Well, you have to consider also that, Internet Explorer having somewhere in the range of 90% market share as opposed to under 7% market share for Mozilla, about 13 times as many vulnerabilities would logically be found... (and only about 5 times as many are)
No.... that's only "logical" if there is no such thing as "security", just "marketshare".
By your logic, a program written by a first year student who didn't pay any attention to any security would have as many flaws discovered as a program written by an expert who tested for vulnerabilities....
As long as both of them had the same number of users.
In other words, the flaws aren't errors in code writing, the flaws magically spaw when a certain number of people use it.
realworld manager: "great now make it work for joe in accounting. he's spent the last 2 hours tring to find his 'a' drive."
Just double click on the floppy drive icon on the desktop.
it's all well and good that linux is technically better (which is a point other people are making about pc-dos being technically worse than alternatives) but if it is a pain in the ass to implement for the average user it likely won't hit the desktop in a big way.
That's a big "if" now-a-days.
Aside from running specific apps that haven't been ported to Linux yet, name anything that Windows can do that Linux cannot.
Linux is quickly taking over the server market segment so SOMEONE has to like the Linux approach.
I'm typeing this on Ubuntu and Windows is behind on ease of use.
Surprise! Linux both technically better AND easier to use now.
Remember, it's easier to make a stable and secure platform easy to use than it is to make an unstable/insecure platform stable and secure, no matter how easy it is for the end user to use.
Linux will take the server market first.
Then it will take the corporate/government desktop.
Only then will it take the home user desktop (if such still exists then).
This is the attitude that is going to prevent that from ever happening.
Huh? How?
I wish the movers and shakers in the Linux world would decide to focus on a subset of the OS market, and do it well, instead of trying to do everything and losing focus of good engineering practices...
Are you saying that they have lost "focus of good engineering practices"?
Strange, Linux seems to be rock solid.
And it runs on everything from a wristwatch to a mainframe.
It seems as if they have the engineering practices under control.
As for focusing on "a subset", why?
Won't the stability needed for a server be a good feature in a workstation?
Won't the plethora of devices on a workstation give you more flexibility in choosing a server (ATA, SATA, SCSI, etc).
Won't the real-time features necessary for certain segments be nice with workstation audio playback?
Would you use an ATM that didn't require a PIN (or, for that matter, a card)? Suppose you could just walk up to it, enter your name, and withdraw money from your account. Simple, and much less chance of error, right?
I don't know. Entering a name is harder than entering 4 numbers and a card.
It would result in fewer errors if people could just get money from the cash machine without entering any info or carrying any cards, right?
Yeah, I know.:D
You make excellent points but you did leave off one item.
User interface testing. We can test the system BEFORE the elections and work out the worst "bugs". We can use the dumbest people we can round up.
We can put together fully interactive context-sensitive help systems (voice/video/help screens).
We can make a system so easy that a 10 year old could use it (and we should be TESTING it with those 10 year olds).
What amazes me is that people realize that a bad guy would go to considerable length to be able to filch a few hundred dollars out of their bank accounts, or even to wrest control of some third world bannana republic, but very few people accept that somebody might want to exercise undue influence over the richest and most powerful nation in the world.
Are you ready for the real kicker?
Why isn't there a FEDERAL agency overseeing this issue? Where are the FEDERAL agents to review the code and hardware?
Vote for me! My first act will be to establish a FEDERAL department for electronic voting with completely Open Source software and open standards for hardware.
I'll make it so easy for every person in the US to vote me out of office.
I'll put together a system so that 4 years later, you can see me lose the election, state by state, hour by hour.
With no question that every vote is counted correctly.
The context in which you use it seems to indicate that you do not.
Just because you see someone count a piece of paper that says Gore on it doesn't mean that a vote for gore was really cast, just that you saw him count it.
I think you also have a problem with the word "cast".
Someone counts a ballot with a vote for Gore.
And you still claim there is a problem.
Either you don't know what you're talking about or you don't know the meaning of the words you are using to express it.
The "secret" is in what you marked on the ballot. Not on what happens to the ballot after that.
There's a reason why the vote counters are specific people.
And there's a reason why any citizen can watch them count the votes.
And there's no guarantee that what goes in the ballot boxes is what comes out, nor a guarantee that the counters will count correctly, or represnt the results correctly.
That is why any citizen can watch the ballot box and watch the vote counters.
That is the guarantee.
The very nature of secret ballots is that somewhere not everyone will get to see what happens, and at that moment, something can go wrong.
Again, you're confusing the act of marking a "secret" ballot with the process of counting the votes.
Other than the initial marking of the ballot (the "secret" part), the entire process can be viewed by any citizen.
And each political party has its own representatives present to do just that.
It still comes down to "people I like deserve more protection than people I don't like."
I'm getting that impression from you.
Because people find out that the White House granted special permission to a gay hooker to attend press conferences UNDER AN ASSUMED NAME and lob easy questions....
That's the same as publishing the address of the mother of some "harridan" you don't like.
Bah. You're just another hypocrite playing the double-standards game.
Nope. Your problem is that you're too tied up in your pro-Gannon viewpoint to see the difference.
Gannon and PJ both had their personal lives dug up and published.
Gannon had his because of the story involving the White House.
PJ had her's because MOG couldn't find any story.
*sigh* I remember the trolls we used to have back in the day. Now all we have are these wannabe trolls crying "hypocrite" as if it makes them sound mature.
Buh bye, little troll. Keep eating the food mommy gives you and one day you might grow up to be a big bad TROLL.
I apologize, I thought I made it clear that I was masking some non-essential bits of information in the log examples. One of those bits was the IP address. I replaced it with localhost in the example. I didn't feel is necessary to put the real-world IP in the example.
I understand that part. It was the IP address I was talking about.
As you and others have now pointed out, it could be that people were wget'ing the site for other reasons. However, that's not how it looked. All the requests that I saw were from the same IP and were all for the root / URL.
Then it would NOT be a DDoS.
It sounds more like the/. effect and ONE machine trying to cache sys-con's entire site.
So it should be VERY easy to track down the machine using that IP address at that time and find out whether it was an "attack" or an attempt to cache their server.
Unfortunately, I don't have all of the information. I agree that it would be nice to have more. I have what I have and now you have what I have, minus two lines of log file that are virtually the same as the three already shown.
And that's the problem. Yet in your "blog", you state:
There is still some doubt over whether the DoS attacks against Sys-Con actually existed or whether they were the result of 'The Slashdot Effect' for lack of a better term. I believe the DoS attacks did exist. I too was initially skeptical but based on e-mail correspondence I now believe them to have happened. In fact, from what I can tell the attacks were distributed, thus making this a DDoS.
Yet now you seem to be saying that the "distributed" portion was NOT the wget action you mentioned.
So, the "distributed" portion was nothing more or less than the/. effect?
Which only leaves that single IP address with the wget command. And it should be easy to determine whether that was an "attack" or an attempt to cache their site.
So..... I'm going to guess that you've "blocked" the IP address of the machine(s) doing the wget with "127.0.0.1". But why you would do this, I don't understand.
Wouldn't your first step be to locate the machines with those IP addresses at that time and see if they were faked or not?
If they were not faked, wouldn't it make sense to see if you could contact the owners of those machines?
This may be far less than a DDoS "attack".
It may just be several people attempting to download EVERYTHING on sys-con's site. Maybe in an attempt to get the material in a local cache so it wouldn't be destroyed by sys-con.
It would only appear to be a DDoS if those addresses were assigned to machines that the owners DID NOT use to wget those files.
As you state:
My opinion is that the DoS was a combination of a few factors. First, the sites were Slashdotted twice this week. I distinctly recall conversations with Sys-Con in the past when the sites got Slashdotted and then became unavailable or severely degraded. So, in effect, a Slashdotting could hamper the performance of the Sys-Con sites anyway. Not only did the sites get Slashdotted, but other news outlets picked up on the stories as well thus generating even more traffic. Finally, the proverbial straw that broken the camel's back were the extra requests generated by the HTTP GET requests.
I believe that you're still over-using the "DoS" statement.
You should have all the info to verify those wget commands as legitimate (people archiving sys-con's site prior to a "cleansing") or an attack (machines hitting sys-con's site without their owner's knowledge).
Since the machines were already straining under the/. effect (compounded as other media sites picked up the story), the additional archiving would easily have caused the server errors that many people saw.
Just because a server cannot hold up under the demand does NOT make the demand an "attack".
When MOG got the info on PJ, NONE of it showed that PJ had any special contacts or services with IBM.
With Gannon, it was shown that he had LOTS of special contacts and such with the White House.
The story wasn't about Gannon. The story was about how the White House had no problems giving special permissions to a gay hooker and allowing him to use a fake name to lob soft questions.
Now, IF MOG had turned up evidence that PJ was supported by IBM or IBM's lawyers and faked the "privacy" issue in an attempt to hide that connection, then THAT would have been the story.
But even THAT would NOT have been a reason to publish her Mom's address and pictures of her house.
Since MOG could NOT dig up the story she wanted to publish... she published the info she had and refered to PJ as a "harridan".
If Gannon had NOT had any special priviledges from the White House and had NOT used a fake name, then publishing personal details about him would also be over the line.
Here's a related concept: privacy no longer exists. Get over it.
Don't try to hide behind that bullshit.
Our choices are either pretend we have privacy and be subject to random exposure and to surveillance by the powerful, or to recognize the truth and ensure a level playing field for everyone.
Digging into people's lives takes time and money.
There will ALWAYS be a discrepency between what the average person can spend (time and money) digging and what "the powerful" can spend.
So there will never be "a level playing field" like you believe.
The "editorial board members" of LinuxWorld are appointed from among the leading professionals and participants of the Linux community at large.
Well, that's just sweet. But what does it have to do with anything?
LinuxWorld's independent advisory board and the core editorial team(s) have full editorial decision-making authority in everything that goes to print.
But MOG doesn't appear in print. Her articles are posted on your web site.
So what does anything about "print" have to do with this story?
They funnel that passion into the accurate and unbiased editorial content that you look for in the pages of our magazine(s) every month and in every new issue.
Still, not in print so why are you talking about this?
We believe that a magazine such as LinuxWorld, supported by hands-on participants and leading industry experts, offers real-life editorial content that you will not find elsewhere.
Hey! I can write this "note" and try to turn it into a free ad for my wonderful magazine.
Our compensation and deep satisfaction is in knowing that we are providing a valuable service that benefits Open Source, Linux, and everyone in the industry.
Yep. If I ever need to find PJ's mom, I'll know the site that provides that "valuable service".
This is how LinuxWorld differentiates itself from other venues.
Yep. Linux Journal certainly wouldn't publish that, even on its web site. Nor any other technical publication.
On the pages of LinuxWorld you read articles written by the most knowledgeable and experienced professionals in the world.
Did I mention the part about turning this into a free ad?
Last but not least, we are pleased to announce that with the launch of our new Web site, we now made all our archived content and past issues available online.
Thanks for having me on the show, did I mention my new web site? Can I do a quick plug for it?
Please be sure to take a look at the "LinuxWorld Topics" section of our new Web site to explore our archived content grouped under a rich number of categories.
I'm real sure I mentioned the free ad time. Right?
Before I end my note, I would like to take this opportunity to share with you our publishing guidelines.
End your note? You haven't even gotten to the subject.
We believe in the Golden Rule.
Give us the gold and you make the rules.
In all our dealings we strive to be friendly and courteous, as well as fair and compassionate.
This was not a single article. Read the past ones. You'll see an ongoing stream of hatred.
But those were okay to put on your sites.
We treat sources, subjects, and colleagues as human beings deserving of respect. We show compassion, show good taste, and avoid pandering to lurid curiosity.
Microsoft made spreading trojans EASY when it allowed the extension to be hidden. You think it's a picture, but it's an executable.
Real viruses aren't that common right now.
Stopping trojans requires a different approach than stopping viruses. To prevent trojans, you either have to disable the user's ability to run new code or only allow new code to be run in a sandbox.
While what you have said is correct, one thing that you have not addressed is that, for some virus writers, getting their spooge to spread as far and as wide as possible is the goal.
And the goal of many robbers is to get cash.
The most cash is in the banks.
Yet the robbers rob people's homes instead of banks because the banks have far better security than most homes.
It isn't the desire... it's the security model.
If you wanted to have your creation on as many systems as possible, would you target a less popular system that is as air-tight as a collander, or would you take the time to find a hole in the most in-use system?
And if your skill level is not sufficient to find a hole in the secure system... then your virus never happens.
Just because you WANT to find a hole that can be exploited at your level of skill does not mean that one is there.
Now, if the OS is coded correctly, it would be a LOT harder to find security holes in it.
Yep. That's the whole point. Any script-kiddie can write a "virus" for Windows and it can spread easily.
Security is not about marketshare.
Security is about restricting the avenues of attack.
If Linux is so secure that 99% of the people writing viruses for Windows will NOT be able to write them for Linux, that means that Linux will have fewer viruses.
Even the most well-designed and built OSes have some holes and security flaws.
Yep. But having "some" holes is not the same as having a flawed security model.
They've tightened up, but you are fooling yourself if you think they are bulletproof.
No one ever said they were "bulletproof".
All it takes for Linux to be safe from viruses is for Linux's security model to be secure enough that the infection rate falls below the repair rate.
If the virus is being removed from machines faster than it can spread, the virus is dead on Linux.
My argument is that, if some system other than Windows were dominant, there would be a lot more focus on finding those flaws.
I understand that argument.
It has been made many Many MANY MANY times before.
That doesn't make it any more accurate.
Having people looking for flaws does not mean that flaws for them to find are magically created.
Attention would be on the bigger target.
Again, looking for something does NOT mean that you will find it if it does not exist.
However, it has a lot to do with how many exploits are found that would not be noticed if someone were not specifically looking for them.
No.
Finding exploitable holes requires the following:
#1. That an exploitable hole be there to be found.
#2. That a person of sufficient skill be looking for exploitable holes.
Then, for that to actuall BE exploitable, the hole has to be in a sub-system that is common on Linux boxes. Finding an exploit in a 7 year old app that isn't included in any distribution any more won't get you very far.
And for those reasons, Linux is more secure than Windows AND will have fewer viruses even when it has more marketshare.
Corrupt workers indeed... Sarcasm aside, good point. The card will work exactly on those it doesn't need to work on, while leaving large avenues for exploitation
The good people will NOT be made any safer by this.
The bad people will have an EASIER time getting ID's to use in any state.
Which means the good people will be LESS safe with RealID than they are right now.
Wait until the first news story breaks about some punk drug dealer with 3 different RealID's.
1. Create a fake realID (incredibly difficult, but nothing's impossible)
Or more likely...
2. Use easier to forge documents to gain a realID, then use that as a basis.
Usage of the realID to prevent identity theft is spotty at best, and really, putting all of our trust into a single ID sounds to me like inviting identity thieves.
You left off corrupt workers filing fake RealID paperwork.
Since this thing will be accepted NATIONWIDE, the value of it to criminals will go through the roof.
And remember what Capitalism has taught us, where there's a market, there's a supply.
So, the bad guys can search the entire nation, looking for the weakest link to exploit because the return will be HUGE.
Right now, people pay thousands of dollars (per person) to be smuggled into the US. With RealID, they arrive with a nationally accepted identity.
This system is "brittle". Once any ONE point (out of thousands) is cracked, the entire system is open.
And the incentive to find that weakest point is huge.
By your logic, a program written by a first year student who didn't pay any attention to any security would have as many flaws discovered as a program written by an expert who tested for vulnerabilities
As long as both of them had the same number of users.
In other words, the flaws aren't errors in code writing, the flaws magically spaw when a certain number of people use it.
Aside from running specific apps that haven't been ported to Linux yet, name anything that Windows can do that Linux cannot.
Linux is quickly taking over the server market segment so SOMEONE has to like the Linux approach.
I'm typeing this on Ubuntu and Windows is behind on ease of use.
Surprise! Linux both technically better AND easier to use now.
Remember, it's easier to make a stable and secure platform easy to use than it is to make an unstable/insecure platform stable and secure, no matter how easy it is for the end user to use.
Linux will take the server market first.
Then it will take the corporate/government desktop.
Only then will it take the home user desktop (if such still exists then).
With NetWare, it was very easy to walk through each step of the process to get a server up and running.
Which means it was also easy to isolate any problems and work around them.
DOS was just the loader program for NetWare. Once NetWare had load, you could remove DOS from memory.
I'm running NetWare 6.5 and I'm still booting to DOS.
Strange, Linux seems to be rock solid.
And it runs on everything from a wristwatch to a mainframe.
It seems as if they have the engineering practices under control.
As for focusing on "a subset", why?
Won't the stability needed for a server be a good feature in a workstation?
Won't the plethora of devices on a workstation give you more flexibility in choosing a server (ATA, SATA, SCSI, etc).
Won't the real-time features necessary for certain segments be nice with workstation audio playback?
It would result in fewer errors if people could just get money from the cash machine without entering any info or carrying any cards, right?
Yeah, I know.
You make excellent points but you did leave off one item.
User interface testing.
We can test the system BEFORE the elections and work out the worst "bugs". We can use the dumbest people we can round up.
We can put together fully interactive context-sensitive help systems (voice/video/help screens).
We can make a system so easy that a 10 year old could use it (and we should be TESTING it with those 10 year olds).Are you ready for the real kicker?
Why isn't there a FEDERAL agency overseeing this issue? Where are the FEDERAL agents to review the code and hardware?
Vote for me! My first act will be to establish a FEDERAL department for electronic voting with completely Open Source software and open standards for hardware.
I'll make it so easy for every person in the US to vote me out of office.
I'll put together a system so that 4 years later, you can see me lose the election, state by state, hour by hour.
With no question that every vote is counted correctly.
The context in which you use it seems to indicate that you do not.I think you also have a problem with the word "cast".
Someone counts a ballot with a vote for Gore.
And you still claim there is a problem.
Either you don't know what you're talking about or you don't know the meaning of the words you are using to express it.
Either way, buh bye!
That is the guarantee.Again, you're confusing the act of marking a "secret" ballot with the process of counting the votes.
Other than the initial marking of the ballot (the "secret" part), the entire process can be viewed by any citizen.
And each political party has its own representatives present to do just that.
I'm getting that impression from you.
Because people find out that the White House granted special permission to a gay hooker to attend press conferences UNDER AN ASSUMED NAME and lob easy questions
That's the same as publishing the address of the mother of some "harridan" you don't like.Nope. Your problem is that you're too tied up in your pro-Gannon viewpoint to see the difference.
Gannon and PJ both had their personal lives dug up and published.
Gannon had his because of the story involving the White House.
PJ had her's because MOG couldn't find any story.
*sigh* I remember the trolls we used to have back in the day. Now all we have are these wannabe trolls crying "hypocrite" as if it makes them sound mature.
Buh bye, little troll. Keep eating the food mommy gives you and one day you might grow up to be a big bad TROLL.
That way, the individual can verify that his vote is printed correctly on the receipt.
...
He drops the receipt in a sealed ballot box.
The machine adds up the votes at the end of the day.
If there's any question about vote fraud
the machine's displayed total
is checked against
the machine's internal tape
which is checked against
the sealed ballot box.
In case of error, the ballots in the sealed box are the official record.
That way you get instant results, 100% verfication and the voter can individually confirm his/her vote.
The question of WHY it isn't being done like this reveals the corruption behind the current line of "voting" machines.
There is no reason why you cannot watch the ballot boxes, and the vote count.
With paper ballots, that is.
In theory, any citizen can watch the entire process.
And it isn't worth the $5 to get the material if I cannot post it here.
And they're looking at touch-screen tech and talking about paper-less machines.
It is possible to have touch-screen tech and a paper trail.
It sounds more like the
So it should be VERY easy to track down the machine using that IP address at that time and find out whether it was an "attack" or an attempt to cache their server.
Here's the first step: http://www.arin.net/whois/
That should be able to tell you who owns that block.
And that's the problem. Yet in your "blog", you state:
Yet now you seem to be saying that the "distributed" portion was NOT the wget action you mentioned.
So, the "distributed" portion was nothing more or less than the
Which only leaves that single IP address with the wget command. And it should be easy to determine whether that was an "attack" or an attempt to cache their site.
Don't send that stuff to her relatives.
It would only give the media another circus to cover which means more of an invasion.
Now, from one of my logs on my home server:
192.168.1.188 - - [01/May/2005:13:52:27 -0700] "GET
"-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050405 Firefox/1
So
Wouldn't your first step be to locate the machines with those IP addresses at that time and see if they were faked or not?
If they were not faked, wouldn't it make sense to see if you could contact the owners of those machines?
This may be far less than a DDoS "attack".
It may just be several people attempting to download EVERYTHING on sys-con's site. Maybe in an attempt to get the material in a local cache so it wouldn't be destroyed by sys-con.
It would only appear to be a DDoS if those addresses were assigned to machines that the owners DID NOT use to wget those files.
As you state:
I believe that you're still over-using the "DoS" statement.
You should have all the info to verify those wget commands as legitimate (people archiving sys-con's site prior to a "cleansing") or an attack (machines hitting sys-con's site without their owner's knowledge).
Since the machines were already straining under the
Just because a server cannot hold up under the demand does NOT make the demand an "attack".
With Gannon, it was shown that he had LOTS of special contacts and such with the White House.
The story wasn't about Gannon. The story was about how the White House had no problems giving special permissions to a gay hooker and allowing him to use a fake name to lob soft questions.
Now, IF MOG had turned up evidence that PJ was supported by IBM or IBM's lawyers and faked the "privacy" issue in an attempt to hide that connection, then THAT would have been the story.
But even THAT would NOT have been a reason to publish her Mom's address and pictures of her house.
Since MOG could NOT dig up the story she wanted to publish
If Gannon had NOT had any special priviledges from the White House and had NOT used a fake name, then publishing personal details about him would also be over the line.
Don't try to hide behind that bullshit.Digging into people's lives takes time and money.
There will ALWAYS be a discrepency between what the average person can spend (time and money) digging and what "the powerful" can spend.
So there will never be "a level playing field" like you believe.
I'm sure it had a LOT more hits on it than her other articles.
Well, that's just sweet. But what does it have to do with anything?
But MOG doesn't appear in print. Her articles are posted on your web site.
So what does anything about "print" have to do with this story?
Still, not in print so why are you talking about this?
Hey! I can write this "note" and try to turn it into a free ad for my wonderful magazine.
Yep. If I ever need to find PJ's mom, I'll know the site that provides that "valuable service".
Yep. Linux Journal certainly wouldn't publish that, even on its web site. Nor any other technical publication.
Did I mention the part about turning this into a free ad?
Thanks for having me on the show, did I mention my new web site? Can I do a quick plug for it?
I'm real sure I mentioned the free ad time. Right?
End your note? You haven't even gotten to the subject.
Give us the gold and you make the rules.
This was not a single article. Read the past ones. You'll see an ongoing stream of hatred.
But those were okay to put on your sites.
Hmmmm..... You might need to check this page then - http://linuxbusinessnews.sys-con.com/read/49228.ht m?CFID=39636&CFTOKEN=75BBE516-14D5-139B-BC4011A448 3558B3
Yep, Linux Business News on the sys-con.com site. And if I may post some of the hate there:
So, PJ is "mysterious".
Maybe it stands for "Pam Jones".
But, over time, the threats change to take advantage of new avenues.
Email trojans are currently a much larger threat to most people than viruses are
In the future, cell phone worms may be the biggest problem.
Over time, the threats change.Nope. It is easy to patch my Debian systems. I just have to su to root.Exactly. And that is because it is a HUGE security hole.
A security model states what can and cannot be done by which users, etc.
Not allowing something to be done IS part of the security model. Even if a different OS does allow that.
The OS should PROTECT the executables.No. You don't need to stop disk writes.
You need to stop modifying existing executables by regular users.
On Linux, this is easy. Which is why viruses do not spread on Linux systems.
Trojans exploit human nature, not the OS.
Worms exploit flaws in a running service.
Microsoft made spreading trojans EASY when it allowed the extension to be hidden. You think it's a picture, but it's an executable.
Real viruses aren't that common right now.
Stopping trojans requires a different approach than stopping viruses. To prevent trojans, you either have to disable the user's ability to run new code or only allow new code to be run in a sandbox.
The most cash is in the banks.
Yet the robbers rob people's homes instead of banks because the banks have far better security than most homes.
It isn't the desire
Just because you WANT to find a hole that can be exploited at your level of skill does not mean that one is there.Yep. That's the whole point. Any script-kiddie can write a "virus" for Windows and it can spread easily.
Security is not about marketshare.
Security is about restricting the avenues of attack.
If Linux is so secure that 99% of the people writing viruses for Windows will NOT be able to write them for Linux, that means that Linux will have fewer viruses.Yep. But having "some" holes is not the same as having a flawed security model.No one ever said they were "bulletproof".
All it takes for Linux to be safe from viruses is for Linux's security model to be secure enough that the infection rate falls below the repair rate.
If the virus is being removed from machines faster than it can spread, the virus is dead on Linux.I understand that argument.
It has been made many Many MANY MANY times before.
That doesn't make it any more accurate.
Having people looking for flaws does not mean that flaws for them to find are magically created.Again, looking for something does NOT mean that you will find it if it does not exist.No.
Finding exploitable holes requires the following:
#1. That an exploitable hole be there to be found.
#2. That a person of sufficient skill be looking for exploitable holes.
Then, for that to actuall BE exploitable, the hole has to be in a sub-system that is common on Linux boxes. Finding an exploit in a 7 year old app that isn't included in any distribution any more won't get you very far.
And for those reasons, Linux is more secure than Windows AND will have fewer viruses even when it has more marketshare.
Viruses exploit a flaw in the security model of the OS. Fix the flaw and the viruses cannot spread.
Anti-virus software should NOT be part of the OS.
But, by that same token, Microsoft should NOT be selling anti-virus software.
The bad people will have an EASIER time getting ID's to use in any state.
Which means the good people will be LESS safe with RealID than they are right now.
Wait until the first news story breaks about some punk drug dealer with 3 different RealID's.
You're just covering the aspects that apply to the LAW-ABIDING citizens.
So, the good people now have an increased risk of having their identity stolen.
But this is a worthwhile trade-off because this system will stop the bad guys, right?
No. This system will HELP the bad guys by giving them an ID that will be accept NATIONWIDE but can be picked up at any corrupt worker in any state.
So, I commit some crimes in NYC and I'm having some problems.
I pick up a faked Wisconsin ID and move to California. Now I have a clean slate. It isn't like the CA cops will have any reason to suspect my RealID.
Since this thing will be accepted NATIONWIDE, the value of it to criminals will go through the roof.
And remember what Capitalism has taught us, where there's a market, there's a supply.
So, the bad guys can search the entire nation, looking for the weakest link to exploit because the return will be HUGE.
Right now, people pay thousands of dollars (per person) to be smuggled into the US. With RealID, they arrive with a nationally accepted identity.
This system is "brittle". Once any ONE point (out of thousands) is cracked, the entire system is open.
And the incentive to find that weakest point is huge.