| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: dufresne at winternet.com (Ron DuFresne) Subject: Linux (in)security (Was: Re: Re: No Subject) On Wed, 22 Oct 2003, Paul Schmehl wrote: > --On Wednesday, October 22, 2003 6:00 PM -0600 Bruce Ediger > <eballen1@...st.net> wrote: > > > > The real questions go something like: > > > > "Source code for Unix viruses has been available for years, from sources > > almost too numerous to mention. Why haven't Unix viruses become epidemic > > the way that Windows viruses have?" > > > The usual argument is that Windows is more ubiquitous than Unix and is > therefore the target of choice. I would argue that the *real* reason is > that Windows is more ubiquitous as a *desktop* operating system and is > therefore the target of choice. However, that's changing. Linux is > gaining in the desktop space and so is Mac OS X, which is really "exposed" > for the first time. By that I mean that previous Mac OSes weren't as > easily attacked remotely because they used Appletalk rather than TCP/IP. > (Yes, Macophiles, I know TCP/IP was available before OS X.) > > The real key to prevalence of malware, IMNSHO, is the ease of attack *and* > the potential pool of victims. People think it's really stupid to "surf" > the Internet using an administrator account on Windows. Well what do you > think the neophyte Linux users are doing? I seriously doubt you'll find > many that have a regular account and use su or sudo to do administrative > tasks. They're bound to run in to something sooner or later that they find > irritating (like being prompted for root's password every time they try to > run up2date on RedHat) and they'll do the same thing they always do on a > desktop system. They'll start logging in as root because they don't get > "pestered" by all those warning messages and they can install software any > time they want. (Mind you, Windows still has a long way to go in that > regard. MS doesn't make it easy to run as an unprivileged user, that's for > sure.) I think the key there is the phrase "ease of attack". Combined with a poor patching stradgy on the part of the vendor who only bandaids the issues <how many outlook/IE problems have to muster in before the core issues are fixed? Hom many times must DCOM and/or RPC be attacked before the issue is fixed at the core of the problem? shatter bugs in key apps...> [SNIP] Thanks, Ron DuFresne ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything.
Powered by blists - more mailing lists