On Tuesday 27 July 2004 13:31, flesh.99 wrote: > On Tue, 27 Jul 2004 17:44:43 +0800, frankieh <[EMAIL PROTECTED]> wrote: > > bascule wrote: > > > On Monday 26 Jul 2004 8:05 pm, Stephen Kühn wrote: <snip> > I apologize if I cover points already made, I am new to the list, so > please forgive me if that happens. > > I have been arguing these points elsewhere for a long time and > looking at the problems with creating viruses for Linux. It would be > easy to destroy a users data with just a little social engineering, > but the problem with writing something to escalate priveleges and > actually do harm to the system itself becomes much more complicated > and would affect a limited number of systems for each iteration of > the virus. This is due to all the different kernel versions, gcc > versions, etc. Crackers tend to be the lazy sort and only exploit > something easy (unless they are after something specific) so writing > viruses for Linux wouldn't get them the same satisfaction as it does > for Windows at the very core of things. > > When we saw slapper exploit ssl it was easy, because pretty much ever > version of SSL had the same vulnerabilities. I saw this firsthand > working for a webhosting provider, we got slammed by slapper as did a > lot of other companies. But with kernel exploits and the like, we > usually only saw those when someone targetted the systems. We > occasionally had script kiddies scan subnets and take gain access to > a few boxes that way, but it was very rare. Based on the observations > of how things got cracked and the way the slapper worm did it's work, > I came to the conclusion that I had been wrong about Linux viruses. I > originally thought we would see as many as there are for Windows if > the unwashed masses started using Linux, working at a large hosting > provider really changed my mind. Of course we will see a growth in > viruses, but the level of viruses on Windows is directly related to > the security problems in the OS itself, conversely when Linux becomes > more prevalent we will see more virus type activity, but it's not > possible for there to be near as much. > > The other problem is simply one of educating new users as they start > to move away from Windows. If we don't do this we will have people > running as root all the time just like 'doze users run as > administrator all the time. We need to come up with a solution for > software installation, one that windows doesn't have and one that > Linux is currently lacking. Sure most of us could install anything we > want into our user space via the shell by simply changing the > ./configure options, but my mom couldn't. I don't know of any distro > that does this, but a user space rpm would be a nice solution. The > main rpm command would be chrooted to the user space, this way in a > home environmant the users rarely if ever have to login as root > except to do os updates. Sort of a "Mandrake Home Version" or some > such, really aimed at protecting the users from themselves. XP Home > fell flat on it's face with the all or nothing security options, and > it wouldn't take much to develop this sort of installer for the home > users. > > The other issue is the one that originally drew me to open source, > and that is choice. With everyone using different e-mail clients it > becomes harder to get viruses to propogate. In a "home" version the > defualt install could drop pine, sendmail, et al and not leave a real > way to propogate via e-mail from a simple script delivered via > e-mail. I could send something all day long designed to send via > Thunderbird to a friend using Sylpheed and accomplish nothing, this > then goes back to the laziness issue. It's just not fun to write > viruses for Linux, you could rarely damage enough to make the news or > get any > recognition. > > I have rambled enough now and probably made very little sense. Thanks > for bearing with me. > > flesh99 But you are right, up to a point, how long do you think an OS would last that would do as you suggest? I know slick packaging and all would give it a few more days. But I suggest that less than a week would be the life span. -- Regards; Hoyt
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
