Virus Issue 2

[Andre Truter]

On Sat, 26 Mar 2005 22:11:25 -0700, Shawn Christopher
<schristopheraz at gmail.com> wrote:
> I don't agree...the value of the information is what drives the desire.
> People will hackup Win boxes cause they know the possibility of
> gathering data. While with Mac's what are you gonna get? Art files?,
> Peoples home movies, and maybe some peoples tax returns? If there was a
> massive switch to Mac, or Linux for home users I could see that the
> attack wave would happen but it would be slow. Once people learned how
> to change programming styles then they would just go after those.
> 

Well, I mentioned before that the most systems that carry useful data
are Linux and UNIX systems, they are also the systems that are mostly
directly on the net and therefore easiest to reach, but again no
significant viruses.
Someone then disagreed with me and said that viruses are not used to
get at data, to do that you rather haxk the box manually.

So, both of the above points of view displaces your argument.

> Windows isn't the problem, Linux isn't the problem, Mac's aren't the
> problem. The problem is the users not looking at what they're doing once
> they get online. 

No, Windows is very much the problem.  You can write a virus/trojan
for any operating system, but UNIX/Linux/BSD((Mac osX) are just so
much more difficult due to it's design.

One of the main problems are that Windows is based on DOS, which was
designed as a single-user, non-networked OS.  As Windows evolved, it
was never re-written from scratch, they just built security layers on
top of the insecure base and the security is based on additional
software running, it is not implemented in teh kernel or filesystem
itself.
So, if you can ge past all the sentries, and talk directly to the OS
then it will still allow you to do virtually everthing.
With Linux/UNIX/BSD the OS was designed as a multi-user, networked
system fromo very early on and the kernel and filesystem itself
implements certain security features, so if you get past the sentries,
and talk directly to the kernel, you still get the finger.

Also things like ActiveX on Windows helps a virus to get past the
sentries, as ActiveX will give you access to parts of other
applications.  It is not like a shared library where you only have
access to the API and the library manages the memory space for each
client.  ActiveX basically opens a door for you right into the memory
space of other applications.

The problem is design.  Because Windows is so popular and so easy to
breach, it is targeted, not only because of the user.

One of my clients have a huge technical section (about 500 people all
over the country) where most of the people use a Windows box as well
as a Sun Solaris box. These are all normal users, they are not savvy
about security or such, but they have never had any security problems
on the Sun boxes, but the Windows boxes have been down many times due
to viruses.  And the funny thing is that thier security on the UNIX
boxes are very neglected.  Root passwords of 'root' or 'r00t', Telnet
active, rsh active with .hosts files in the root home.  My Linux
laptop is much more secure than any of those Sun workstations.
The Windows boxes on the other hand gets constant security attention. 
They spend millions on all kinds of software to prevent viruses and
still they get infected.
The Blaster worm took out their Windows network for about two days, it
was only us geeks with Linux that could continue with office
automation tasks uninterrupted


-- 
Andre Truter | Software Engineer | Registered Linux user #185282
ICQ #40935899 | AIM: trusoftzaf | http://www.trusoft.za.org

~ A dinosaur is a salamander designed to Mil Spec ~