Linked by David Adams on Mon 6th Oct 2003 19:34 UTC
Bugs & Viruses It's an oft-repeated maxim that one of the reasons that Windows operating systems are plagued by so many viruses, worms, and security exploits is because they are so popular. Extrapolating on this, many have remarked that if Linux, MacOS, or other OSes become more popular, they will attract the attention of virus writers. That may be true, but the increased attention will not necessarily yield the same quantity of viruses and other exploits, says a Register article. Update: Rebuttal article.
Permalink for comment
To read all comments associated with this story, please click here.
@wrawrat
by Great Cthulhu on Wed 8th Oct 2003 00:07 UTC

Now that you mention it, I once had fun with my Linux system and I was able to delete even non-writeable root-owned files, so I don't think the comparison is entirely valid.

Hmm...you're right about this, you can actually delete them, but you can't write to them.

"I'm pretty sure an .scr is just a data file and the exploit using it was utilising a buffer overflow in the screensaver code. That's something any handler application is potentially vulnerable to."

No, a SCR is simply a binary program...


You do know that you're answering drsmithy here, right? I gave a link to support what you just said.

"Well I think that people do educate themselves about these things. It takes time, but habits do change."

You're living in a dream world, Neo...


Just because change happens slowly doesn't mean it doesn't happen at all. Most people I know now use a firewall when connected to the Internet, and a lot of people use anti-virus system. The situation is improving, altough not at the kind of pace we'd like to see...

If this was true, hackers would just have to make a special DLL and make a program calling that DLL... If you are sure that is true, please give me one or two sources independant of each other to back up your claim.

I was referring to the article but what about replacing a DLL - normally called by a program - with a corrupted one, and letting that one do the damage? Isn't that what happens with some viruses? Please give me one or two sources independant of each other to prove that this can't happen.

I think smithy understand that...

That doesn't seem to clear from what he's writing.

but you seem to be hopelessly biased against Windows. You puke on Windows like it was rotten horse manure while you're praising Linux like if it was the Holy Grail of computing.

Er, no. I don't know where you got that, but you're overreacting. I suggest you sit down and take a deep breath. I use Windows everyday, I've used it since version 3.0. I certainly don't puke on it, and don't consider Linux to be the Holy Grail or whatever.

What I do see, however, is that one cannot criticize Microsoft's security record without drawing the ire of MS zealots. I really do believe that there are severe security flaws in Windows, such as the fact that a file extension can determine if a program can be executed or not (and therefore can execute files received via e-mail, even automatically execute them in the case of a software bug).

I think his point is quite fair: if Linux was much more popular, it would probably have as many exploits as Windows, and I add that it would be especially because crackers (not hackers) have access to the source.

I disagree. I don't think that Linux would have as many exploits as Windows, because of the aforementioned design flaws (at least drsmithy admitted that these flaws exist, and actually said they were useful features). I think the author of the article made a compelling point, and that drsmithy does not.

I don't think Windows is more secure than Linux, but you can't claim the opposite either.

Well, right now in absolute and proportionate numbers, it is. So in fact I will claim it. I can't prove that if Linux had the same market penetration it wouldn't have as many flaws as Windows, but then again you can't prove to me that it would. So it is my opinion, based on the aforementioned flaws, that it wouldn't.

That said, I would love for Linux and Windows to have the same market penetration. That would take us away from the monoculture and let both OSes square off in healthy competition. Would you support such a scenario?

If you are so sure that Linux (or any other open-source OS) is the Holy Grail and would be better if it had the same market share as Windows, then why don't you back up your points with credible sources?

I have a better idea. Show me where Windows has a better security model than what you find in Linux and other open-source OSes, and show me proof (from credible sources, of course) that Open Source helps crackers find exploits, as you imply.

In the meantime, I'll continue to believe that some bad design decisions by Microsoft have introduced some severe security flaws in Windows. I'll also continue to be virus free, no matter what attachments people send me.

bon entendeur, salut.