Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
"more linux users = more linux virii" rebuttals?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Duplicate Threads
View previous topic :: View next topic  
Author Message
GenTimJS
Guru
Guru


Joined: 03 May 2003
Posts: 406
Location: NH, USA

PostPosted: Fri Aug 26, 2005 6:23 pm    Post subject: "more linux users = more linux virii" rebuttals? Reply with quote

I had a discussion with one of the engineers today who insisted that regardless of any underlying architechture, that any platform which had more widespread adoption would have more viruses attack it because all the 14 year old script kiddies would get more "pr0pz" as a result of infecting more systems.

None of my arguments from a tech standpoint seemed to work. Anyone have any good links on the subject or rebuttals?
_________________
-Tim Smith
Back to top
View user's profile Send private message
frostschutz
Advocate
Advocate


Joined: 22 Feb 2005
Posts: 2968
Location: Germany

PostPosted: Fri Aug 26, 2005 8:15 pm    Post subject: Reply with quote

I don't like what-would-be-if discussions very much.

Linux is not a solution for criminal activity. If Linux was the only OS in the world, people would of course write viruses for it. People are morons. And they would succeed, too, simply because people don't update their software. (People are still morons.)

(Yes, I was watching Groundhog Day just now.)
Back to top
View user's profile Send private message
opqdan
Guru
Guru


Joined: 13 Dec 2004
Posts: 429
Location: Redmond, WA, USA

PostPosted: Fri Aug 26, 2005 8:25 pm    Post subject: Reply with quote

Linux is more secure, therefore has less of a chance of being infected by a virus IF A USER ISN'T STUPID. If a user constantly runs as root, then they are almost no safer than if they were on windows (disregarding OS holes and looking solely at user security problems). If a user downloads and installs malware in windows, they would do the same in Linux (if it existed).

Of course, now Linux users are smart. They are the cream-of-the-crop technology wise. They are savvy enough to avoid malware (what little there is for linux) and virus's (rootkits I guess). If Linux had 95% of the market, more people who shouldn't use ANY OS unsupervised will be using it and doing stupid things. We would see virus's and malware for linux rise, but not nearly as high as Windows due to Linux's underlying security (ie a user can only screw up they're own files for the most part).
Back to top
View user's profile Send private message
Headrush
Watchman
Watchman


Joined: 06 Nov 2003
Posts: 5597
Location: Bizarro World

PostPosted: Fri Aug 26, 2005 8:41 pm    Post subject: Reply with quote

I don't buy not as popular, so that is why the difference in viruses argument.

No OS is full proof but Windows is inherently more open to viruses due to ActiveX and poorly choosen default settings. With Longhorn and LUA Microsoft is beginning to try to change that.
Back to top
View user's profile Send private message
UncleOwen
Veteran
Veteran


Joined: 27 Feb 2003
Posts: 1493
Location: Germany, Hamburg

PostPosted: Fri Aug 26, 2005 10:26 pm    Post subject: Reply with quote

Apache is way more popular than IIS. Which one has more worms?
Back to top
View user's profile Send private message
neuron
Advocate
Advocate


Joined: 28 May 2002
Posts: 2371

PostPosted: Sat Aug 27, 2005 12:46 am    Post subject: Reply with quote

UncleOwen wrote:
Apache is way more popular than IIS. Which one has more worms?


exactly..


the guy who claimed that is a moron, sorry, but linux simply works in a very different ways, daemons that are exploited in windows has complete access to everything on the system, on linux 99.9% of daemons are run as a user, and has user rights, and or in chroot and has even less..
Back to top
View user's profile Send private message
opqdan
Guru
Guru


Joined: 13 Dec 2004
Posts: 429
Location: Redmond, WA, USA

PostPosted: Sat Aug 27, 2005 4:23 am    Post subject: Reply with quote

UncleOwen wrote:
Apache is way more popular than IIS. Which one has more worms?
I don think that anybody is saying that Linux is less secure than windows (frankly, it would be dificult to TRY to reach those results, although I supose I could rig something up with a telnet server and some blank passwords...), but that Linux bases part of its security on a knowledgeable userbase.

The biggest security hole in any system is the user, no matter the OS.
Back to top
View user's profile Send private message
neuron
Advocate
Advocate


Joined: 28 May 2002
Posts: 2371

PostPosted: Sat Aug 27, 2005 12:37 pm    Post subject: Reply with quote

opqdan wrote:
The biggest security hole in any system is the user, no matter the OS.


well... auto rootable remote exploits and exploits that requires the hacker to have an account on your system (local root exploits) is still a quite big difference in security.

Linux will allow a user to do stupid things, windows comes with stupid preinstalled and ready to go.
Back to top
View user's profile Send private message
eltino
n00b
n00b


Joined: 29 Apr 2005
Posts: 44
Location: Martinique

PostPosted: Sat Aug 27, 2005 9:01 pm    Post subject: Reply with quote

Hum... Linux users smarter? Really? We install software as root. That's enough for making Linux as fragile as Windows. Unless you read all the sourcecode for all the tarballs portage downloaded from gentoo mirrors, I'm not sure you can pretend your system is safe. What's more, people (yeah, the smart Linux users) who use binary distros spend a huge amount of time installing unverified binaries from obscure places such as linuxpackages.net or whatever the Fedora/SuSE/Mandriva repo du jour is...

A few distros don't even sign their packages with GPG, meaning a compromised mirror leads to compromised systems all over the world. Sure Linux is less prone to worms by default, but more secure? I doubt it. Linux users often think that just because their system is opensource, it is safe. Wrong. Just look how often on this very forum people are told to 'ebuild xxxx.ebuild digest' because a md5 check failed...
Back to top
View user's profile Send private message
Dlareh
Advocate
Advocate


Joined: 06 Aug 2005
Posts: 2102

PostPosted: Sat Aug 27, 2005 9:12 pm    Post subject: Reply with quote

eltino wrote:
Just look how often on this very forum people are told to 'ebuild xxxx.ebuild digest' because a md5 check failed...

Usually prefaced with "if you trust the file..."
_________________
"Mr Thomas Edison has been up on the two previous nights discovering 'a bug' in his phonograph." --Pall Mall Gazette (1889)
Are we THERE yet?
Back to top
View user's profile Send private message
Naib
Watchman
Watchman


Joined: 21 May 2004
Posts: 5614
Location: Removed by Neddy

PostPosted: Sat Aug 27, 2005 9:31 pm    Post subject: Re: "more linux users = more linux virii" rebuttal Reply with quote

GenTimJS wrote:
I had a discussion with one of the engineers today who insisted that regardless of any underlying architechture, that any platform which had more widespread adoption would have more viruses attack it because all the 14 year old script kiddies would get more "pr0pz" as a result of infecting more systems.

None of my arguments from a tech standpoint seemed to work. Anyone have any good links on the subject or rebuttals?



You want some arguements to stand up to his Windows-fanboy arguement try these


Virus writers are after fame (maybe not by their real name) I.E. OMG I just infected x number of PC's in a week!!!!!

1) yes MS is on 90% of all home desktops PC and there is a big hatered out there toward MS plus it is a easy target with their slack coding.
However. 70% of the web runs off of Open-source software. Be it in the form of Linux servers (huge number, alot more then Windows-base), or by utilisation of Apache for their web serving (On unix station). Cant remember where but I think it was 70% were linux machine

70% of server-based machines on the net is a HUGE number !!!!! and yet there are no viruses! There have been a few worms taking advantage or a vulnerability in a certain version of Apache, but due to it being open-source it tends to be patched in hours (not months with MS).

Still there isn't alot around is there?

2) Think if you were the one that susseffully wrote a virus that propogated through Linux machine - you would be known as the 1st virii writer to infect Linux - for Virus writers that is as good as being made a GOD

Dont think for a moment that ppl are not trying


It is a simple thing with UNIX/Linux file permissions that effectively rule out virusses on linux
Take the MSBlast and Zobog Viruses/Worms that have hit windows recently.

They managed to get onto a Windows machine via a vulnerability in the RPC service in Windows2k/XP that allows a piece of code to be put onto someones computer and then executed.

NOw lets say you have CUPS running on your computer and there is a vulnerability found that someone could upload a file to your /home directory (possible), so? you now have that file, how is it going to be able to be executed? all files created are given the "-x" permission, thus it cannot be run - a crap virus, it cannot spread on a linux machine
_________________
The best argument against democracy is a five-minute conversation with the average voter
Great Britain is a republic, with a hereditary president, while the United States is a monarchy with an elective king
Back to top
View user's profile Send private message
Leffe
Tux's lil' helper
Tux's lil' helper


Joined: 07 Apr 2004
Posts: 145
Location: Sweden

PostPosted: Sun Aug 28, 2005 1:14 pm    Post subject: Re: "more linux users = more linux virii" rebuttal Reply with quote

Naib wrote:
NOw lets say you have CUPS running on your computer and there is a vulnerability found that someone could upload a file to your /home directory (possible), so? you now have that file, how is it going to be able to be executed? all files created are given the "-x" permission, thus it cannot be run - a crap virus, it cannot spread on a linux machine


You could upload a new .bashrc or such file. One you have something that executes something at least once you have root access.
Back to top
View user's profile Send private message
Headrush
Watchman
Watchman


Joined: 06 Nov 2003
Posts: 5597
Location: Bizarro World

PostPosted: Sun Aug 28, 2005 4:07 pm    Post subject: Reply with quote

I come back to my original argument that for comparisons you have to evaluate default configurations as supplied from your distro.

Any system can be hardened and improvements can be made. You have to separate OS vulnerabilities from human and social engineering problems which several of the posters try to use as security risks related to the OS.
Any OS can be compromised by these kinds of vulnerabilities and always will be.

Distos that don't use md5 checksums or mirrors that are captured aren't a Linux security problem, but a distro distribution problem. No different from me remastering a Windows CD with a virus and having you install from that.

Installing software as a root or Administrator on any system can be a problem if the sources are not trusted. This is a user error in allowing without proper checking. The question is "can a file gain access root privileges without explicit user acceptance."

I think the difference is in methodology.
Linux as a whole generally chains smaller programs together to gain the functionality needed. You perfect the small program and keeps things simple. The less bloat, the lest chance for problems, oversights, vulnerabilities.
Windows uses a lot of callbacks, hooks, and specific APIs between separate components that although they can work effectively introduce special cases and more complex communication and possible new errors.

What is the saying from Scotty from Star Trek
Scotty wrote:
The more they overtake the plumbing, the easier it is to clog up the drain
Back to top
View user's profile Send private message
Maedhros
Bodhisattva
Bodhisattva


Joined: 14 Apr 2004
Posts: 5511
Location: Durham, UK

PostPosted: Mon Aug 29, 2005 10:19 am    Post subject: Reply with quote

Please see Get the facts, or various other threads in Off the Wall about this subject.

Moved from Other Things Gentoo to Duplicate Threads.
_________________
No-one's more important than the earthworm.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Duplicate Threads All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum