Sample virus targets Windows and Linux

TalkBack 14 of 80:: Next »; « Previous

Thread View
Flat View

Glad to see someone else saying it: Anyone who says Linux (or any other OS created by humans) is invulnerable doesn't know enough about computers/programming.

True. I've seen this a lot in online discussions though: "X OS is secure, and free of bugs unlike Windows". I see people all the time who say that about Linux and Mac OS X, in comparison to Windows. The truth is, yes, that Linux and OS X implement some security measures that Windows historically has not (this is changing). But OS X is largely untested for security, IMO, out in the wild. Linux has been tested some in the wild, but I think it might get tested more often as time passes. I didn't discover until last year that new vulnerabilities are found for different varieties of Linux all the time. One kind of vulnerability that I see hardly anyone talk about, but has shown up for some versions, is "escalation of privileges", where it's possible for a piece of code to raise its privileges to root, even though it's being run under limited user privileges (in a user account). These vulnerabilities can lay dormant in Linux code for a while, until someone discovers them (and we hope that a security company discovers them first), because a characteristic of OSS projects is developers focus on the areas that are exciting. And parts are neglected because they are no longer interesting.

The thing that I shake my head at often is when I see people claim their OS is free of problems "by design". The truth is they just haven't run into them yet. There is some truth to the notion that since the platform is in a small minority, it's just not a juicy target. As far as motivation goes, it's not worth the effort for malicious folks to find the vulnerabilities and exploit them. That should not make people feel safe. That should make people hope that their OS ALWAYS remains very unpopular. If it starts getting popular with millions and millions of users, they're going to start having some of the same problems that frustrated them with Windows. True the problems will probably be less numerous, due to the security measures built in, but it'll be like with terrorism. Once they get attacked, they won't know where the next attack will come from, despite the greater security measures in place. They'll be thinking "Hey! I thought my computer was secure! I was lied to!" The truth would be they lied to themselves.

I would liken what some have done as leaving a boat with holes that are being plugged often in stormy waters, for a boat with fewer holes in it in calm waters. They think "Hmm, this ship has no problems. I like it here!" All they've really done for practical purposes is changed what weather they exist in. I've been saying this for a while, but I get the impression it's difficult for people to believe. They see that X alternative to Windows seems to have no attacks on it, and so they think it's invulnerable.; Posted by: Mark Miller Posted on: 04/09/06 You are currently: a Guest | Members login | Terms of Use