Slashdot Mirror
New Botnet Dwarfs Storm
ancientribe writes "Storm is no longer the world's largest botnet: Researchers at Damballa have discovered Kraken, a botnet of 400,000 zombies — twice the size of Storm. But even more disturbing is that it has infected machines at 50 of the Fortune 500, and is undetectable in over 80 percent of machines running antivirus software. Kraken appears to be evading detection by a combination of clever obfuscation techniques that hinder its detection and analysis by researchers."
Forbid Windows OSs from running in the USA because it's a defacto tool for terrorism.
How many of those zombies are Linux platforms?
Seven Days with Ubuntu Unity
A few years ago, you saw you were infected by all the popups that apperared out of nowhere. But now, there is no way to tell for sure, is there? Every time my computer does something strange, I'm worried that I might be infected.
"It's too bad that stupidity isn't painful." - Anton LaVey
With an "80%" miss rate by AV tools, It would be very helpful to know what software anti-virus programs do detect Storm and Kraken? So that responsible users can check their PC's.
Just how Kraken is infecting machines is still unclear, but Royal says the malware seems to appear as an image file to the victim. When the victim tries to view the image, the malware is loaded onto his or her machine. "We know the picture... ends in an .exe, which is not shown" to the user, Royal says.
There are still Fortune 500 companies that allow unimpeded outbound SMTP traffic from their general userbase?
"Tell me doctor, with all of your defenses, are there any provisions for an attack by killer bees?"
Maybe if people stopped relying on antivirus and malware detectors alone, and started educating their users and locking down their systems (instead of giving everyone root / local admin rights), we wouldn't have this problem...
Security isn't a technology problem, it's a people problem.
"The firm has seen single Kraken bots sending out up to 500,000 pieces of spam in a day."
So that's why I have been getting so much spam lately.
The biggest one is the one that hasn't been found yet.
Does anyone else find it absolutely aggravating that these stories
1. Never tell you how you know if you're infected, and
2. Never tell you how to clean up your shit if you are.
However, they always give massively generalized statistics on how vulnerable you are!
Thanks, asshats.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
There just aren't enough words.
When your "security" is based entirely on reactive methods and file signatures (like standard AV products), obscurity is extremely effective.
.exe files (oh, and changing the settings to actually show the extension is helpful too), obscurity doesn't work so well.
When your security is based on not giving every user local admin rights, and educating them not to run random
I mean really, this thing would never have started if people could learn to not run Image.exe.
-- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates
This is not security through obscurity.
This is hiding in obscurity.
The program is not secure, it is simply good at hiding itself.
Someone who doesn't notice a 10x or more increase in outbound traffic?
Or, more likely, someone who just does not check the logs.
""We know the picture... ends in an .exe, which is not shown" to the user, Royal says."
.exe it isn't a picture, you shouldn't keep calling it one.
If it ends in
Oh, please. Do you honestly think that if Windows were to vanish off the face of the earth tomorrow all these virus authors and botnet operators would suddenly throw their hands up and say "oh well, guess we'll have to find something else to do?" No, they start working on all the exploits in Linux and OSX. Since important financial data is stored in a user's account on the system there's little to stop someone from grabbing this data once they're in. Destroying the user's system is no longer the goal of an attack you know.
Comment removed based on user account deletion
Well, I don't use mac that often (only via a friend when I visit him...) but I don't think a regular .exe will run on a mac.
The only way I can see it working is if someone runs parrallels with windows and opens the executable there - thus it is technically a "windows machine" that is infected.
No os is totally safe from access - what distinguishes Linux/Unix/BSD and maybe even MACOS from the Windows crowd is what you can do when you have penetrated the firewall/got a mail inside.
With Windows it is easier (for various reasons) to have a program do something illegal - either via user click or automagically - than with the others.
For a hacker it would still be hard to do anything on a Linux/BSD/Unix box without root/admin privileges - maybe stealing info is the worst (via accounts that do not need special privileges to view/access files).
Thus the term "HOW SAFE" needs to be defined before one can argue the strong points of an OS over the other.
For one person ACCESS to the info is a security issue, and for another RUNNING AN UNWANTED PROGRAM (virus/keylogger/trojan/bot) is the issue.
With the first issue I'd say Linux/BSD/Unix is a little safer than Mac which is a little safer than Windows, with the second issue I'd say Linux/BSD/Unix is way safer than the others.
Seven Days with Ubuntu Unity
They can have firewalls, but if they don't monitor them they're not very effective.
The same with intrusion detection systems.
Being a network administrator requires some effort, every day. Not much effort. Particularly if you have some scripting skill. But it still requires some effort.
Last I heard, they were arguing the exact opposite - non-Windows systems are too hard for the government to break into.
And who knows, perhaps Kraken is sending your data to HLS on the side? If I made a government spy virus, I'd disguise it as a spambot too... the signal is lost in the noise.
This, needless to say, could also explain the surprisingly low discovery rate on standard AV tools.
[/tinfoil hat]
AntiVirus software has been relatively useless for the past few years. They charge extra just to detect basic "non virus malware" and they still dont detect the REAL threats!
AV vendors ought to be ashamed of themselves. Even more so, the customers should be ashamed of themselves for continuing to pay for a program that doesnt REALLY protect them.
We MUST move away from definition-based "protection" and move to behavioral-based protection. Unfortunately there's only one major player who's trying to do that. That is Microsoft, with Vista's User Account Control. Unfortunately, that is also the feature that people dislike about Vista, and way too many people turn it off.
It's funny how badly people hate the tools need to protect a PC.
yes actually.
Viriuses and bots are Incredibly easy to get installed and infected on a PC. It's brain dead easy.
It's far harder to get a linux or OSX or BSD infection going as you trigger the "you are trying to install "XXXX" enter your admin information to allow this to install for applications that are going to get it's hooks in the system. all other applications ca reside in a location that is safer and installable by the user only. and YES you can do this in linux, a user can download compile and run or even install an app to the user directory and use it just fine.
all OSX users I know dont simply click yes to everything because the software makers have 1/2 a brain for those platforms. windows apps all think they need to shove crap all over the pc. and therefore pc users are usedto having even a fricking mp3 playing app shoving thing in the windows system directory, changing the registry, etc...
stop that stupid behavior (return to farking ini files in the app directory instead of the incredibly stupid registry) and stop installing 65,000 random dll's in the system directories.
Do not look at laser with remaining good eye.
Do you honestly think that if Windows were to vanish off the face of the earth tomorrow all these virus authors and botnet operators would suddenly throw their hands up and say "oh well, guess we'll have to find something else to do?"
Well done, you've managed to switch the argument from the factual to the hypothetical.
This is the standard debate tactic in this situation. Get everyone tangled in debating the possibility of potential but non-existant Mac and Linux malware, judging its likelihood against factual and vastly damaging Windows viruses, worms and botnets.
Just acquit Microsoft of all culpability for poor and short-sighted decisions, incurring costs in the billions, for millions of users, by saying, "eh, it was inevitable."
#define struct union
It's the difference between "this platform is inherently more secure" and "this platform is safer because it's not targeted as much." Apple's market share is rising--if it gets too high, it will likely become the target of malware authors.
You're not right. There's nothing preventing any user from setting up executables directly in his home directory; hell, back in my shell account days, I must have had the equivalent of a pretty good-sized unix system in ~/bin, ~/usr and ~/var.
Your solution simply does not address the dancing bunnies problem.
Beware the Botnet Dwarfs!
Users need no special permissions to run executables, and for most people, rm -rf $HOME would be as disastrous as rm -rf /. If we're talking about malware, it's trivial to get a user program to run on login without administrative privileges.
The only viable long-term solution is to put email clients, web browsers, and other sensitive programs each in their own separated, limited environments to contain any damage. The approach works for network servers; why not for clients?
FTA: "The primary C&C servers are hosted in France, Russia, and the U.S., according to Damballa."
The new Axis of Evil?
you are correct, but it is EASY to configure linux to ignore .bash_profile or .xinitrc or others and only use system safe ones or even change ownership of those file to root and only allow changes in them when doing config changes.
yes the hole of allowing SUDO for 5 minutes after is there but that also can easily be configured to work differently and require it at every turn.
I personally think that most problems stem from Microsoft dumbing down the OS and refusing to change. hiding the file extension is the single most stupid thing in the world to do. Yet they still refuse to disable that giant security hole.
Do not look at laser with remaining good eye.
The root problem and why this guy shifted the argument is that, quite frankly, Linux users need to stop wearing the OS as a badge and rubbing it in. Yes, we get it. Linux is so vastly superior to Windows, OSX is so vastly superior to everything ever and Microsoft made some very dumb mistakes in the entire structure of their OS - but at least windows users don't need to recompile source code to get raid cards to work. Do you guys see how ridiculous all of this is?
I know a lot of you understand how every single bit works in that OS but a lot of people don't, and it's irritating to have the fact being rubbed in all the time. Oh wow, we've heard for the 3 millionth time that Windows is inferior in security once again. Not much people can do about it when it's an industry standard for like 90% of everything in history. It's a pity, I agree. But it's fact.
All of your suggestions differ significantly from the default configuration. It's pretty easy to tell Windows to show the real file extension. It's easy to create a new user on your Windows box, and it's easy to only log in as that user. It's easy to install software in this way (right-click, run as.)
Only we're talking about normal users here. Users who aren't going to go to these lengths to protect themselves and their computers. Nor are they going to modify the default behavior of their Linux computers, if we were to set them in front of one. We're talking about users who don't even realize that these are good things to do, so why do you expect them to do them?
serious question:
most folks don't send more than 50 mails a day (number pulled out of a** and is for illustration only)
so how about this ISP anti-spam approach:
1) if a user sends more than 350 emails in a week, or more than 100 emails in a day, the ISP emails the user with a 'do you have a zombie' email.
this would list the subjects & initial contents of emails sent.
user could either reply 'yup, I send a lot of email please bump me up to a higher trigger level' or 'please help me fix this - I'm not really a viagra salesman'
x days/emails after the warning, the ISP could start blocking stuff if there was no response to their warning mail.
This would give people a chance to know if their machine was infected (I think mine is clean - but I certainly don't monitor outgoing smtp traffic) and generally provide a service to all at little inconvenence.
Would this be bad ??? Is it really hard to spot a zombie PC that is sending spam out through your network?
VLC Remote for iPhone and Android
Or, maybe, countries trying to move forward too fast and without watching their step. How many people here know/work in a company where IT doesn't get the budget it needs for proper network defense?
You are in a maze of little twisting passages, all different.
By that reasoning, there should be a proportional amount of viruses/worms/trojans for Linux and OS X. If 5% of desktop computers are Unix (OS X is Unix) or Linux , then 5% of the viruses should affect Unix or Linux. Somehow I don't see that. The reason that so much malware exists on Windows is that the Windows architecture makes it so easy to do. Linux and Unix makes it harder to do.
Well, there's spam egg sausage and spam, that's not got much spam in it.
Once upon a time, there was a city where most people lived in tents. Most were made of ripstop nylon, but there were some made of canvas, blue tarps, and some were basically old garbage bags.
Obviously, tents aren't that secure. Most people didn't bother to even try to secure the flaps on their tents, some bought and installed luggage padlocks to secure the zippers, but even those were only a slight hinderance in this city that relied mostly upon trust and goodwill. All an intruder needed was a knife to slash a hole in the fabric or a stitch-puller to intrude on others' tents, for the purpose of mischief, hiding radios that only broadcast advertisements, stealing information, and the like. Some even set-up shop in other folks' tents, posting advertising and selling goods and services, simply not caring about the actual owners' wishes.
There weren't only tents in the city. Some people did live in wooden or stone shacks, and a few of the tent-dwellers even modified their tents into reinforced shanties with sheets of metal and plywood. They were largely ignored by the criminal element, simply because the time and effort it took to break into one reinforced tent or shack, they could break-into several tents and accomplish the same ends. Given that the overwhelming number of ne'er-do-wells in this city only possessed pocketknives, they lacked the means to break into the stronger structures, and typically had to resort to tricking the residents of those structures into leaving the doors ajar.
Windows has two critical traits that cause it to be such a problem on the internet: it's easily compromised and extremely popular. If either factor wasn't in its favor, the problem probably wouldn't be quite as serious, but Windows just hasn't developed appropriately for use in a multiuser, networked computing environment. The same rules that apply when you're camping in the wilderness when you're isolated become absurd when you're building a shelter when there are other people, including criminal elements, in close proximity.
To the question you pose, I think the answer is probably going to turn out to be, "Actually, yes". The overwhelming majority of current exploits are against pathetic Windows security, where there is little separation between the outside vs. inside, and no compartmentalization on the inside to limit the damage. There will still be some level of crime and confidence games in communities that have greater individual security, but the casual and inexperienced criminals wouldn't have the sort of free reign they enjoy when it takes little skill or knowledge to accomplish their goals. Would an internet dominated by Linux and OS X still have machines compromised into zombies on botnets? Of course, they're still maintained by humans who don't all care about security and fall for tricks. But it wouldn't be anywhere near on this magnitude.
... and God just builds a better idiot.
A great deal of the problem here isn't necessarily Windows, it's the people who use it. In an attempt to make its operating system easier for the idiot to use, Microsoft has added "features" that increase the vulnerability as well, particularly the "I'm-ok-you're-ok-can't-we-all-just-get-along-and- share-our-deepest-darkest-secrets" design philosophy that's behind so much of the Windows experience.
But the vast majority of Unwashed Humanity shouldn't even be using a *light switch*, nevermind a computer! Even otherwise very intelligent people are so completely clueless when it comes to things that come to them in email and on web sites. I swear, if I sent out an email asking people to cut out their large intestine and email me a scan of its contents, most of them would happily do it, and thank me for the privilege.
I tell my family to follow two rules:
1. Everything you read on the internet and in email is a complete and utter lie from someone you do not know, which will steal all your money, rot your brain, and leave you (male or female) with an unwanted love child. You should completely delete all email before reading.
2. See Rule #1.
Microsoft advocates Trustworthy Computing. I recommend Paranoid Computing instead, because *nobody* can be trusted!
"My country, right or wrong; if right, to be kept right; and if wrong, to be set right." --Senator Carl Schurz (1872)
Blast! Foiled again!
Execute? [Y/N] _
I think that the biggest problem is that people don't distinguish between "secure" and "safer." I alluded to this in my post.
The second biggest problem is that people don't define what "secure" really means. In the context of trojan horses, it mostly means that the rest of the system is safe, even if the user account is wholly compromised. This is important, because it will be much easier to clean up the infection from a super-user account if the trojan can't use rootkit-like behavior to hide itself. In short, anti-virus running as root will have an easier time finding malware that isn't running as root. In this specific context, an operating system which (by default) runs as administrator is going to be less secure; however this has more to do with configuration and less to do with architecture, which is where a lot of people try to define security.
There are other contexts that you can look at, though. In most distributions of Linux, software updates are handled somewhat automatically for all software on the system. While this could be a security concern, in most cases, it's a boon to security. Did someone find a bug in Firefox? Ubuntu's daily security check will find it and ask you to install the new version. Bug in libc? Same thing. Since most software on the system will be updated in this way, security updates are more likely to be applied, and the system will, in general, be less susceptible to exploits.
Of course, all of this assumes classical malware that expects to be run as administrator. There's no particular reason that malware couldn't be written to be hard to detect from the user-account, and which waits until it can sniff a password or execute privileged code within a password-less sudo context. Malware also can do a lot of damage without hiding itself, and before the user becomes aware of its existence. This applies to just about any platform (indeed, any platform where the user is allowed to execute arbitrary code.)
I find it easier to believe that that antivirus tools just suck.
I read the internet for the articles.
Instead of filtering torrents, your local ISP should be redirecting their deep packet inspection efforts on thwarting spambots. Regardless how deep it is buried in your OS, at some point it is going to have to announce its presence when it starts spewing spam. With >90% of the internet being choked up with spam, shouldn't ISPs worry about spambots rather than P2P? If spam is detected, a friendly email could be sent back to the source indicating that your PC is likely infected with malware.
Also, if more people ( not everybody ) switched to alternative operating systems such as Macs and Linux, (preferrably different distros) it would be much harder for malware to propogate, as they would have to split their efforts at hiding in many different targets and spreading between incompatible systems.
My rights don't need management.
And _I_ consider the existence of antivirus tools to imply an OS that just sucks.
Let us not become the evil that we deplore.
This will never stop with the current security model. Attacks like this work just as well on the other major operating systems. Let's move away from reactive security and fix the root cause.
BitFrost (see http://wiki.laptop.org/go/OLPC_Bitfrost [laptop.org]) is the set of security mechanisms present in the OLPC.
Though I certainly wouldn't care to summarize the entire thing, here's what it comes down to.
User programs don't automatically get the running user's full rights. A calculator has no reason to delete your documents, so why should it be able to? And without your knowledge to boot. On the OLPCs, documents are kept in a special storage area. It isn't a matter of owner read access. In general, for a program to get a user's file poofed in to its chroot sandbox, it has to ask the document service (which presents a consistent dialog). Further, a text editor doesn't need to access the network. The user can access the network, but his or her programs can only do so if explicitly allowed to (various such rights are set at install time, configurable later). Certain combinations of program rights are disallowed at install time (such as both network access and webcam access) but can be enabled later. Plus a lot more.
Sudo/UAC sound nice and all until you realize that programs and users are separate entities.
Yes, there's a lot to learn from the OLPC project. It's designed to be used (safely) by computer-illiterate children who can't (or can scarcely) read. If you think that sounds like a good description of computer users in general, then you're absolutely right. Security as seen in *nix and Windows makes perfect sense for protecting users from each other. That was the goal back in the day. The people with access to a server were supposed to have a general idea of what they were doing (entirely on them if they didn't), and in that case *nix security works well. But computers have gotten more personal, and that assumption is now blatantly false. Anyone thinkng that Windows security problems stop at buffer overflows, or that Linux on the desktop will change anything, is a fool.
"Strangers have the best candy" -Me
I believe that the contest ended when two of the three machines were cracked, so no.
So here's my full disclosure: I really like the design of OS X. I like it more than just about any Linux window manager that I've tried, and it's simply leaps and bounds beyond Windows Vista. I point this out so that any bias may be evident in what I'm about to say.
It's pretty likely that the Macbook Air was targeted because it's a more desirable computer. If I was going to participate in a hacking contest where I got to keep the computer I hacked, I'd go for the Mac first every time. Moreover, because of the perception of OS X as being so secure, there's a certain amount of prestige associated with hacking one. A couple of years ago, David Maynor hacked a Mac (instead of other operating systems which were equally vulnerable to similar exploits) for just this reason.
This competition did not show which OS was more secure--it showed which OS was hacked first. There's not necessarily a direct correlation with security, here. Scientific tests would look at things like how much time it took to actually hack the machine, not how much time from the start of the competition elapsed before the machine was hacked.
If it's truly undetectable, how would you know what percentage of cases were undetectable? Surely, be definition, you couldn't tell?
In other news, most women think I'm damn sexy. It's just undetectable in 99% of cases. But I'm sure they do!
The thing is, I hear this all the time.
.bash_profile (and a thousand other ones), and you can configure/fix them out of existence. But to get all of them pretty much means stopping someone from using their computer.
If someone says "Windows is insecure", I hear "Yeah, damn right. Stupid n00bs and its all Bill Gates fault, stupid people".
If someone says "Linux is insec.." I hear "lalalalalala. I can't hear you. lalalalalala".
The problem is about usage patterns of the OS. Put the same person in front of any OS and they will get infected the same way they always did. As someone mentioned, bots generally send spam or steal financial info - well, there's nothing stopping this from happening in any app. Either you restrict users from doing things they consider normal (like downloading gadgets and toys, and opening their own files) or you have to accept that they will get infected, no matter which OS they use.
Sure, there are technical, tricky issues with
The answer is to educate users about security, which would be an ongoing task forever (as new exploits are discovered, new attack vectors invented). Or to try and fix the damage an infected machine can do. Eg. why aren't the defaults for emailing set to only allow 1 per minute, or why doesn't the software pop a dialog every time an email is sent? If either of these were implemented at a point closer to the network (rather than the user application) then we'd get significantly less spam from infected PCs.
Of course, its tricky to do. A firewall could do it, but they tend to be focussed on on-demand access - ie, it'll pop a message everytime an app wants to use the network, and you end up with people turning the messages off.
Hiding the file extension - meaningless from a security viewpoint. Users still download SmileyCentral icon packs and explicitly install them.
I assume that I found the correct contest, it fits the description.
They did however get the Vista box, by exploiting a flaw in Flash (from the same article). Both successful cracks was only achieved after the rules had been relaxed to allow exploits by "tricking" the judges into clicking on links to malicious web pages created by the contestants.
On the first day only direct attacks over the network was allowed, and all OSes survived that.
Are you a grammar Nazi? I'm trying to improve my English; please correct my errors!
Well, since all applications in OSX (and BSD, and most true Unix variants) need to list themselves in various tables, be individually identifyable to the OS, and have strict limits on what APIs they can access from what kind of memory space (and what kind of memory space they can occupy), the issue is not that they don't target macs because it's used less, but because they TRY, and noone can find a way to get a virus into a mac that doesn't say "Hi, I'm a virus, and I'd like permission from the kernel to run. Please enter your keychain password so I can add myself to your active applications list and take up a spot in your launch tray. Don't mind me!"
They'll target Apple all they want, but if there's a virus in a Mac, it will be incredibly easy to spot and remove. Getting it in there can't be by accident either, it has to come from a very complicated set of tricks, and must involve users actually permitting the infection. Macs are the target of Phishing all day long, but that's not an issue of securing the OS, it's about educating the user. Airbags don't prevent you from hitting a tree if you're asleep at the wheel...
There is no contest in life for which the unprepared have the advantage.
Well, at least you have an opinion. It's really the mark of users that plain suck. Give all those same users who click on everything and anything that sounds vaguely interesting a nice, shiny new Ubuntu machine - ALL of the users mind you - so replace most people's Windows machines. See how long it takes those same people to be rooted. Now what will you complain about? Their sucky OS? Or their lack of ability to treat their computing resources as carefully as they SHOULD be treating their government ID's such as SSN's in the US and bank info, etc.? It's the users - not the OS.
Actually while I don't totally buy this (Windows gets a lot of "drive by" infections) you do make a compelling point. Even a "secure OS" cannot help if the users is willing to type their admin password at anything that asks for it.
Of course, you could make code show what it will do upfront ("This program will create files in your home directory, but won't open any network ports, or modify any files it didn't create"). This is something that could be done (I think Microsoft's "managed code" is a valid template for this approach). But the UI is really hard to nail, and the user must still read and understand what's being proposed. Consider: "This program will modify system files and read any files on the system, and open network connections both on the local zone and the Internet", does the average user allow that to run? Perhaps not, but what if it's pron?! Seriously, though - can an OS be secure, if it's users don't make rational choices?
Still, I'm not running Windows here...
chown root.root
What part of the above is a Significant change? it's easier to do than setting windows to show file extensions. Funniest thing I heard all day!!
Try getting an average user to use a CLI and see why for yourself.
Yes, it's true. There is AV software for Linux systems. It is for mail servers that serve Windows clients. Read the documentation, it's in there. Thanks for playing, though ;-)
Let us not become the evil that we deplore.
"Seriously, though - can an OS be secure, if it's users don't make rational choices?"
You can make system files immutable in Linux with chattr, an immutable file may not be overwritten by root unless chattr is first run, to remove the immutable flag.
furthermore, you can during install, use chattr to set files immutable, and then set user:owner of chattr to user chattr and set permissions to only allow user chattr to read or execute chattr as well as making chattr immutable so root can't replace it.
So yes, you can idiot proof a Linux system. Even if they still have sudo permissions so they can install new programs.
the basic point of this would be to have some type of chrontab based scanner, a remote administrator (eg: the guy who set it up for mr. i love porn and am stupid) and basically is mr idiot isntalls bad software mr remote admin can remove it, and make fake files in his owner/user group so that mr idiot can't install it again (although without access to chattr it might be hard to prevent mr idiot to find out how to use sudo to delete those files when he asks on a message board how to get around this 'error' when he tries to install software etc..)
although it's SO much easier to just not give Mr idiot sudo permissions and allow mr remote administrator approve any software Mr idiot wants on his system. the point was can linux be idiot proofed, and yes it can, in many functional ways.
https://www.gnu.org/philosophy/free-sw.html
Well, at least you have an opinion. It's really the mark of users that plain suck.
I really wish this was the case, but OS vendors could do much much, much more to make their systems secure by default. As for the metric that users suck, sure they do. Last I read, however, compromises that had no user interaction were still responsible for more incidences than ones that have a user interaction component, There are a lot more trojans out there than worms that compromise machines silently, but the latter hit a lot more machines at a time and more often.
Give all those same users who click on everything and anything that sounds vaguely interesting a nice, shiny new Ubuntu machine - ALL of the users mind you - so replace most people's Windows machines. See how long it takes those same people to be rooted.
Actually, they would probably last a lot longer. The truth is, Linux is attacked less by automated worms so most users would fare better. It is not that Ubuntu is really much better for security than Windows (it is better in some ways, worse in others) but there is one big thing Ubuntu has going for it. Canonical does not have monopoly influence on the desktop OS market.
Ubuntu currently has security that is appropriate to the threat posed by malware attacking it. Regardless if that security is currently better or worse than Windows, there is no reason to think Ubuntu would not continue to provide whatever level of security is desired by users. You see, Canonical sells services based around Ubuntu. Most of the contributors to Linux are users (either on a large or small scale) or are hired by users. If Canonical does not provide them with the security they want, they can and will go elsewhere. There are lots of Linux distros and companies selling services based upon it. In a worst case, Linux can fork to provide users what they need. Basically, is comes down to motivation. If Ubuntu is not good enough, Canonical loses money; ergo, Canonical will invest in security improvements so they can make more money.
When Windows does not provide the appropriate level of security to make the average user happy, Microsoft does not lose significant money. In fact, in many cases machines are slowed down by malware such that the user does switch to a new vendor. The problem is, they switch computer vendors (from Dell to Lenovo for example) and Microsoft actually gets an extra sale out of it. Usually the influence MS wields in the desktop OS market makes switching to another OS vendor impractical or uneconomical, especially given MS's ability to break interoperability with other OS's and lock in user's via their data, applications, etc.
Now what will you complain about? Their sucky OS?
It is not even that Windows sucks on technical merits. They suck because they are the biggest target and they don't care. When I go down to the bar, I don't wear a bulletproof vest of any sort. When I browse the internet from a Mac or Linux machine I don't bother with sandboxing my browser or running it in a VM that resets every time I use it, or even running antivirus software scans. I don't need to. If, I take a business trip to Baghdad, I'll probably wear a vest. Most people would not think to do so. For someone at a tourist bureau in Baghdad to try to persuade people that Baghdad is a more secure place than Minneapolis is absurd. For them to argue that there are more troops protecting you in Baghdad than in Minneapolis is beside the point. For them to argue their are concrete emplacements and checkpoints to catch "bad guys" is likewise beside the point. The measures in place are insufficient to deal with the level of threat presented. This is true for Baghdad and Windows.
And to answer your second question, if Ubuntu were regularly compromised in daily use, yeah I'd argue its security sucks. There is a lot of work that can be done to make every OS more secure for users, but for the most part only Windows has a big problem for normal
When you write code for the mac and compile it, the COMPILER inserts the code that allows it to integrate into the OS, with the exception of code that runs in protected memory spaces. Yes, you can write a simple app and run it, but getting that app to access system level resources, protocols, APIs, and data from other applications requires SPECIFIC code and tight controls, and it's the OS that handles those interactions, not application to application as can happen in Windows OS. The OS kernel has all the power in Mac OS X. Nothing can happen without it's permission. Executing simple code inside protected memory is allways permitted. That code attmepting to access anything else, allways denied, unless it follwes specific rules. Viruses can't follow those rules and still be considered viruses.
In OS X, file system access is controlled by the kernel. The things viruses do in Wondpws to avoid deletion violate kernel rules in unix. Rootkits can only be created in OS X by an application launched with root permission by a usewr logged in as root. Since in OS X you can't log in as root, you can only su- to root, and even that can only be done at the comand line, this means nothing in an e-mail or web page could ever get that permission. The user would have to dowload the application(virus) and run it, then grant it that permission by entering their keychain. Mac users know the keychain is a very precious thing, and should not every be requested to use it on a web page or e-mail, it;s reserved for key system level changes and for installing programs. e-mail doens't do that...
Windows does not have this level of protection, or obviousness of malicious activity. Since e-mail can open a web page that activates an active-x or java script, and those scripts can edit registry permissions when logged in as admin and then further allow disk activity with those changes, a user running as the default login can't protect themselevs from this type of action without 3rd party integrated software that does what the OS should have done all by itself from day 1.
There is no contest in life for which the unprepared have the advantage.
Nothing will happen; the OS will stop it. How? By the trivial means of not allowing downloaded files to be executed unless I explicitly edit their permissions to turn on the execute bit.
Yes, this really would help. Mere double-clicking can be done reflexively. But more complex instructions like "save this to your filesystem, then open a terminal window and type 'chmod +x free_porn.sh', and then double-click it for free porn!" gives your victim just that little bit longer to realise that they're being conned. Is it 100% secure? No, of course it isn't. Is it more secure than an OS that will blindly execute anything that has a filename ending
I just want to say that this is one of the most interesting comments I've seen on Slashdot. Not because it is well-written (it is), but because I learnt something from it, which is too rare on Slashdot. I'm not a Linux zealot (though I use it exclusively at home now) and am bracing myself for when it does become a popular target for widespread attack. This is an argument about Linux security that I've read that really addresses it which I hadn't heard before. The "thousand eyes" principle may provide another security advantage over Windows, but I don't know. This point however, is very well argued. Thank you.
H.
Aide-toi, le Ciel t'aidera - Jeanne D'Arc.
Don't underestimate me.. I've performed WAY more complex operations than that in order to obtain free porn.
It also guarantees that no regular-Joe home users will ever use that OS because they don't want to have to change permissions on every shitty time-waster game they download from the internet.
btw, you can actually make a nice secure user 'chattr' who is not root and have a fairly secure password length for when the Mr remote admin needs to use chattr to install updates, etc. just make sure Mr Idiot is safely logged out when doing the updates.
thought if this after i posted, although technically Mr idiot can "sudo su chattr" if he's a sudoer unless, you require all user chattr logins to shhd. not sure off hand how to do that on Linux, more used to how to do that on BSD systems.
https://www.gnu.org/philosophy/free-sw.html
Your argument here is interesting because of two points. First, generally restricting new programs so that they cannot do anything they want. The second and more focused point is preventing installers from writing files here there and everywhere. I think default ACLs to restrict programs are going to be very important to the future of computing. Keeping programs contained within a given part of the filesystem is also useful and I'd argue an approach that does well in this regard is the application packages used on OS X. It is a win in that it removes the need for installers in most cases (drag and drop beats running random code) and provides a folder where all an applications files can be stored. It allows applications to write to specific other locations, but just config files, not binaries and there are advantages to storing the config files outside the package.
This is something that could be done (I think Microsoft's "managed code" is a valid template for this approach). But the UI is really hard to nail, and the user must still read and understand what's being proposed.I agree with this although I'd make a few points. MS's UI is a travesty. It is not just poor, but it makes the same UI mistake people have been complaining about for years. The "OK/Cancel flaw" has been well documented and explained by numerous experts. MS has little excuse for doing it all over again. Second, I think if you get to the point of asking users to authorize or deny specific activities it should only be as a last resort after several other passes that attempt to resolve the issue.
Consider: "This program will modify system files and read any files on the system, and open network connections both on the local zone and the Internet", does the average user allow that to run? Perhaps not, but what if it's pron?!Has your OS certified this software is from a specific vendor? Has your antivirus provider certified this software as specifically safe or unsafe? Given that it is uncertified software from somewhere unknown I think it is very important to give the user good options. Don't give them buttons that say: (OK)(Cancel). Give them buttons that say: (Allow program_name to run, but restrict access)(Don't allow program_name to run)(Allow program_name to run and have complete control of the computer)(Advanced options). If they click the first option try running the software without letting it touch the network of system files and see what happens. If that fails automatically run it, but give it access to dummy files and network access. If that too fails, let it run in a clean VM with a bridge to the network (while watching that VM/network for potentially malicious behavior like running a mail server that sends a lot of traffic).
Seriously, though - can an OS be secure, if it's users don't make rational choices?I think the key is to give the users good choices and only as a last resort after automated work by the experts has failed. Never give users cryptic choices. You have to avoid training users into thinking allowing access to programs equates to programs working. Right now clicking "OK" for most users is a conditioned response that people do like putting gas in a car. You click "OK" all the time to keep your computer running stuff. That association needs to be broken. Granting access should be a separate issue to whether or not a program will run. A user can validly want to run a program so they can look at porn, but still not trust that program. A secure OS should let them run it, but still not trust it. Let it connect to he internet and access a dummy address book file and take control of a dummy Webcam and install a keystroke logger in the VM and send that useless data to some third party. Then, the user can look at their porn and still be secure as much as possible.