Linked by David Adams on Mon 6th Oct 2003 19:34 UTC
Bugs & Viruses It's an oft-repeated maxim that one of the reasons that Windows operating systems are plagued by so many viruses, worms, and security exploits is because they are so popular. Extrapolating on this, many have remarked that if Linux, MacOS, or other OSes become more popular, they will attract the attention of virus writers. That may be true, but the increased attention will not necessarily yield the same quantity of viruses and other exploits, says a Register article. Update: Rebuttal article.
Permalink for comment
To read all comments associated with this story, please click here.
Random poking at random points
by Wrawrat on Tue 7th Oct 2003 23:30 UTC

And Administrator can give himself write or delete access to any file, and can therefore modify them. You do know that you can do the same thing in *nix, right? You can make files non-writeable and root won't be able to write or delete them unless he chmod +w them first.

Now that you mention it, I once had fun with my Linux system and I was able to delete even non-writeable root-owned files, so I don't think the comparison is entirely valid.

I'm pretty sure an .scr is just a data file and the exploit using it was utilising a buffer overflow in the screensaver code. That's something any handler application is potentially vulnerable to.

No, a SCR is simply a binary program... Open one with Notepad and you'll see the infamous "MZ" string that begin every DOS/Win32 program. You can also rename any SCR to EXE and it'll run like a normal program. I did some screensavers with Delphi... The only thing particular is that you must support some parameters (like foobar /run for running it... no parameter leads you by default to the configuration options).

Well I think that people do educate themselves about these things. It takes time, but habits do change.

You're living in a dream world, Neo...

Again, these have nothing to do with vulnerabilities that are intrinsic to the OS, such as the aforementioned ability to run any file with a *.exe, *.bat, *.vbs, *.scr extension, or the fact that a non-Administrative user can install *.dll files that can be run at a higher level of privilege.

Wait. Putting DLLs in %system% is something, being able to be run at a higher level of privilege is another one. If this was true, hackers would just have to make a special DLL and make a program calling that DLL... If you are sure that is true, please give me one or two sources independant of each other to back up your claim.

You assume that all breeds of cows are similarly vulnerable to viruses, but in fact some breeds are stronger than other. The cows are not more vulnerable because they are prevalent. However, having a vulnerable species being prevalent increases the damage that may be caused by an epidemic.
Sure, but OS are NOT equally vulnerable. Some serious flaws exist in Windows - flaws which you acknowledge, and even try to argue that they are actually good design decisions - and these flaws now represent a serious security risk.

I think smithy understand that... but you seem to be hopelessly biased against Windows. You puke on Windows like it was rotten horse manure while you're praising Linux like if it was the Holy Grail of computing. I think his point is quite fair: if Linux was much more popular, it would probably have as many exploits as Windows, and I add that it would be especially because crackers (not hackers) have access to the source. Yes, programmers would be able to patch their holes, but if people ain't patching their Windows system, do you think they would patch their Linux one? Don't assume users would be smarter, more educated or shit like that. Many Unix systems are being r00ted because of unfixed holes, after all.

I don't think Windows is more secure than Linux, but you can't claim the opposite either. You shouldn't compare numbers in a linear way, but rather in a exponential/logarithmic one. If you are so sure that Linux (or any other open-source OS) is the Holy Grail and would be better if it had the same market share as Windows, then why don't you back up your points with credible sources?