Slashdot Mirror

← Back to Stories (view on slashdot.org)

Viruses and Market Dominance - Myth or Fact?

Posted by simoniker on from the wash-your-hands-first dept.

rocketjam writes "An article at The Register, authored by Scott Granneman of SecurityFocus, examines the conventional wisdom that if Linux or Mac OS X were as popular as Windows, there would be just as many viruses written for those platforms. Mr. Granneman bluntly says this is wrong, then proceeds to detail the fundamental differences between those OS's and Windows which make Windows an easy and inviting target for virus-writers, as opposed to the Unix-based platforms."

16 of 736 comments (clear)

  1. yes, but the effect might be different by civilengineer · · Score: 5, Interesting

    there would be just as many viruses written for those platforms Probably, there would be as many viruses written, or more, but the effect of the viruses would have been different. As to whether the effects would have been not as bad, equal or worse is difficult to answer.

    --

    New year Resolution: Don't change sig this year
    1. Re:yes, but the effect might be different by pebs · · Score: 5, Interesting

      Take a look at this somewhat related article. It looks almost like its a response to reading Slashdot and responding with a troll.

      --
      #!/
    2. Re:yes, but the effect might be different by Xerithane · · Score: 5, Insightful
      It was a really good bit of writing until it started going out on a limb

      I think that was the first sentence:

      On one level, blaming Microsoft for the virus attacks is much like blaming the engineers of the World Trade Center for 911.

      It could be analogous to blaming the engineers if they had painted a big target on sensitive areas of the building, and provided planes a lighted approach for hitting them.

      But, it gets even better:

      Why put all the blame the attacked, and spare the attacker? If someone shoots you, do the police arrest you for not wearing a Kevlar vest? No, they go after the people with the gun.

      When are you notified that you may need a kevlar vest? Again, this would be a more fitting analogy if the person not wearing a vest was in, say.. Iraq 8 months ago and had a US Army emblem stitched on their uniform. If you buy software, I think it's a reasonable expectation that it won't be broken due to negligence. If I purchased a car, I'd be pretty pissed off if I found out the company made it very easy to open it without my keyless entry fob. That's a much more fitting analogy. Analogies suck to argue with, so lets just keep on the real subject:

      It should come as very little surprise that when you have a culture that demonizes Microsoft, largely because they're more successful with Joe Sixpack than your side, that some will go beyond that.

      Yes, this is why we demonize Microsoft. Not because they violate HTTP, SSL, CSS, and countless other standards. Not because they violate business laws, and are sued for it. We demonize them because they attract idiots better than us. I'm glad he cleared that up for me, because I was wondering why I didn't run Windows. It's not just my surprise, Ed has one too:

      It should come as very little surprise that when you have a culture that justifies, even glorifies theft from the big guy, that people start taking from the smaller fry.

      I suppose I'm part of the culture, and I don't glorify nor justify. In fact, I say it's wrong. So do a lot of people. So, again, half-baked claims with no factual backing. Yes, I'm sure several people did say that Half-Life will now have Linux binaries. If any of them said it seriously, I doubt they have the capabilities to build them anyway. Any joke taken out of context can make someone look like a dick. Or a Communist, right Ed?

      "From Each According To His Abilities, To Each According To His Needs"
      Karl Marx said that, and it fits these extremists and their fellow-travellers to a T. Come to think of it, if you asked regular thieves how the world should be, they'd say pretty much the same thing, too.

      I didn't realize that thieves were happy only getting what they need and no more. Perhaps you should ask Microsoft since it's documented that they have stolen a few things. I can definitely see how they take only what they need. Like $40B in cash reserves.

      But when we talk about P2P, that's when Communism really rears it's ugly head. Not Capitalism and market dominance nor supply and demand, which is the very cornerstone of capitalist economics:

      And what's the replacement [to the RIAA], the better world? It sure isn't better for the artists. Call the RIAA and Company slavemasters, but at least slave owners fed and housed their slaves.

      The replacement to the RIAA? I'm not sure, how about CDBaby or the other houses that are opening up? Why are there so many famous artists that loathe the RIAA? How many famous artists have you sat down and talked to about record contracts. I can name one, and he makes more money now touring as a legendary band (from the 60s) than he ever did from his 6 platinum records. Even he wants to get on the internet distribution bandwagon. But,

      --
      Dacels Jewelers can't be trusted.
  2. I see the problem. by Soulfader · · Score: 5, Funny

    "Check out this wicked screensaver!!!! But it um, only runs as root, so you have to su first. Also, chmod and make it executable, please. Thanks!"

  3. Operating System bugs vs Application level bugs by kevin_conaway · · Score: 5, Insightful

    I think Windows systems suffer more from vulnerabilities at the operating system level (possibly because it tried to integrate so many things) than application level (though they do exist). In Unix like environments, it is the opposite. The operating system is generally secure against remote attacks but it is the applications that run on top of the OS that introduce vulnerabilities.

    As long as there is software there will be bugs, no matter where it is run.

  4. Linux Is Getting There, too! by PRES_00 · · Score: 5, Insightful

    Since many Linux distributions are trying hard to get convert desktop users, they are also diminishing the steps required for the launching of an executable virus thus, diminishing security.

    If Linux becomes more popular, media recognition and increasingly "dumbed down" distros will make it a good platform virus writers.

    1. Re:Linux Is Getting There, too! by pla · · Score: 5, Interesting

      If Linux becomes more popular, media recognition and increasingly "dumbed down" distros will make it a good platform virus writers.

      No.

      The very fact that Unix-like OSs have a concept of a "root" account (which the Windows "equivalent", "administrator", does not even come CLOSE to matching in terms of actual separation of permissions), makes it all but invincible to virii.

      Yes, if Linux becomes popular enough for virus authors to target it, we'll see a round of trojans using root exploits - But unlike Windows exploits, very few of these exist to start with, and they will (and do) get fixed within a few hours of discovery.

      Actually, for that reason, I think more Linux virii would help Linux security overall, as it would expose those root exploits faster than we can discover them normally. Yeah, a few boxes would suffer, but the community as a whole would benefit.

  5. Re:Unix-based ... by bladernr · · Score: 5, Insightful
    Linux is not Unix-based.

    I'm not sure if this is a troll or not, but Linux is indeed UNIX-based. It is "inspired by" UNIX (as opposed to having code in common).

    Linux uses all of the old UNIX concepts of fork(), inodes, etc. For non-UNIX inspired systems, see OS/400, VMS, etc. These do not have UNIX primatives.

    As a Linux user, I am proud that Linux is a UNIX derived (at least in spirit) system. It has a base of history, knowledge and experience from which to build. Would starting purely from scratch be better? I hardly think so.

    I learned UNIX programming on SunOS. My SunOS knowledge works just fine on Linux (although not on OS/400 and hardly on Windows... unless you count what little POSIX compliance they barely put in).

    Long live UNIX/Linux!

    --
    Sarcasm and hyperbole are the final refuges for weak minds
  6. Re:What about r00tkits? by demaria · · Score: 5, Insightful

    Rootkits are probably more like a trojan than virus.

    Personally, I consider viruses, worms and trojans to all fall into the same genus. The differences between the three aren't too important and blurry anyways. They are all hostile code that can affect any system.

  7. Windows viruses and GNU/Linux by ciaran_o_riordan · · Score: 5, Insightful

    RMS commented on this issue earlier this year:

    There are several reasons why GNU/Linux has few viruses:

    1. We designed the GNU system, from the outset in 1984, as a multi-user timesharing system with security features. An ordinary user cannot change the system software. Linux, Torvalds' 1991 kernel, followed this design as well.
    2. We did not make the incredibly stupid decision to design applications so that they execute programs that arrive in the mail.
    3. Free software developers seem to do a better job, overall. (This is the point that the Open Source Movement primarily focuses on. For us in the Free Software Movement, this is a nice bonus, but please mention that freedom is even more important.)
    4. GNU/Linux is less popular than Windows and most virus developers target the more common system.

    If everyone switches to GNU/Linux, reason 4 will go away, but not the others. Therefore, people can expect to have much fewer virus problems in a world of GNU/Linux users than then have now with Windows.

    --END-OF-RMS-TEXT--

    --
    Expert in software patents or patent law? Contribute to the ESP wiki!
  8. Forget Windows by mutewinter · · Score: 5, Insightful

    If people just stopped using Outlook and only used plain text email there'd be much less of a security problem... I doubt Gabe over at Valve is going to be using it again any time soon.

  9. "Normal user" by owlstead · · Score: 5, Insightful

    Luckily I've already responded to the author in person before this became /.ed.

    As I've pointed out to the author, being just a "normal user" is enough to let the virus spread and to destroy the "normal" users documents.

    I keep seeing this argument over and over again when talking about system stability. But my system would be next to useless if all my documents and configurations would be gone. Maybe it would be easier to recover from backup instead of a full reinstall, but that would be it.

    Most pc's out there are single user (or single family) computers, instead of the old multi-user mainframes. All the important data are in reach of the virus.

    If I get a response I will let you know...

  10. Re:his worst argument... by Killean · · Score: 5, Insightful

    Yeha, I love this quote:

    Further, due to the strong community around Linux, new users will receive education and encouragement in areas such as email security that are currently lacking in the Windows world, which should help to alleviate any concerns on the part of newbies.

    Yeah right. I garuntee if my Mom started using Linux all she'd be doing the same things she's doing now. You can lead a horse to water but you can't make them check if it's contaminated first...

    --
    My new catch phrase is: "I NEED A NEW CATCH PHRASE, BABY!"
  11. Re:whatever by edwdig · · Score: 5, Insightful

    it isn't the OS's fault, it is outlook and if linux blows up, then "outlook for linux" would be just as vunerable

    Outlook Express isn't removable from Win2k onwards. MS considers it part of the OS. So it is the OS's fault.

    If Linux came with unremovable email clients, then your argument would be valid.

  12. Re:YES and NO... by Sylver+Dragon · · Score: 5, Insightful

    One of the things the author touches on, but fails to grasp fully, is that, part of the reason Linux is not now, and won't be for some time, adopted by Joe Sixpack, is that it is a complex PITA to install and run stuff on. Average people like simple. They want to get an email from George down the hall, with an attachment, click on it and have it run. If this means that they have to login as root all the time, and just give everything execute permissions, they will. The author recognizes that most of the problems exist between the chair and the keyboard, but then gives some nebulous, hand wavy, excuse that, if the world ran Linux, people would be better educated. Bullshit. People are going to be just as lazy, and just as ignorant about computers as they are now, they are going to do those dumb things that get them in trouble now, no matter which OS they are running. Even the added complexity will give way eventually. Someone will realize that they can make money selling a version of Linux that is "easy to use". And people will buy it, because they don't want to deal with the hassle. While I realize this is anethma to the /. crowd, most people don't care about the ability to modify the kernel if they want to (they don't!). They just want that 'puter thingy to show them the screen saver their friend sent them, and if they have to choose between a really secure OS, and one that just does it, they will pick the one that just does it. They will install programs that allow them to just run executables in an email, hell most of them will probably install a mail client that automatically launches executables if they think it will make things even eaiser on them. Face it, most people are scared of computers, and if they have to do anything more complex than launch OE and solitare, they are lost, and the author expects them to change, why? Because the Linux advocates will teach them better, he says this while ignoring the fact that many of us who deal with Windows on a daily basis have been trying rather hard to get people to lock up their Windows boxes a little better, without any success. Heck, my own girlfriend bitches about Mozilla on my machine, because it actually does things like block cookies, pop-ups, and java-script, unless you tell it otherwise. And she's probably a bit better about computers than the average person. Sure, the viruses will be different if/when Linux takes over the desktop (and establishes its own monoculture, probably be either RH or Lindows), but there will always be a security hole in the chair/keyboard interface.

    --
    Necessity is the mother of invention.
    Laziness is the father.
  13. Re:What about r00tkits? by fupeg · · Score: 5, Interesting

    You have been socially engineered by Microsoft to think that such things as one-click installs are necesarry and desirable. You have been brainwashed to believe that "if it's not as easy as possible, then it is too hard."

    Even if you think that one-click installs are necesarry, take a look at MacOS. It allows for one-click installs, but if you the program is going to change OS code/settings, then you are warned about it and prompted for a password (a la sudo.) Of course the MS-programming-kernel that used to be your brain will probably respond that having to put in a password makes the OS "broken" ...

    Imagine some software engineer saying "hey you know what would make things really easy for our users, if we could remotely take control of their computers, install patches/extensions, and optimize some of their hardware settings." There you go. That could make installing/setting up/maintaining complex software so much easier, right? Hey there are some really obvious security implications, but eaiser is always better right?