Linked by David Adams on Mon 6th Oct 2003 19:34 UTC
Bugs & Viruses It's an oft-repeated maxim that one of the reasons that Windows operating systems are plagued by so many viruses, worms, and security exploits is because they are so popular. Extrapolating on this, many have remarked that if Linux, MacOS, or other OSes become more popular, they will attract the attention of virus writers. That may be true, but the increased attention will not necessarily yield the same quantity of viruses and other exploits, says a Register article. Update: Rebuttal article.
Permalink for comment
To read all comments associated with this story, please click here.
Re: marc
by Bascule on Mon 6th Oct 2003 21:02 UTC

Writing Virii for Windows is so much easyer that writing for Linux or MacOS X. Windows is more exploitable than anything else, everyone knows that.

Exploitability in Windows lies primarily in the enormous home market, where Windows is most likely terribly configured from a security standpoint.

A Windows machine configured with a proper security policy and user permissions is no more or less exploitable than a similar Linux system.

Were the same level of scrutiny applied to auditing Evolution that is applied to Outlook Express, I'm sure a number of buffer overflows would be found in the message parsing code, and a number of design errors which could lead to automatic execution of attachments.

Read your mail with Pine? Let's not forget this recent Pine buffer overflow: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0721

Why hasn't anyone written a mass mailing worm that exploits this Pine vulnerability? Possibly because no one cares enough... if you are going to spend time writing a mass mailing worm, why not exploit an Outlook vulnerability instead?

Also keep in mind that the same qualities of Linux which make it somewhat more resistant to viruses/worms (namely the constantly changing glibc ABI with symbol names and various structures constantly being altered) are the same qualities that bar Linux from receiving commercial application support. Application developers making Linux releases often must target them at a single distribution (which is almost always RedHat)