Linked by David Adams on Mon 6th Oct 2003 19:34 UTC
Bugs & Viruses It's an oft-repeated maxim that one of the reasons that Windows operating systems are plagued by so many viruses, worms, and security exploits is because they are so popular. Extrapolating on this, many have remarked that if Linux, MacOS, or other OSes become more popular, they will attract the attention of virus writers. That may be true, but the increased attention will not necessarily yield the same quantity of viruses and other exploits, says a Register article. Update: Rebuttal article.
Permalink for comment
To read all comments associated with this story, please click here.
Re: Great Cthulhu (IP: ---.205-131-66.nowhere.mc.videotron.ca)
by drsmithy on Tue 7th Oct 2003 06:05 UTC

Which, when you're a virus, amounts to pretty much the same thing.

No, it doesn't. Malicious executable code just needs to be executed to cause damage (eg: it contains system calls to delete hard disk partitions). Something like a .scr file has to get itself "run" by something that has to know which handler to pass it on to. Even then, it has to be passed to an exploitable handler to do damage (eg: must be run by explorer, explorer must have .scr file associated with something, the associated app must be vulnerable to an exploit and *then* the system calls to delete hard disk partitions are run).

So you have to hack your system to make it more secure?

No, you have to configure it to be secure, just like you do with any other platform.

Meanwhile, in Linux (KMail at least), downloaded files cannot be executed straight from the mailer.

Funny, my default kMail install launches things like PDFs and jpegs into an appropriate viewer after giving an "are you sure" prompt. Seems to me it's using exactly the same process as Windows and hence is vulnerable to the same sort of attach. Mail.app on OS X also behaves like this IIRC.

The user has to make them executable first. Did you read the article?

Yes. The process described for launching an attachment is identical to using Outlook in Windows.

Then again, there are a couple of decent GUIs, such as Gnome and KDE on *nix, where this process does not happen. Therefore, according to what you're saying, they are less vulnerable.

Yes, it does. If I double click a .pdf or jpeg in GNOME or KDE, they hand the file off the an associated handler in the same way Windows does. As does Finder in OS X.

Well one should expect that people who have important data on their hard drives keep CD-ROM backup of the most valuable stuff.

One would. Of course, they don't and with a multitude of Linux zealots running around preaching how Linux's superior security will stop viruses from erasing files, they wouldn't be likely to suddenly start, either.

The main idea behind the nastier viruses of the last few years is to either turn Windows machines into DDoS zombies, or to slow down servers with self-replicating worms. Both of these endeavours - which are the real computer virus threats of the early 21st century, not losing your mp3s - usually require root or Administrative rights.

Please detail why root privileges are necessary to attain either of these goals on the average system.

Simply put, BS. Being an Administrator on a Windows system is practically the same as being root on a *nix system. Tell me what you can't do as an Administrator in Windows (well, except recompile your kernel, or course) that you can as root. Real important stuff, you know, something that would actually make your point relevant.

Kill any processes on the system. Delete open files. Modify files where Administrator has not been given write or delete access. Basically all the stuff one could do to a system that Administrator can't - root has no restrictions at all on the typical unix box.

Of course, these aren't really all that applicable to the attacks you feel are important (although they are important). Why don't you list the things a normal user can't do but root can to allow DoS attacks (local and remote).

The problem is when the HTML engine has one of the worst security record and has been tightly integrated in the OS in order to shut out rival HTML engines.

You'll need to describe what you mean by "tightly integrated" (as opposed to "loosely integrated" ?) and how that somehow makes it different to any other widely used OS component - like, say, libc.

Or perhaps you weren't around when the whole Netscape/MS trial thing was going on?

I was. It was a crock then and remains a crock now. Netscape screwed themselves by promising much and delivering nothing. Microsoft's development of a system-level HTML component may well have aided in this process, but was hardly the only - or even major - cause. The development of such a component - and similar ones hence - would have been inevitable once the ubiquity of HTML was established and customers demanded it.

I also find it entertaining how no-one is lambasting Apple for "integrating" a HTML engine. Presumably since they're already a monopoly, it's ok.