Slashdot Mirror

← Back to Stories (view on slashdot.org)

'WannaCry Makes an Easy Case For Linux' (techrepublic.com)

Posted by msmash on from the open-mic dept.

An anonymous reader writes: The thing is, WannaCry isn't the first of its kind. In fact, ransomware has been exploiting Windows vulnerabilities for a while. The first known ransomware attack was called "AIDS Trojan" that infected Windows machines back in 1989. This particular ransomware attack switched the autoexec.bat file. This new file counted the amount of times a machine had been booted; when the machine reached a count of 90, all of the filenames on the C drive were encrypted. Windows, of course, isn't the only platform to have been hit by ransomware. In fact, back in 2015, the LinuxEncoder ransomware was discovered. That bit of malicious code, however, only affected servers running the Magento ecommerce solution. The important question here is this: Have their been any ransomware attacks on the Linux desktop? The answer is no. With that in mind, it's pretty easy to draw the conclusion that now would be a great time to start deploying Linux on the desktop. I can already hear the tired arguments. The primary issue: software. I will counter that argument by saying this: Most software has migrated to either Software as a Service (SaaS) or the cloud. The majority of work people do is via a web browser. Chrome, Firefox, Edge, Safari; with few exceptions, SaaS doesn't care. With that in mind, why would you want your employees and staff using a vulnerable system? [...] Imagine, if you will, you have deployed Linux as a desktop OS for your company and those machines work like champs from the day you set them up to the day the hardware finally fails. Doesn't that sound like a win your company could use? If your employees work primarily with SaaS (through web browsers), then there is zero reason keeping you from making the switch to a more reliable, secure platform.

7 of 411 comments (clear)

  1. This opinion isn't new and is still wrong. by Aequitarum+Custos · · Score: 5, Insightful

    Virus writers will target the largest market portion. If that's Windows, they'll write viruses for Windows. If it's Mac, they'll write viruses for Mac. If it's Linux, they will start writing viruses for Linux. Just because more vulnerabilities in Windows are known, does not mean there are less total in Linux. And short of taking away admin/sudo access from users completely, malware can always social engineer it's way into administrative privileges during an installer or something similar.

    1. Re:This opinion isn't new and is still wrong. by AmiMoJo · · Score: 3, Insightful

      Linux will fall to the same things that Windows does these days.

      - Users conditioned to enter the admin password and click through warning to get that sweet emoji pack

      - Vulnerable applications

      - Zero day attacks and slow updates

      Nothing about the average Linux distro would prevent ransomware attacks, for example. Exploit the browser, get access to the user's files, game over. Yeah, there are more secure distros, but you can lock down Windows too and no-one does.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    2. Re:This opinion isn't new and is still wrong. by Archtech · · Score: 3, Insightful

      Except you're missing the point.

      Actually I think you are missing the point.

      The exploit worked not because of some security lapse at Microsoft, but because the people maintaining the machines didn't lock them down or apply appropriate updates in a timely manner.

      But why do you assume that dozens of "appropriate updates" must be applied every month "in a timely manner"? It's not as if the installed software is decaying in some mysterious way. The patches are needed to prevent exploits that should never have been possible in the first place.

      Security cannot be added on as a bag on the side of a software system - although that is what Microsoft is forever trying to do. Proper security has to be built in right from the start, from the foundations up. But that does cost money and take a lot of extra time and effort.

      Linux can't fix that....

      Of course neither Linux nor BSD nor any other operating system can "fix" the problem 100 percent, completely and forever.

      But that does not mean they can't be a huge improvement.

      --
      I am sure that there are many other solipsists out there.
    3. Re: This opinion isn't new and is still wrong. by Lennie · · Score: 1, Insightful

      If you think the same does not apply to Linux you are kidding yourself.

      --
      New things are always on the horizon
    4. Re: This opinion isn't new and is still wrong. by Daniel+Phillips · · Score: 3, Insightful

      What are you talking about? You can't even fucking ping a windows box with it's default firewall configuration.

      And it's still leaky as a sieve. That speaks to basic design flaws.

      --
      Have you got your LWN subscription yet?
  2. Every... time... by Bizzeh · · Score: 3, Insightful

    Every single time any sort of media coverage comes up about a non-event (didnt affect real users, only affected organisations which delayed the installation of a critical update), fanboys leap on the opertunity to say how much better linux is.

    Linux has its fair share of these, and runs on its fair share of critical infrastructure, and is run by its own fair share of idiots, but it is never really media worthy, because it isnt Windows and it isnt something the general public will relate to.

    Give it a rest...

    --
    portfolio
  3. Re:Count of 90... by matbury6017 · · Score: 3, Insightful

    A few minutes? Don't you remember how long Windows takes to boot up?