Anti Virus, now Anti Spy-ware

Steve Lamb grey at dmiyu.org
Wed Jun 18 16:25:42 UTC 2008 

On Wed, June 18, 2008 4:04 am, James Takac wrote:
> On Tue, Jun 17, 2008 at 11:57 PM, Dick Dowdell <dick.dowdell at gmail.com>
> wrote:
>> That's not necessarily true anymore.  Many kinds of malware are installed
>> by Web sites that exploit security holes in browsers.  Fortunately, they
>> are seldom targeted at Linux.  As Linux gains users, that will change

> I tend to agree. The reason why windows systems are targeted so much is that
> they are the popular ones. Those wanting to do the crimes are after s many
> potential targets as they can get. If linux was the more popular os the
> chances are it would be the target of choice

    I see this argument all the time and know what I say?  Hogwash.  It
completely ignores Linux's unix roots and the security implications that
means.  Look at one of the most talked about dialogs here; sudo.  For
this malware to get complete control of the system the user has to
actively participate in its installation.  Without that one piece the
software is relegated to a single user's login and is trivial to remove.
 This is not true for the vast majority of Windows installs.

    The alternative is to find exploits in the system.  A hard task indeed
with the exceedingly quick response times of the teams that put these
distributions together.  We're not talking about IE6 like security where
major security holes were left unpatched for years because Microsoft's
position was people could just lower their security settings...  and cut
themselves off from the majority of sites.

    Finally it ignores the widespread use of FOSS in general on the net. 
The internet runs on FOSS in spite of what Microsoft would want you to
believe.  DNS is mostly BIND, the web is mostly Apache, mail is mostly
exim/postfix/sendmail with a good chunk of Exchange installs sitting
behind the sanitation those MTAs provide.  A good portion of servers are
running on some variant of BSD or distribution of Linux.  Tons of web
pages are written in the trinity of P and the stepchild of R.  PHP,
Python, Perl and Ruby.  Anyone who has had to lock down an install of
PHPBB or had the displeasure of running their own blogging software can
tell you these FOSS, front-line web applications are tested on a daily
basis by a phalanx of malicious tools designed and wielded by the very
same people that hit Windows with such glee.

    The "Linux will be hit if it gains popularity" tripe fails to
acknowledge all of that.  It fails to acknowledge the fact there is more
than just popularity at play.  There is how easy the target is to hit. 
I'll grant that Linux may not be as popular on the desktop as Windows. 
But as I've shown that doesn't mean the 'net isn't rich with FOSS
targets, Linux being the forefront example thereof.  They get hammered. 
But they're not /easy/ to get into.  And once you're in, especially with
the /easy/ routes so common on Windows, they are pathetically trivial to
remove.  It is that reason that Windows remains a high target.  And it
is Microsoft's pathetic security process which keeps Windows that high
on the list.  It is the FOSS methodology and approach to security which
keeps it low on the "ease to pwn" list and that is a prime reason why
Linux isn't hit harder *now* in spite of its popularity.

-- 
Steve Lamb

More information about the ubuntu-users mailing list