Linked by David Adams on Mon 6th Oct 2003 19:34 UTC
Bugs & Viruses It's an oft-repeated maxim that one of the reasons that Windows operating systems are plagued by so many viruses, worms, and security exploits is because they are so popular. Extrapolating on this, many have remarked that if Linux, MacOS, or other OSes become more popular, they will attract the attention of virus writers. That may be true, but the increased attention will not necessarily yield the same quantity of viruses and other exploits, says a Register article. Update: Rebuttal article.
Permalink for comment
To read all comments associated with this story, please click here.
Re: Re: marc
by Mark Wilson on Mon 6th Oct 2003 21:40 UTC

Bascule wrote:

"Exploitability in Windows lies primarily in the enormous home market, where Windows is most likely terribly configured from a security standpoint."

The above is an assertion contrary to reported facts. For example: SQLSlammer, U.S. Department of State, almost every corporate network using Windows at least once in the past year.

"A Windows machine configured with a proper security policy and user permissions is no more or less exploitable than a similar Linux system."

The above assertion is contrary to all reported evidence and does not present any evidence in support.

"Were the same level of scrutiny applied to auditing Evolution that is applied to Outlook Express, I'm sure a number of buffer overflows would be found in the message parsing code, and a number of design errors which could lead to automatic execution of attachments."

It is incorrect to assume that the scrutiny level of Evolution code is less than that of Outlook code, or vice versa. After all, the only people looking at Outlook code are those working for MS.

"Read your mail with Pine? [snip] Why hasn't anyone written a mass mailing worm that exploits this Pine vulnerability? Possibly because no one cares enough... "

Possibly because it's already been fixed.

http://rhn.redhat.com/errata/RHSA-2003-273.html

Open source means that people at more than one company can analyze source code, test for vulnerabilities and fix them before they are exploited.

Regards,

Mark Wilson