Linked by David Adams on Mon 6th Oct 2003 19:34 UTC
Bugs & Viruses It's an oft-repeated maxim that one of the reasons that Windows operating systems are plagued by so many viruses, worms, and security exploits is because they are so popular. Extrapolating on this, many have remarked that if Linux, MacOS, or other OSes become more popular, they will attract the attention of virus writers. That may be true, but the increased attention will not necessarily yield the same quantity of viruses and other exploits, says a Register article. Update: Rebuttal article.
Permalink for comment
To read all comments associated with this story, please click here.
by Great Cthulhu on Tue 7th Oct 2003 15:09 UTC

No, it doesn't. Malicious executable code just needs to be executed to cause damage (eg: it contains system calls to delete hard disk partitions). Something like a .scr file has to get itself "run" by something that has to know which handler to pass it on to. Even then, it has to be passed to an exploitable handler to do damage (eg: must be run by explorer, explorer must have .scr file associated with something, the associated app must be vulnerable to an exploit and *then* the system calls to delete hard disk partitions are run).

Which is my point: the system is vulnerable by default, and it requires some serious tweaking to make it secure. Even then, there have been exploits around this "feature."

"So you have to hack your system to make it more secure?"

No, you have to configure it to be secure, just like you do with any other platform.

Actually, KMail won't run executables from an e-mail, ever. I'm talking executables, here, not data files that launch an app or viewer: real executables, programs and scripts.

Funny, my default kMail install launches things like PDFs and jpegs into an appropriate viewer after giving an "are you sure" prompt. Seems to me it's using exactly the same process as Windows and hence is vulnerable to the same sort of attach. on OS X also behaves like this IIRC.

No it isn't. You can't execute a PDF or jpeg. You're playing with words, here. A jpeg won't erase your hard disk.

"The user has to make them executable first. Did you read the article?"

Yes. The process described for launching an attachment is identical to using Outlook in Windows.

No it isn't! You don't have to make an attached .exe or .scr executable in Outlook for Windows - you can execute it just by double-clicking on it. With KMail you can't even execute malicious code in HTML mails, a bug which affects some versions of Outlook!

Yes, it does. If I double click a .pdf or jpeg in GNOME or KDE, they hand the file off the an associated handler in the same way Windows does. As does Finder in OS X.

Data files are not the problem, executable files are! You're deliberately playing on words because you do not have a point!

"Well one should expect that people who have important data on their hard drives keep CD-ROM backup of the most valuable stuff."

One would. Of course, they don't and with a multitude of Linux zealots running around preaching how Linux's superior security will stop viruses from erasing files, they wouldn't be likely to suddenly start, either.

That doesn't make any sense. Whether one uses Linux or Windows, one should always back up their important data; this has nothing to do with zealotry or security - as I've said, your computer could get stolen, or a hardware failure could make it difficult to recover your files. And you know what? I know a lot of people who do make backups - thanks to one Linux advocate (me) who has explained to them how important it is. Stop thinking that all users are idiots.

Kill any processes on the system. Delete open files. Modify files where Administrator has not been given write or delete access. Basically all the stuff one could do to a system that Administrator can't - root has no restrictions at all on the typical unix box.

Administrator can kill nearly all processes using some tools - it's not because you can't do it with Task Manager that you can't at all. Deleting open files has more to do with the filesystem than with privileges. And Administrator can give himself write or delete access to any file, and can therefore modify them. You do know that you can do the same thing in *nix, right? You can make files non-writeable and root won't be able to write or delete them unless he chmod +w them first.

I also find it entertaining how no-one is lambasting Apple for "integrating" a HTML engine. Presumably since they're already a monopoly, it's ok.

Apple isn't really a monopoly, not if you consider "personal computers" as a whole. This is an old and tired argument.

Windows is more vulnerable because it is more common (more targets, higher probability target is vulnerable).

Not true. The vulnerability of an OS is independant from its popularity. Either a system is vulnerable, or it isn't. If it's vulnerable but rare, then no one cares. If it's vulnerable and very common, then we have a problem.

Windows is more vulnerable because it exposes greater functionality.

What does having "greater functionality" (which overall isn't true anyway) have to do with the fact that it's more common? Windows is more common not because it has more functionality (it doesn't) but because it came preloaded on every PC back in the days of Win95.

The added "functionality" that does make Windows more vulnerable is that you can run executables that you receive via e-mail without having to set the executable bit. But the fact is that this does not have any real utility: how often do you need to execute an attachement (not open attached data, which is quite different)? Seriously, think of how often you receive a legitimate executable as an attachment - that is a false argument and you know it.

Windows worms and viruses cause more damage because it is common.
Windows worms and viruses can spread more quickly because it is common.

This is true. However, that does not mean that Windows is more vulnerable - it just means that whatever vulnerabilities it has can cause more damage. That is a fundamental point which you're refusing to acknowledge.

The author's comments on "monoculture" are a tacit admission commanility is a fundamental aspect.

Again you refuse to understand: "monoculture" doesn't make Windows more vulnerable. It just makes any vulnerabilities more dangerous. Since you seem to misunderstand this, let me find another example. Let's say I have made a breed of cows. For some reason, that breed is quite vulnerable to the flu and will quickly die if exposed. That breed is therefore highly vulnerable. However, I have the only herd in North America. Therefore, even if the flu hits, no more than a couple dozens cows will die. Now let's say that this breed - for whatever reasons - becomes highly popular and becomes the prevalent breed in North America, with 90% of the cows being from that breed. Then the flu hits, and 90% of all cattle in NA die, sending the industry in a crisis. Now, the cows aren't more vulnerable because they've become the dominant breed - in fact, they are as vulnerable, no more, no less, then when I only had a couple of dozen of them. But the impact of their vulnerability is much, much higher because they have become a monoculture, and therefore affect the entire cattle industry and the economy at large.

"He's saying that viruses can do a lot more damage in a monoculure."

Yet his primary thesis is that OS popularity is independent of damage that can be wrought.

No, he's saying that OS popularity is independent from vulnerability, not the overall damage that can be wrought. This is a fundamental difference - ignoring it to make a point won't make it any less true.

The author may be a "Security Consultant", but that article is nothing more than anti-Windows FUD

Yeah, as long as it's critical of Windows, it's anti-Windows FUD, right?