Linked by David Adams on Tue 22nd Jun 2010 16:14 UTC, submitted by sjvn
Privacy, Security, Encryption A Computerworld editorial takes note of some interesting changes Dell made to the Linux page we linked to last week. They watered down some of their pro-Linux claims, but not as far as you might think.
Thread beginning with comment 431157
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: From the article ...
by UltraZelda64 on Wed 23rd Jun 2010 03:08 UTC in reply to "From the article ..."
UltraZelda64
Member since:
2006-12-05

The problem with this logic is that the person running the server is a lot less likely to be on some random P2P network, downloading all kinds of pr0n and warez onto the machine running the server.

You see, it's a lot easier to attack someone who is actively running your malware on a machine with no anti-virus or spyware protection, without any prodding on your part.

And even if they were...? Linux still has far fewer pieces of malware written for it than Windows ever did. Windows even had a nice little boost in the early days thanks to its compatibility with another horrible OS, MS-DOS.

Linux has no "binary backwards compatibility" or "legacy poor-security garbage design" to stick to. At least, not nearly to the extent Microsoft products do. And it has no real, market-driven (commercial) reason to.

Edited 2010-06-23 03:17 UTC

Reply Parent Score: 2

RE[2]: From the article ...
by WorknMan on Wed 23rd Jun 2010 03:22 in reply to "RE: From the article ..."
WorknMan Member since:
2005-11-13

And even if they were...? Linux still has far fewer pieces of malware written for it than Windows ever did.


Well, Linux doesn't have that much malware written for it for the EXACT reason that these kinds of users largely don't exist on the Linux platform. Why write malware for dumb users to install, if dumb users aren't using the platform? By and large, dumb users don't run servers, so the popularity of Linux as a server platform is irrelevant when comparing how much malware exists for Linux vs Windows.

I have little doubt that if Linux / Windows had an equal amount of dumb users behind the wheel and an equal amount of malware written for them, there'd probably still be more exploits on Windows, but Linux wouldn't exactly be immune either.

Reply Parent Score: 3

RE[3]: From the article ...
by UltraZelda64 on Wed 23rd Jun 2010 03:43 in reply to "RE[2]: From the article ..."
UltraZelda64 Member since:
2006-12-05

Whatever the case, the reality remains the same. Windows has always been, and still is, the low hanging fruit--ever since it took over DOS' market share. And it has traditionally been poorly designed, just like its pathetic predecessor. Coincidence? Not saying that Linux or any other OS for that matter is perfect, but if I were to be browsing porn, you could be damn well sure I'd be doing it on any mainstream OS *besides* Windows.

It's like wearing a rubber... the viruses may possibly be there, but you're less likely to "send" or "receive" them and become infected. Windows at one point offered the protection of nothing at all, but now I'd say it offers the protection of a cheap, generic type of condom. Meanwhile, Linux and BSD have proven themselves over and over, while Windows' nuts and bolts (heh heh) were finally tightened to a more acceptable level with Vista.

Edited 2010-06-23 03:45 UTC

Reply Parent Score: 2

RE[3]: From the article ...
by lemur2 on Wed 23rd Jun 2010 05:56 in reply to "RE[2]: From the article ..."
lemur2 Member since:
2007-02-17

"And even if they were...? Linux still has far fewer pieces of malware written for it than Windows ever did.
Well, Linux doesn't have that much malware written for it for the EXACT reason that these kinds of users largely don't exist on the Linux platform. Why write malware for dumb users to install, if dumb users aren't using the platform? By and large, dumb users don't run servers, so the popularity of Linux as a server platform is irrelevant when comparing how much malware exists for Linux vs Windows. I have little doubt that if Linux / Windows had an equal amount of dumb users behind the wheel and an equal amount of malware written for them, there'd probably still be more exploits on Windows, but Linux wouldn't exactly be immune either. "

Depends on what you mean by a "Linux platform". Linux is dominant in embedded system (e.g. TVs, media players), in mobile devices (e.g. phones, tablets), on many types of server (e.g. NAS, web server, mail server), on netwrok infrastructure devices and on supuercomputers. Linux does not however have a significant presence on desktops (although the exact installed base of Linux here is very difficult to determine). In any event, many of the machines on which Linux does run are high-value targets. For example, Google runs a million Linux servers, and Linux runs the London Stock Exchange.

Yet there exists very little malware which targets Linux, despite the high value of many of the target machines.

So ... how to eveluate? Perhaps the best method is to do a rough "risk assessment" type of approach. Factor in the diversity of Linux systems (versus the monoculture of Windows), the relative scarcity of desktop Linux, the relative difficulty of targetting Linux, the relative lack of threats against Linux compared to the superabundance of threats against Windows, the normal practice on Linux of running as a restricted users, the security of the repository/package manager system of software distribution vs the Windows practice of downloading & installing unsigned binary packages, execute permissions within the filesystem, no media autorun, SELinux, etc, etc ...

A rough estimate could perhaps be calculated that the system of an ordinary user on the Internet running Windows in typical usage patterns would perhaps be 10 million times (10^7) more likely to get a malware infection than the same user running Linux.

Something like that.

Reply Parent Score: -1

RE[2]: From the article ...
by nt_jerkface on Wed 23rd Jun 2010 06:40 in reply to "RE: From the article ..."
nt_jerkface Member since:
2009-08-26


Linux has no "binary backwards compatibility" or "legacy poor-security garbage design" to stick to. At least, not nearly to the extent Microsoft products do. And it has no real, market-driven (commercial) reason to.


Malware that is injected into warez is not taking advantage of backwards compatibility. It has nothing to do with "legacy poor-security garbage design" either. There is no isolation layer within Linux that would protect it from a trojan injected into an executable.

If Linux users were the majority and millions of them were carelessly downloading crap from unverified sources then you would have far more trojans like the one in the Unreal IRCd.
http://www.jfplayhouse.com/2010/06/trust-us-that-linux-trojan-is-no...

Malware today is mostly the product of computer criminals within Eastern Europe looking to profit, not from pricks who are looking to hack for the sake of it.

Edited 2010-06-23 06:47 UTC

Reply Parent Score: 4

RE[3]: From the article ...
by soulrebel123 on Wed 23rd Jun 2010 07:03 in reply to "RE[2]: From the article ..."
soulrebel123 Member since:
2009-05-13

differences you are not accounting for:
- Linux needs a lot less external, untrusted, binary-only software.
- AppArmor and SeLinux are ready. Should desktop security become a problem we would see a hell of an isolation layer.
- Differences in kernels, compilers, libraries, etc, would make it much harder for malware to spread.
- Linux users are much more skilled

Yes, if linux had 80% of the user base, there would be more security problems. Probably a tenth of what Windows has right now.

Reply Parent Score: 2

RE[2]: From the article ...
by bert64 on Wed 23rd Jun 2010 08:42 in reply to "RE: From the article ..."
bert64 Member since:
2007-04-23

On the other hand, Linux has source code backwards compatibility going a lot further than windows... Applications written for early unix systems can often compile and run successfully on a modern linux box.

Most linux malware is in the form of backdoored services that are intended to be manually installed and used by a hacker, whereas windows malware is typically automated because few hackers would manually target windows machines - their only value is in large hordes for ddos/spam purposes.

Reply Parent Score: 2

RE[3]: From the article ...
by nt_jerkface on Wed 23rd Jun 2010 09:20 in reply to "RE[2]: From the article ..."
nt_jerkface Member since:
2009-08-26

On the other hand, Linux has source code backwards compatibility going a lot further than windows... Applications written for early unix systems can often compile and run successfully on a modern linux box.

You mean command line utilities that can also be compiled and ran in cygwin. Anyways source code backwards compatibility doesn't mean much to users.

whereas windows malware is typically automated because few hackers would manually target windows machines - their only value is in large hordes for ddos/spam purposes.


What?????? Never heard of identity theft, password theft, file extortion, anti-malware extortion????

Reply Parent Score: 3