I think just about all those phishing emails that are trying to distribute phishing viruses are distributing viruses written for windows, because Windows is written so poorly that you have to be administrator on a windows system to do even basic user tasks like connecting to a printer.
They know that unless they get opened on a corporate network where the Microsoft user security is enforced, they have carte-blanc to do whatever the heck they want to the computer. This is just a numbers game. The number of Linux user desktops out there is vastly smaller even than MacOS desktops, and the number of MacOS desktops is a pittance compared to windows desktops. And almost all windows desktops NOT connected to a domain the user has admin rights, and probably half the windows desktops connected to a domain the user also has admin rights. Assume only .01 of users fall for a virus, well .01 of 100 million windows desktops is a lot bigger number than .01 of 1 million linux desktops. You write for the bigger number. Hell, we can't even get Microsoft to port Office to Linux desktops even though the majority of their revenue is coming from O365 and they have forced every maker of desktops out there to buy windows licenses from them - all those linux desktops you have, also paid a Microsoft tax. So there's zero downside to making O365 available for Linux desktops other than developer cost to port and support, it won't negatively impact their windows os revenue at all. And O365 is EXPENSIVE and it's an ongoing cost. Plus they make O365 available for MacOS and they are the greediest pigs of all the installed software vendors and routinely throw millions into dog products like Microsoft Bob that everyone can see will be money losers. Yet they can't even find a way to make money on linux desktops so if THEY can't justify it for O365 which is a cash cow, how in the world could a virus writer writing viruses to make actual real money (well, steal real money) justify writing a linux desktop virus? Just about all the linux escalation security cracks are written to target linux SERVER products. If your Linux desktops are not offering services to the public Internet, there is very little to worry about. Ted -----Original Message----- From: PLUG <[email protected]> On Behalf Of mo Sent: Friday, January 26, 2024 11:01 AM To: Portland Linux/Unix Group <[email protected]> Subject: Re: [PLUG] virus check methods Such a great group to learn so many things from! Yayus! I've aptitude auto updating. None of the systems have a LAN aka all WFH situations. The individual users do not have root access, but I install 1 other user which does so that I can ssh in as that user & sudo when needed; root itself has no ssh or login access directly. Idk if I use all the Linux defaults; I have a setup script I run on each host after install to configure everything which probably changes some defaults. Idk if Siduction/Debian has any 0days. I haven't had time to process all the other links & info you guys shared yet but all very appreciated. 🙏🏾
