lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: exibar at thelair.com (Exibar)
Subject: [inbox] Re: Show me the Virrii!

----- Original Message ----- 
From: "Curt Purdy" <techman@....net>
To: "'Exibar'" <exibar@...lair.com>; <John.Airey@...b.org.uk>;
<full-disclosure@...ts.netsys.com>
Sent: Wednesday, January 07, 2004 12:18 PM
Subject: RE: [inbox] Re: [Full-Disclosure] Show me the Virrii!


> Exibar wrote:
>
> > Why do you ultimately blame Windows/DOS for the virus
> > problem?  This is
> > simply not true.  Are there not SQL worms?  Was it not a SQL
> > worm that was
> > the fastest to spread in history?  Are there not many Linux worms and
> > viruses, and more being written each day?  Are there not
> > viruses and/or
> > worms that exploit Cisco products?
>
> Jeeze, you know how many pages I had to delete off the end of this thing?
> It doesn't take remembering PINE to know how to clean up your act.
>
> OK, to business.  Your points: the SQL worm exploited ONLY MS SQL.  The
> cisco worm exploited IIS that was the web interface in their DSL routers.
> Yes, there are a few Linux worms but the numbers are tiny vs. MS.  And
that
> is NOT because MS is so prevelant, although of course that is a factor as
> explained in the seminal work "Cyberinsecurity: The Cost of Monopoly".
The
> primary reason for so many MS virii is the poorly written code that has
> evolved into their current elephants of OS's.
>
> All is not lost for MS, but it will take a ground-up rewrite to solve the
> problems.  Unfortunately they seem to be taking the opposite tack of
taking
> W2K, the best OS they have come up with yet, and folded it into XP, the
> biggest pile of dog doo since 3.1 and telling customers they can't get 2K
> even if they prefer it.

  I'm in no way saying that Microsoft writes perfect code.  Nothing is
perfect.  My point is simply that if Linux was the preferred OS of millions
of people, that the number of Windows "malware" would be much much smaller
and the number of Linux "malware" would be at the same number that Windows
is currently.  It's all a matter of the VX'r getting the most bang for their
buck.
   The poorly written code only makes it easier to write a piece of malware
for a closed source program.  It's just as easy to write a piece of malware
for an open source program.  How many Apache bugs were exploited in the past
couple months?  Quite a few, I'll even bet a dime for a dollar that there
have been MORE apache exploits and/or vulns than IIS in the past 4
months....  Most bang for the buck....

  Sorry about the pages of quoted old message before guys :-)

  Exibar

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ