Re: Will Linux become as vulnerable as MS ??
From: Noi (noi_at_siam.com)
Date: 02/12/04
- Next message: remove: "Re: Can I delete these safely"
- Previous message: J.O. Aho: "Re: Can I delete these safely"
- In reply to: Nils Petter Vaskinn: "Re: Will Linux become as vulnerable as MS ??"
- Next in thread: Jim Richardson: "Re: Will Linux become as vulnerable as MS ??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 12 Feb 2004 19:40:11 GMT
On Thu, 12 Feb 2004 11:29:48 +0000, Nils Petter Vaskinn thoughtfully
wrote:
> On Wed, 11 Feb 2004 19:36:58 -0800, Jim Richardson wrote:
>
>
>> You're mixing up a few things, and ignoring others.
>
> I don't think I mix up much. I have chosen to ignore a few things because
> I wasn't talking about beeing vulnerable to worms, I'm talking about
> beeing vulnerable to viruses.
>
>>
>> 1) Unlike OE, IE, et al, Linux doesn't conflate open() and exec().
>
> I never said it did. But people sometimes infected by viruses from files
> that they know are executable, and execute intentionally. Like
> some_famous_person_nude.exe, some_game_cracked.exe
> some_file_I_got_from_my_mom_so_it_must_be_safe.exe
>
>> 2) While a few years ago, RH et al, had a problem with turning every
>> dang dæmon on "just in case", that's no longer the problem it was. Now,
>> the tendency is to have nothing turned on without express human action.
>
> Yes. But any sucker can set a demon up to run and then forget about it.
> "chkconfig whateverd on" is all it takes when you forget about it later
> on. Limiting a service through iptables, pam, and hosts.{allow,deny} is
> far harder than just turning it on.
>
>> 3) The mono-culture in the MS world, simply has no comparison in Linux.
>> the writers of viruses and trojans know that IE and probably OE will be
>> installed, and they act accordingly. That's simply not the case with
>> Linux, each distro is a little different, and even within the distro,
>> the user can easily chose to change the default, with far less effort
>> than it would take under MS-Windows.
>
> They're not that different. While yuu can't easily target a particular
> browser or mail client. Once you get something to run you can be fairly
> sure that the usual command line utilities are there. Remember we're
> talking about viruses exploiting user-stupidity here.
>
>> 4) In addition to the diversity of applications, there's a diversity of
>> libraries. While various versions of glibc work fine together, the
>> trojans and other malware we've encountered to date, are quite fragile,
>> not working when little things change, like stack allocations, and such.
>> Again, MS-Windows is far more rigid and consistant in these things. in
>> part, because of the nature of IPC in MS-Windows. They happily fling
>> binary data back and forth, that's frowned on in most *nix apps, who
>> instead push text back and forth, across more robust, and far less
>> rigid, interfaces. Trojans and other malware are usually quite fragile.
>
> So we will se statically linked viruses instead of dynamically linked
> ones.
>
>> 5) Linux distros don't upgrade by patch, they upgrade by replacing the
>> old app, completely, with the new one. It's a big difference. You don't
>> have to worry that patch b will open wide, the sec flaw that patch a
>> closed last week, sure, it's possible that the upstream maintainer
>> screwed up, but it's far less likely. They are juggling far fewer balls
>> in the air than their counterparts in Redmond.
>
> Actually I thought this was what was done on windows too, only that of an
> application conists of several files (dlls or whatever) only the changed
> ones are updated. I may be wrong ofcourse.
>
>> 6) With Linux, click on the attachment all you want, it's not going to
>> be executed unless you go *way* out of your way to make it do so. Unlike
>> MS-Windows...
>
> Fortunately this is still the case.
>
> But one day some well intentioned fool will add the capability to click to
> open according to filename ending to a mail client.
>
> Some other well intentioned fool will make *.sh files open with bash.
> Since clicking on a script is easier than typing it's name, not realizing
> the mail program uses the same file <-> program settings as the filesystem
> browser.
>
> Then anyone with a basic understanding of shell scripts could write one
> capable of mailing itself out.
>
> Such a script could even copy itself into any scripts it finds that the
> current user has write privileges to and silently keep doing that
> whenever a script is run until it's run by uid 0, which is when it
> installs a backdoor.
>
> If this happens on a system where users share scripts (eg in project
> folders) the script-virus could spread until it infects all user writable
> scripts on a machine. And if root executes only one of those
>
>> None of this means that Linux is invulnerable, or that it can't be
>> improved. But these, and other points, are some of the reasons that it
>> is *less* vulnerable than MS-Windows.
>
> I agree to that.
>
>> Consider this. The overwhelming majority of websites out there running
>> Apache, and despite having several rather nasty holes in Apache, or it's
>> modules in the last couple of years. Apache hasn't come even close to
>> the vile record that IIS holds in spreading malware. Apache is far more
>> common, the source code is out there for the black hats to study, and
>> yet it's IIS which craps all over the net.
>
> Because the black hats know they can use an IIS exploit for months before
> it's even known, and then for months before a fix exists. And then even
> for more months before all the unpatched machines are replaced with newer
> ones with a new version of windows.
> Basically cracking IIS may be harder because of the closed source, but it
> has a bigger "return on investment" :)
>
> I believe that apache has fewer holes than IIS (based purely on gut
> feeling) but the relative number of exploits can't be used to tell us if
> that's true.
>
>> While MS holds the vast majority of the desktops, and has for quite some
>> time, the server market is far more evenly distributed, yet still, it is
>> MS servers that are spreading this garbage, not the equally prevalent
>> Linux ones.
>
> Fortunately webservers are less prone to the stupid user syndrome.
Thank you again. Exactly the question and replies I needed.
-- ------------------------------------------------------ Linux registered user #302812 using Fedora Core 1 kernel 2.4.22-1.2149.nptl ------------------------------------------------------
- Next message: remove: "Re: Can I delete these safely"
- Previous message: J.O. Aho: "Re: Can I delete these safely"
- In reply to: Nils Petter Vaskinn: "Re: Will Linux become as vulnerable as MS ??"
- Next in thread: Jim Richardson: "Re: Will Linux become as vulnerable as MS ??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
