On Friday 22 October 2004 12:56, Brandon Rife wrote: > John Wilson wrote: > >On October 21, 2004 04:11 pm, Elliot Somers wrote: > >> This is a pretty general question, I've heard it said by one party that > >>linux/unix is virus proof, other's say it's that virus authors go after > >> the big guys, so MS, wintel servers, etc. What I want to know is what's > >> true and what's not. Also I'm curious not only if it is, or not, but > >> why? If there's any references you all know of to point me in the right > >> direction I'd appreciate it. > >> Thanks, > >> Elliot > > > >Goodness, here we go again. > > > >To a degree it's true that virus writers go after the big guys. It's also > >true that virus/trojan/spyware writers go after the easiest system to use > > to propagate their nasties and that also happens to be Windows. > > > >One, in fact the only, reason the crackers charge after Windows is that > > from 95 to XP Pro most windows boxes run in administrator mode or with > > administration rights widely given. Even when they are not things like > > adding new software default to that. > > > >Toss in Microsoft's much vaunted ease of use mantra which has led to VBA, > >scripting languages that operate system wide, browsers and email clients > > that happily install just about anything so that you won't have to > > trouble yourself about it. Oh...and browsers and email clients that will > > follow HTML code anywhere no matter where it goes. > > > >What all this boils down to is that a cracker can devise a simple program > > that will install itself on your Windows box without your so much as even > > knowing about it. Nice, eh? > > > >And Windows users have shown themselves the most undiciplined of surfers, > > well perhaps that title goes to AOL users, who will go to a web site and > > download any old crap, usually spyware, so they can get the video feeds > > of porn, stock tickers, latest prices of medicines or whatever. > > > >As for wintel servers on the internet they are a definite minority when > >compared to Linux, one of the BSDs or UNIX. But they are as easily > > breakable as the desktop Windows on which they're based and for the same > > reasons. Only a near total moron would put anything on a windows server > > on the internet these days and for good reason. > > > >Admittedly this is much simplifed and much understated, beleive it or not. > >Try Bugtraq or CERT is you want to know more. You might also want to > > google virus writing to see how much there actually is out there. > > > >Now, Linux, in common with almost all POSIX compliant software also has an > >administrators account and you can, if you want to, set up as insecure a > >system as any old Windows box. Responsible Linux distributions will > > insist that you have at least one regular user as well as root and will > > boot you in as that. > > > >Now it's possible for a virus to be written for Linux and it's been done. > >But, unlike the Windows situation, there is absolutely nothing that can be > >done in user space that overlaps with or conflicts with the root/system > >space. In short, a virus cannot propagate itself. Oh, it can mess up the > >user's home in short order but not the machine itself. Spyware can find > > out everything it wants about you but nothing at all about the root or > > any other user on the box. > > > >Nasties do exist for Linux but they are much further and fewer between > > than the almost daily attacks on Windows. And they are, in general, far > > easier to defend against. > > > >Also, it often takes less than 24 hours for a package to be fixed after a > >vulnerability is found, often before it's exploited, and the fix sent out. > >Compare that to the rather cavalier attitude of Micosoft to such things. > > > >ttfn > > > >John > > > > > >------------------------------------------------------------------------ > > Wow! what a reply! :)
This is quite a good read http://www.theregister.co.uk/security/security_report_windows_vs_linux/ derek -- www.jennings.homelinux.net http://twiki.mdklinuxfaq.org
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________