle management with little technical ability will still swallow MS's bullshit. They will also buy Server 2003, optimistically believing that it will be cure all the problems of Server 2000 in the same way they believed 2000 would cure the problems of NT.
For an example cop this survey. It apparently shows that Europe's IT directors place consistency higher than security and reliability and the human tendency to submit to fear and one's own insecurity rather than to break ranks and try something new will lead a lot of people who have no real faith in their own abilites to stick with what they know, i.e. Windows, regardless of how shit it may be, how many viruses it catches, how many customer's credit card numbers get stolen etc.. They crave stability even if what they have is flawed, at least they know where the buttons are.
In all honesty, I don't see single OS networks as being a good idea regardless of what your using. There are millions of lines of code in a modern OS and it only takes one cock-up to open a crack through which it can be broken. A lesson in genetics suggests that diversity gives you the best hope of survival when under attack or it can at least slow the attacker as they, or their virus, try to find vulnerabilties in each system.The only way that will be achieved is by opening file formats so that all platforms can exchange data with 100% transparency. This will also create a truly free market causing companies to develop software based on quality, performance, security and reliabilty rather than how pretty the GUI is and how clever this years bunch of graduate marketing twats are. The obvious side effect is the breaking of MS's monopoly and the burgeoning of a new software market that will develop ports and alternatives to existing "industry standard" stuff like AutoCad. Proprietry software companies fear this the most as they will then have to wrestle with real competition.
I still think that Linux, BSD and Mac are inherently more secure and better coded than Windows though. I also suspect the rot is so deeply set into MS stuff (with a 20 year legacy of putty eye candy before security) that they will never sort it out without a ground up rewrite, somthing they will not do unless forced to.
Linux developers on the other hand have given a security a starring role since day one and even though there are bound to be flaws they're fixed in short time by developers who don't spend the first week denying a problem exists. It's free, it does what I need and it's users give a shit. What more can I ask for.
Hmmmmmm..... Deep fried and look like Squirrel.
They are very different beasties and they are handled in very different ways.
A worm is handled by keeping your patches up to date and by NOT RUNNING ANYTHING YOU DON'T NEED.
A virus is handled by NOT RUNNING AS ROOT.
A trojan is handled by EDUCATION.
Microsoft has made the spread of trojans and viruses very easy by automatically running code. Sometimes without the user even knowing that the code has been executed.
A rootkit usually uses an exploit in a running process to install itself. In this fashion, it is similar to a worm. But it does not automatically spread itself to other machines.
Or it could be a hacked version of ls that is executed because someone was dumb enough to have . in their path. In which case it is similar to a trojan.
Different terms to reflect different attacks that are defeated in different ways.
All the patching in the world will not stop a trojan.
The best security on your email program will not matter if you're running a vulnerable version of sendmail.
Only run what you need to run.
Run with the minimum rights necessary.
Don't run unknown code.
Keep your patches current.
Run tripwire or something similar.
Review your logs.
The reason it asks for a password is that an OS X 'administrator' is not root. It's staff. There is no root account by default. You have to enable that purposely. The point is that if you double click something that looks like a picture file and it asks you for your admin password, you KNOW something is up. On Windows, double click and you're dead. If it doesn't ask and you're running as an Admin, it might wipe out /Applications and ~/, but it can't touch /System or any other user's files. If you run as a regular user, then only ~/ can be hosed.
Much of this article represents widely held ideas about modern Unix-like OSes that are either false now, will change in the near future, or are based on 20 year-old ideas about Unix. These seem to stem from the idea that the *nix OS will be installed on a large, multi-user server running many small limited-function tools such as text-based e-mail clients. This is changing. Many of these operating systems are installed on single-user desktops running large, graphical applications such as Evolution and KMail which attempt to be very user friendly.
/home directory, but that's about it."
/home/foo is the single most disastrous thing that can happen.
... On a Windows system, programs installed by a non-Administrative user can still add DLLs and other system files that can be run at a level of permission that damages the system itself."
/usr/lib lately? Over 1500 files in mine at last count, including very few subdirectories and lots of symbolic links. The same for /usr/bin. Or is it /lib? Or /usr/local/lib? Or is it /usr/local/bin? Besides for some accepted practices, most applications dump their libraries in /usr/lib and executables in /usr/bin, but without any organization.
Here are the arguments from the article:
"a Linux user would have to read the email, save the attachment, give the attachment executable permissions, and then run the executable."
The default behavior of *nix mail clients is to save files if instructed, and not executable. However, There isn't anything inherent to *nix which dictates this. A mail client that claims to be more user friendly can also save a file and run it automatically as well. There just hasn't been a popular one in use yet.
"Further, due to the strong separation between normal users and the privileged root user, our Linux user would have to be running as root to really do any damage to the system. He could damage his
The configuration that Linux has been trying to increase its numbers with, and OS X's main configuration is the single user desktop machine with no automatic backups. To the home user, blowing away
"Windows XP, supposed Microsoft's most secure desktop operating system, automatically makes the first named user of the system an Administrator, with the power to do anything he wants to the computer.
Ok, I agree with these points. However, as Linux penetrates the home user market, the limited capabilities of the regular user will be increased. Remember Lindows? I believe (all) user(s) run as root. The author address Lindows near the end of the article, but he dismisses it as an exception rather than the rule. Ask yourself *why* the developers chose this route. It's because they want more home user/desktop penetration. Expect more of these types of decisions to be made in the future.
"Even worse, the collection of files on a Windows system - the operating system, the applications, and the user data - can't be kept apart from each other. Things are intermingled to a degree that makes it unlikely that they will ever be satisfactorily sorted out in any sensibly secure fashion."
Ever look at
"Linux runs on many architectures, not just Intel, and there are many versions of Linux, many packaging systems, and many shells. But most obvious to the end user, Linux mail clients and address books are far from standardized."
Again, as Linux becomes more popular with home users, one or two mail clients (depending on if one or two desktop environments will survive in 5 years) could possibly dominate the market, on possibly one type of architecture, the x86. As well, Linux prides itself on supporting standards, across different applications.
"Microsoft continually links together its software, often not for technical reasons, but instead for marketing or business development reasons"
Here I will agree with the author,
"Posessing a degree in science does not necessarily make one a scientist"
Either that or many of the things that make for a good OS run by tens of millions would lead too a hundred thousand tech support calls for a day were Linux or Unix scaled up.
Each little stumbling block that is beneath the notice of a Linux user translates to thousands of tech calls out in the real world.
People hate to have to learn to jiggle the door handle to get the key to work. They hate to have to hit the TV on the top left side, just and so.
In spite of popular opinion, these OS's have [b]not[/b] been put thru the wringer...
"Has [being a kidnapped teenage girl, raped repeatedly for months] changed you?" - Katie Couric to Elizabeth Smart
Plus, what if everyone magically rolled to Redhat 7.3 when it came out, ditching Windows all together? Since then, we've had two SSH vulnerabilities. Sure, those using Linux applied the necessary patches / updates and we're all safe again... probably within minutes. But "Regular User Guy" won't apply that patch.
Every install of RedHat I've ever done sure as hell doesn't install and run an SSH daemon by default. And if you turn it on, you can turn it off.
Hundreds of posts, and not one Slashdotter has pointed this out: the most recent RPC vulnerabilities are all the proof you need to show why Windows, in its current incarnations, is far less secure than any Linux distro I've ever seen. An unpatched Windows system on the internet can be compromised within minutes, and it's not because there are "oh so many Windows viruses". It's because the RPC service is enabled by default, "run as root" insofar as Windows does that, and YOU CAN'T TURN THE DAMN THING OFF. So even if I'm clueful, don't open email attachments, only use plain text email, never run foreign binaries, I can still get "rooted" trivially.
Show me a Linux distro that does that. Hell, RedHat goes one further and runs IPtables by default for you these days. I'd love to see you try to root my box without being able to connect to it first. With a Windows machine, you as user leave a half-dozen almost unclosable ports open by default.
(Note: I realize that Apache, OpenSSH, and every other server daemon under the sun has known vulnerabilities. But I'm comparing apples to apples here, and Joe Sixpack doesn't often run a webserver off his WindowsXP box).
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
Enabling root is totally non-trivial.
Applications/Utilities/Net Info Manager:
Security >> Enable Root User
Didn't even have to touch the command line or restart or anything. But for the most part you're right about it not being necessary.
In addition...I like the idea of having a pure System directory. For those of you who don't know, as a programmer you never have to touch the System directory in OS X save kernel extensions.
HA HA HA, BeOS has no viruses written for it. But on the other hand it has no other applications written for it either.
You missed the point. While wiping /home would be 'unfortunate' for you, it reduces the virus' spread.
Since this article is about the spread of virii on popular systems, let's concider for the moment how most people use computers. Most people have one computer to themselves. They will set up an account for themselves, and probably their entire family uses that one account. They store a year's worth of data on it, and then a virus comes along. Now, you are saying, well, it's only limited to the one account. For most people, this is everything. The OS can be reinstalled. Everything is reproducable, *except* for the data in the user's home directory. And this is precisely the stuff the virii will delete.
Now, concider the action of spreading. What about being an unpriveleged user stops the spreading of the virii? Blocking of ports below 1024? Doesn't affect sending an email to everyone on the address book.
The guy also talks about how the lack of a dominant monoculture means virii will never spread under linux (despite the argument being that when Linux is dominant, virii still won't spread). Intel vs AMD vs alpha vs MIPS, whether the user uses mozilla or kmail. Well, condider that when Linux is popular, most people will settle on the program that gets set up by default on the default desktop, using the most popular distribution. We don't see a monoculture *today*, because most Linux users use what they prefer, not what comes by default. Oh, and of course, on an Intel box.
10 * 0 = 0
For one thing, the root account is disabled. It is not trivial to enable the root account, and it isn't even necessary.
On the other hand, he doesn't mention that all you have to do is convince someone to enter their Administrator password, and all hell can break loose. I would say you are far more likely to sucessfully socially engineer someone to do that (Check out this wicked screen-saver; you just need to enter your administrator password to install it (a common install procedure)) than to get a *NIX user to run something as root.
Actually linus implemented clone() instead. Please learn.
POSIX is an API. When we say "UNIX" we generally refer to the POSIX API. An API's whole point is to abstract the particulars of an implementation. For example, Perl actually implements fork on windows through the use of independent interpreters runing in a threaded environment. Java, also is an API which facilitates things like graphics and asynchronous file access (strangely similar to UNIX IO selection btw).
To say that GNU's Not Unix with a straight face is to miss the point.
Likewise is to differentiate the implementation details of clone v.s. the front-end API "fork". "clone" is only significant because it allows the kernel to have a single entry point to handle process creation; both threading and forking, differentiated only by a memory mapping flag. Is it any less significant that some primitive implementations of POSIX concepts delegate inter-process pipes as physical temporary files?
Granted lack of full POSIX compliance exists in things such as signal delivery to threads. But it's rare to find a fully POSIX complaint OS.
-Michael
Actually, that's not true. Just about every office application MS releases works as a limited user, but Microsoft has a long list of games that do not work, and several Microsoft published games are listed. Age of Mythology, Asheron's Call, and Microsoft Flight Simulator 2002 to name just a few are part of this list. There's even some non-game software in there that Microsoft creates, such as Microsoft Money 2003 and Works Suite 2001/Picture It Publishing 2001.
More Linux distributions are forcing you to create one, or just tell you that you're stupid not to add one. However, in regards to WinXP, I'd go one step further, and say that the user it prompts you to create should be made a limited user by default, and to encourage the use of runas to do system maintainance. Unfortunately, then we run into another problem. People will forget the administrator password.
I used up all my sick days, so I'm calling in dead.
We run both Windows 2000 and Linux here, but Linux is restricted to development of linux based embedded systems. The view of one IT porffessional I have spoken to is that linux is a vast security hole, his main reasoning being that as the source code of Windows is not publically available, and all the source for linux is easily found, Windows must be intrinsically secure!
It's undeniable that people that don't like having to learn new things and certainly don't like to have to enter root passwords and get their hands dirty. I mean hell, the joke about getting your 7 year old kids to teach adults how to program the VCR is funny purely because so many people can relate to it.
While the workings of consumer electronics can be made transparent to end users, computers are a different entity all together.
My original point is based on the problem that a lot of IT decisions are made by non-technically minded management based on the effect it will have on the company accounts in the current financial year. How many IT people have put educated, well developed ideas forward and had them shot down not for technical reasons but because there's no money. At the same time, the CEO's getting a $/3 million bonus and a new Mercedes. How do you accurately calculate TCO? How much to include for the cost of having to pull in IT staff, on overtime, over the weekend in order to carry out disaster recovery when the latest virus wreaks havoc. What if a virus as prolific as SoBig.F started overwriting hard disk sectors that store drive geometry info forcing whole corporations to fix or replace every HDD in the company. Imagine the chaos. Is it luck that this hasn't happened? Is it on the cards? Who knows, but if it does happen I know the shit will really hit the fan.
All I'm saying is that if you can integrate other OS's into a business it would be a good insurance policy to do so. OK if you use AutoCAD you're more or less stuck with Windows on the desktop because as good as LinuxCAD or others may be there's too much built around AutoCAD for many people to use it as a drop in replacemnt.
On the other hand if your servers are sharing files and printers, delivering e-mail and not a lot else, why the hell are you running Windows. Now that Opengroupware is out even Exchange (the holy grail) may be replaceable and there are Linux server solutions that will fulfill all the requirements of an awful lot of offices. In exchange you get a mail server that is immune to Windows viruses, loads of extra odds and sods that'd cost a fortune on Windows and an extra degree of seperation in the event of an attack.
Support will develop as Linux usage expands. Or why not use a MAC? Known company, good reputation and it ain't Windows giving you many of the benefits of Linux with Apple paid support. BSD, whatever, it's not the OS you use that makes the difference it's removing the uniformity of weaknesses that a network of 100% identical machines on a network gives you.
There really is enough room for more than one OS in the world and at the end of the day, how many SoBIG.F's will it take to cost business the price of supporting it.
Hmmmmmm..... Deep fried and look like Squirrel.
True, but then Linux is not even an operating system, it's the kernel. The entire operating system is really GNU/Linux (or maybe not). Clear as mud?
I personally dont use OE and prefer Linux over Windows, but the points he made in this article are well.....pointless.