Linked by Eugenia Loli on Mon 20th Mar 2006 07:31 UTC
Windows There's a software product coming that has the potential to demote spyware from a security priority to an afterthought: Windows Vista. Spyware has become a serious security problem for users of Microsoft's operating system over the past years, giving rise to a host of third-party tools to fight the insidious software. But perhaps the best defensive program has yet to ship, some analysts believe.
Thread beginning with comment 105911
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: OK, call me skeptic.
by leech on Mon 20th Mar 2006 09:40 UTC in reply to "RE: OK, call me skeptic."
leech
Member since:
2006-01-10

>> So there will be new ones.

>The same could be said for oh-so-secure Linux, and >oh-so-secure OS X.

I think for there to be new ones, there would first have to be old ones. With the exception of browser cookies (which can be argued whether they are actually spyware or not) there are no adware/spyware/malware in Linux, at least none that I've seen in the many years of using it.

The only ad supported software I remember seeing was Opera, and they don't even do that anymore. No one in the Linux world would use any adware crap, a lot of people go there because of the adware/spyware that Windows has.

Reply Parent Score: 4

RE[3]: OK, call me skeptic.
by Janus on Mon 20th Mar 2006 11:12 in reply to "RE[2]: OK, call me skeptic."
Janus Member since:
2005-07-20

Perhaps, but if Linux on the desktop becomes widespread, we'll see more adware. Forgive me for generalizing, but right now, the majority of desktop Linux users are tech sawy people, and the rest is often less sawy friends, relatives or partners of said people, running on locked-down installs set up for them.

These people aren't interesting for the spyware companies. The interesting group is the "technically illiterate" who can't understand that the internet can be dangerous, and who think that people give away flashy media players and programs to add fancy animated smileys to e-mails (I hate those ads!) for free with no strings attached. The people who think that pop-up ads disguising as system dialogs are legit, etc.

If/when Linux for the desktop achieves success among those users, it's just a matter of time before we see a surge of spyware aimed at them. You don't need root to infest a Linux system with adware, all you need is to make the user run a shell script and without knowing it add a dozen of advertising bots to their system logon, etc.

The only boon is that (unless the program tricks the user into giving away the root password) cleaning it up might get easier than on severely stricken XP systems.

Reply Parent Score: 2

RE[4]: OK, call me skeptic.
by Maners on Mon 20th Mar 2006 15:55 in reply to "RE[3]: OK, call me skeptic."
Maners Member since:
2005-07-26

Even if Linux grew so popular that it was targeted by spyware/adware it would be really hard for this software to spread. First, the software installation in most modern distributions is done via repositories (yum, apt, emerge) which contains verified software an it's very unlikely that any adware comes through. Second, whatever you can install, you can unistall - rpm -e package_name reverts *everything* that has been done with rpm -ihv package_name. This is certainly not the case with Windows installers. Third, no you can't run any script just like that - user has to give it executable permissions first or run it via command line with sh script_name (I doubt that computer illiterate would use CLI). Fourth, file types cannot be faked just by changing an extension - if the file contains any executable code the window manager will always warn you if you attempt to open it. In conclusion, as long as the OS security is concerned Linux and any other UNIX flavor is secure and the user has to take extra steps before he can perform any potentially dangerous task. If the user is completely ingnorant and provides root password because a software vendor tells him so, then it's certainly his own fault not OS's. Anyway, it is much easier to recover from a user mistake/broken software in *NIX than in Windows.

Reply Parent Score: 4

RE[3]: OK, call me skeptic.
by mcrbids on Tue 21st Mar 2006 09:01 in reply to "RE[2]: OK, call me skeptic."
mcrbids Member since:
2005-10-25

...there are no adware/spyware/malware in Linux, at least none that I've seen in the many years of using it.

Then you haven't used it much, or at least, not commercially. I've seen 4 distinct rootkits for compromised systems in the last 6 years. Granted, all were on systems that didn't exercise Linux best practices (number one being run a system with current patches) but they are definitely out there.

In every case, running a system with all known patches updated would have prevented the compromise.

1) Run a current O/S, with current patches applied. That alone is probably 97% of the problem, whether you're running 'Doze, Macinslosh, or Linux.

2) When the computer does anything unexpected, don't agree. Close the window - FAST.

3) For Windows, run current antivirus/antispyware. For Mac/Linux, install all updates regularly.

Oh, and did I mention that you need to run all current updates and patches?

Reply Parent Score: 1