[ubuntu-uk] Imagine if Linux become massively popular?

Tony Arnold tony.arnold at manchester.ac.uk
Thu Jun 13 16:50:48 UTC 2013 

Liam,

On 13/06/13 17:20, Liam Proven wrote:
> On 13 June 2013 17:04, Tony Arnold <tony.arnold at manchester.ac.uk> wrote:
>> Liam,
>>
>> On 13/06/13 16:37, Liam Proven wrote:
>>> On 13 June 2013 15:02, Tony Arnold <tony.arnold at manchester.ac.uk> wrote:
>>>> OS X can be compromised.
>>>
>>> *All* operating systems can be compromised.
>>>
>>>> Doesn't really matter whether it's technically
>>>> a virus or a trojan
>>>
>>> Yes it does. It matters very very much indeed. This too is a red herring.
>>
>> You've cut short my sentence which went on to say the same things are at
>> risk such as credentials, bank details etc., regardless of how the
>> infection got there.
> 
> As I said, *all* computers are vulnerable to social engineering of the
> user. Ergo, this is completely irrelevant to any discussion of the
> relative vulnerability of Mac, Windows and Linux. If you can con
> someone via a clever website or a phone call, then you can do so via
> other websites -- the OS they're running doesn't matter.

It depends! If the intent of the social engineering is to get a Trojan
loaded on to the user's machine, then the Trojan has to operate on the
relevant O/S. If it's to steal credentials then no, it doesn't matter.

How the trojan operates may then depend on the vulnerability of the
underlying system and whether it can gain root access etc. Many trojans
seem to set up hooks on system API calls and thus intercept normal
system calls to do nasty things. That needs high privileges. Linux may
be safer in this respect.

>> There are many attack vectors. Infected media, file sharing etc. Just
>> being connected to a network is less of a risk these days because MS
>> eventually decided that having a firewall turned on by default is a good
>> idea.
> 
> True. Windows is /much/ better than it was. However, this requires
> immense, constant vigilance by MS. So as soon as a version is no
> longer supported, its users really /must/ upgrade, ASAP.

One of the reasons I don't like Windows is the need to apply sticking
plasters, such as anti-virus, anti-spyware, firewalls etc., over the
base operating system.

>> Yes, but this is becoming more and more prevalent. Much of this is being
>> driven by criminals, not script kiddies. The social engineering is
>> getting to be quite clever (if you don't know what you are looking for)
>> and many users are easily fooled. There is quite a family of bank
>> stealing trojans around which are really worrying.
> 
> Absolutely.
> 
> http://theonion.github.io/blog/2013/05/08/how-the-syrian-electronic-army-hacked-the-onion/

Seen similar modes of attack locally.

>> This all tends to be targeted at Windows, but as the original OP said,
>> if Linux starts to take a significant share of the world's computer
>> usage, then the criminals will target Linux as well. And if the system
>> itself is not vulnerable, they will target the weakest point which,
>> unfortunately, is the human being sitting at the keyboard!
> 
> Seriously, I think targeting individual OSes is a dying trend, just as
> desktop computers are declining. It will be via corporate email
> systems and so on, like the Onion one there. The OS doesn't matter.

Criminals will go for the low hanging fruit. So whatever direction the
industry is going for the hackers will seek out the easiest and most
lucrative vulnerabilities be that in the system or the human.

>> I just worry that there is a danger that Linux and Mac OS users get
>> complacent (and in my job I have had to inform Mac users that their
>> machine is compromised and get the response that this is just not
>> possible because I am using a Mac!) and they are 'safe' because they
>> don't use Windows. That kind of complacency is misplaced, IMHO.
> 
> A fair point, you're absolutely right.

I think we are both saying similar things but may be from slight
different angles!

Regards,
Tony.
-- 
Tony Arnold,                        Tel: +44 (0) 161 275 6093
Head of IT Security,                Fax: +44 (0) 705 344 3082
University of Manchester,           Mob: +44 (0) 773 330 0039
Manchester M13 9PL.                 Email: tony.arnold at manchester.ac.uk

More information about the ubuntu-uk mailing list