'WannaCry Makes an Easy Case For Linux'

An anonymous reader writes: The thing is, WannaCry isn't the first of its kind. In fact, ransomware has been exploiting Windows vulnerabilities for a while. The first known ransomware attack was called "AIDS Trojan" that infected Windows machines back in 1989. This particular ransomware attack switched the autoexec.bat file. This new file counted the amount of times a machine had been booted; when the machine reached a count of 90, all of the filenames on the C drive were encrypted. Windows, of course, isn't the only platform to have been hit by ransomware. In fact, back in 2015, the LinuxEncoder ransomware was discovered. That bit of malicious code, however, only affected servers running the Magento ecommerce solution. The important question here is this: Have their been any ransomware attacks on the Linux desktop? The answer is no. With that in mind, it's pretty easy to draw the conclusion that now would be a great time to start deploying Linux on the desktop. I can already hear the tired arguments. The primary issue: software. I will counter that argument by saying this: Most software has migrated to either Software as a Service (SaaS) or the cloud. The majority of work people do is via a web browser. Chrome, Firefox, Edge, Safari; with few exceptions, SaaS doesn't care. With that in mind, why would you want your employees and staff using a vulnerable system? [...] Imagine, if you will, you have deployed Linux as a desktop OS for your company and those machines work like champs from the day you set them up to the day the hardware finally fails. Doesn't that sound like a win your company could use? If your employees work primarily with SaaS (through web browsers), then there is zero reason keeping you from making the switch to a more reliable, secure platform.

This opinion isn't new and is still wrong.

[Aequitarum+Custos]

Virus writers will target the largest market portion. If that's Windows, they'll write viruses for Windows. If it's Mac, they'll write viruses for Mac. If it's Linux, they will start writing viruses for Linux. Just because more vulnerabilities in Windows are known, does not mean there are less total in Linux. And short of taking away admin/sudo access from users completely, malware can always social engineer it's way into administrative privileges during an installer or something similar.

Re:This opinion isn't new and is still wrong.

[OrangeTide]

Linux has been around enough and is used widely in high-value enterprise servers that it most certainly is attacked by malware, hackers, etc on a regular basis. Much is known about the security of Linux, and multiple vendors work to improve the security of the Linux Operating System and key applications.

Microsoft, Adobe and others have not been doing that great of a job securing Windows and its key applications. And much of the industry that touts that they enhance security on Windows are also trying to sell you virus scanners that significantly impact system performance.

What you fail to understand are two factors at play here:
1. Linux(FreeBSD and Unix in general) have a very different security model than Windows. Unix is a much simpler model and is less flexible, but it is also applied more consistently as a result.
2. Windows is not the top OS in the world in terms of numbers. Virus writers, if they are going only for high-volume attacks, would also aim their sites at Android or iOS as either of those have more installed systems than Windows. And like I said early, Linux dominates the enterprise environment and would theoretically be more valuable of a target to attack than Windows.

Re: This opinion isn't new and is still wrong.

I keep hearing this argument, but every time Microsoft releases another Windows, I am shocked by the security holes I find open. They just don't care enough. With Linux, more eyes on the source exposes more bugs and the security ones often get fixed before the ink dries on the mainstream media post about it.

Plus, older Linux installs are often maintained for security patches far longer than Windows.

Re: This opinion isn't new and is still wrong.

[Anne+Thwacks]

It is not just an issue of "more eyes". If you ignore Canonical, Gnu/Linux is far more stable internally - I specifically say Gnu, because the issue here is userland culture: The Unix/Linux world has enormous motivation to keep reusing the same code over massively diverse hardware as well as application use cases.

The same code gets more thorough testing in the Unix, with more motivation to fix the problems - because people are able to locate and describe problems better.

I know there are still bugs in Linux - hell, I know there are bugs in OpenBSD - but if I report them, they get fixed - sure it can take a year if the impact is only on me. If I phone Microsoft, all I get is a phone bill and a sore ear.

In the BSD world, some of the code really is over 40 years old, and generations of students have tried to hack it - to improve their game scores or college grades. When they succeed, it is fixed.

In Windows, when a new version is released - it probably comes with more new, improved bugs than bug fixes.

Re:This opinion isn't new and is still wrong.

[UnknownSoldier]

> and therefore Linux is NOT going to become the largest market portion any time soon.

Oh really? Try taking off the myopic PC blinders for once.

Google achieved 2 Billion devices with Linux in 9 years what Microsoft WinCE couldn't do even in 20 years

MS may have 96% of the gamer's PC desktop but that ignores all the servers and virtual machines running non-Windows, let alone consoles.

MS is a total joke on the Top 500 super computers.

Since November 2015, no computer on the list runs Windows.

Hell, even 33% of Azure runs Linux

In the OS server space things get fuzzy -- are we talking Web Servers? Database Servers? Email servers? Windows be has high as 33% or 20%-- there are no accurate stats.

Let's recap where Linux dominates:

[x] Mobile: Linux
[x] Super computers: Linux
[x] Servers: Technically *nix, due to BSD and OSX.
[ ] PC Gaming Desktop

The only place Windows has a niche in is PC gaming and XBox -- but desktops aren't the only thing anymore.

In the global space MS is slowly becoming irrelevant next to Android, iOS, PS3/4, Servers, Super computers, and Wii/Switch.

Not bad for an OS that "(free) operating system (just a hobby, won't be big and professional like gnu)"

Re:This opinion isn't new and is still wrong.

[ctilsie242]

The thing about ransomware, it doesn't need to fight with SELinux, nor escalate to root, to cause damage. It just needs enough access to read/write the user's files, which most web browsers provide. Even having an Internet connection isn't needed, since ransomware can bundle a public key with it that it can encrypt an individualized ephemeral private key, then use the public key from that ephemeral keypair to encrypt all files.

Ransomware is part of a perfect storm. So many companies don't bother with security. Individuals don't care or don't bother. With the lack of consumer-tier tape drives and optical drives of a decent capacity, backup drives and cloud-synced storage are easy pickings for deletion. Not many end users really care to use a program like Mozy, Carbonite, or CrashPlan.

Count of 90...

[djbckr]

This new file counted the amount of times a machine had been booted; when the machine reached a count of 90, all of the filenames on the C drive were encrypted.

That should only take a few minutes, right?

Depends on the company, doesn't it?

[gfxguy]

My father runs an accounting business. His tax software is only available on Windows, and not as a service.

I work in a media company. Yes, some have Macs, but most of the software is only available for Windows, so most users must use Windows. Now the other departments could possibly use something like Linux, but then it's another system that needs to be supported (given that we still must support Windows, anyway).

I'm sorry Linux fans (of which I am one... the web servers I set up for work are Linux, and I'm typing this on Linux as my desktop right now), but there's a lot of proprietary software that many companies use that is only available on Windows. Most of it has no serious competition on Linux.