It's an oft-repeated maxim that one of the reasons that Windows operating systems are plagued by so many viruses, worms, and security exploits is because they are so popular. Extrapolating on this, many have remarked that if Linux, MacOS, or other OSes become more popular, they will attract the attention of virus writers. That may be true, but the increased attention will not necessarily yield the same quantity of viruses and other exploits, says a Register article. Update: Rebuttal article.
Post a Comment
There are obviously multiple factors involved in the number of known security exploits for an operating system. Arguing otherwise would be nonsense
... or is it that Windows is the least popular?
It isn't pure marketshare probelm. the first virus writer to make a mass worm for mac osX would be very well known in no time. Linux is the most hacked OS(accroading to truely independant source). Any system can be insecure if not set up right. But only on Microsoft products can, SQL slammer, Blaster, Sobig.f bring down the Internet, in hours. You can hack a linux box, but you can't use it to automatically search out another box to attack. SQL slammer was what 376 bytes long. That is smaller than this paragraph.
just normalizing the numbers by market share:
windows: 60000/90 = 667
Mac: 40/5 = 8
linux: 40/2 = 20
Windows wins hands down 
!!!
That's assuming a linear response. Like with valid software, a lot of people aren't going to spend 5% writing Mac viruses because they could use that time to infect far more machines.
in most cases, windows exploits become significant due human error / ignorance. slammer? the bug was fixed, but administrators didn't apply the patch. or, am i missing something? blaster? the bug was fixed, but end-users didn't apply the patches. or, am i, again, mistaken? software will continue to improve, and that's good. but, i feel that virusers, worms, etc. will only become less of an issue as the general computing populus becomes more educated.
The author wrote:
""When an HTML-based email shows up in my Inbox, I see only the HTML code, and a message appears at the top of the email: "This is an HTML message. For security reasons, only the raw HTML code is shown. If you trust the sender of this message then you can activate formatted HTML display for this message by clicking here.""
Just a note: Outlook 2003 does exactly the same (finally).
---
Anyway, I still believe marketshare pays a big role in this whole virus thing. Even though Linux is more secure (it obviously is) it is not immune. Programmers/virus makers etc. WILL, in the end, find ways around the root priviliges thing. BUT, *nix will have to gain more marketshare on the desktop, though, else the virus maker's work isn't worth it. As with bike locks here in Amsterdam; even the most expensive ones are easily "cracked" by our friendly local junkie community.
Anyway, I found this a rather unnews worthy article; not much new here. And kind of low to take a go at Lindows.com. I think that company has done some amazing things when it comes to Linux' desktop usabilty.
But then again, you probsbly wouldn't have expected anything else form me, now, would you? 
Writing Virii for Windows is so much easyer that writing for Linux or MacOS X. Windows is more exploitable than anything else, everyone knows that. For Mac OS X I can't speak, but the vulnerabilities in Linux are different than the ones in Windows, that is why it is harder to write viruses/works/exploits for Linux. There is not even a decent keyboard logger for Linux (LKL sux).
The main thing I believe that makes it harder to spread viruses in Linux is that its users are not dumb (as in computer illiterate). Most of them know better than to take any executable file and run it. However, once you get a bunch of Windows users in Linux (the same users who never bother to patch their systems), they'll pretty much run everything but the kitchen sink. The author says that new users will be educated not to do so, but who's going to educate them? If this method of education would work so well, why not educate them now on Windows instead of hoping that maybe one day they'll make the switch?
And also realize that most of the modern email viruses use their own SMTP engine to send themselves out and don't use the Outlook address book. So, in Linux, as long as you've got email addresses in any of the files in your /home directory and permission to access the SMTP port, the viruses will run just fine.
And who says there won't be some new mechanism to send out viruses in Linux other than email. Say, for example ... what if it were possible to do some nasty thing via Mozilla/Firebird extensions? That may or may not be possible, but it's just a thought.
afrokhan wrote:
"in most cases, windows exploits become significant due human error / ignorance. slammer? the bug was fixed, but administrators didn't apply the patch. or, am i missing something? blaster? the bug was fixed, but end-users didn't apply the patches. or, am i, again, mistaken? software will continue to improve, and that's good. but, i feel that virusers, worms, etc. will only become less of an issue as the general computing populus becomes more educated."
The above reasoning is flawed in general and flawed in specifics. Patching Windows correctly is difficult and costly and doesn't always work, which is why experienced system administrators have a difficult time patching promptly and keeping their systems operational and available.
As to slammer, the order of events was a patch to fix the vulnerability slammer exploited, a patch to fix something else that reversed the slammer patch and then the slammer virus. That had nothing to do with human error outside of MS.
Regards,
Mark Wilson
MS does have the most viri because there are so many computers, that is what makes it hit so hard everytime there is a virus, but that isn't why they write them. Its because its so easy to exploit a hole in Windows than any other operating system. Code can so easily run on Windows and corrupt files quickly. With Linux, Unix, and Mac, you have to mean the harm, you have to do the commands to run the harmful code. Only way that will happen is if some one hacks a server for apt-get and put their code in there. But then again, with the hash file that comes with it, you can tell if you are getting good code or not. Hell, if Unix was so easy to use back in the day as Windows has become, then we would all be using Unix right now. But Unix was text based, and corporate owned to the death, and hard to use for the average user, thus the reason why Windows took off. Mac held in there but didn't change their OS till 1999 and now they are gaining again on MS, but there is Linux. Unix's cousin, say this is because its text based and use some of the same libraries and programs, that has many people working to make the GUI look and feel good so people will switch, and in time, they will. Forced due to MS way of giving no choice to its followers though to their licensing and security problems. Weither they go to Linux, BSD, or Mac, is all up to how things play out in the future.
>So, in Linux, as long as you've got email addresses in any of
>the files in your /home directory and permission to access
>the SMTP port, the viruses will run just fine.
Workman,
What is going to execute the virus? It always needs a process
to do that. Its more complicated than that..
It is NOT easy to write an email virus for Linux that will
self extract, execute and run, i think its even impossible.
?Say, for example ... what if it were possible to do some
>nasty thing via Mozilla/Firebird extensions?
Please my pants gets all wet..
"So, in Linux, as long as you've got email addresses in any of the files in your /home directory and permission to access the SMTP port, the viruses will run just fine. "
By default, a user must have root priveledges to access all ports under 1024, SMTP is port 25.
Writing Virii for Windows is so much easyer that writing for Linux or MacOS X. Windows is more exploitable than anything else, everyone knows that.
Exploitability in Windows lies primarily in the enormous home market, where Windows is most likely terribly configured from a security standpoint.
A Windows machine configured with a proper security policy and user permissions is no more or less exploitable than a similar Linux system.
Were the same level of scrutiny applied to auditing Evolution that is applied to Outlook Express, I'm sure a number of buffer overflows would be found in the message parsing code, and a number of design errors which could lead to automatic execution of attachments.
Read your mail with Pine? Let's not forget this recent Pine buffer overflow: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0721
Why hasn't anyone written a mass mailing worm that exploits this Pine vulnerability? Possibly because no one cares enough... if you are going to spend time writing a mass mailing worm, why not exploit an Outlook vulnerability instead?
Also keep in mind that the same qualities of Linux which make it somewhat more resistant to viruses/worms (namely the constantly changing glibc ABI with symbol names and various structures constantly being altered) are the same qualities that bar Linux from receiving commercial application support. Application developers making Linux releases often must target them at a single distribution (which is almost always RedHat)
"So, in Linux, as long as you've got email addresses in any of the files in your /home directory and permission to access the SMTP port, the viruses will run just fine. "
By default, a user must have root priveledges to access all ports under 1024, SMTP is port 25.
It should be clear that WorknMan is referring to the ability to the ability to make outgoing TCP connections on port 25 in order to create a mass mailer worm, which is something any user on the system can do.
The author is rather off base on his direction.
First of, yes the main reason windows is most effected is marketshare, but it's not just because of market share. It's a compounding effect.
For starters, yes it's much easier to get a virus going in windows, part of the reason is people can build upon previous knowlegde. If MS released a completely new OS, the kind of change that would be like Apple shift from 0s9 to osx then most viruses would be stopped cold overnight. It would take a long time to rediscover all the common ways to get people.
The author goes off on how the way people use the computer makes a big differance, talking about email attachements. Yes the windows way is less secure. But people like the way it is. People don't want to have things like linux does it.
People say if linux got the same market share as windows it would get virus's just the same. This is very much true, and it's not do to linear growth that can be seen by scaling the numbers to such a market share. As some have shown linux wouldn't have the same number of virus. But in reality thats not the whole truth, since for one to even think of how linux would be at 90% market share, you have to think of how it will get there. As it current is, it's not going to get there. For linux to get to that kind of growth, it would have ot make many changes to be a way people would want it. And once that is done much the same issues would arrise. At some point there will be an email client that lets you click on an attachement in linux and it runs it. Person is happy now, and now the same flaw is in linux. This idea can now be carried through the OS. If linux doesn't make changes to be what people want then it's not going to grow, and then everything simple isn't going to matter. It will remain a "secure" OS with no market share. For it to be windows killer it will end up having the same flaws.
Now granted windows does have some simply boneheaded flaws at times. And for the most part MS does a good job fixing them.
Linux's biggest security flaw is thinking it's so secure. That will change in time. With all the effort going into linux to get it to do more things and do more for people, and so forth it will attract more flaws. The more complex you make something the more the odds for them go up, exponentialy.
Linux can remain more like openbsd, but then it's not going to be in the same market as windows. Once you make Linux a true alternative to windows, most all the same problems will be in it to.
>It should be clear that WorknMan is referring to the ability
>to the ability to make outgoing TCP connections on port 25 in
>order to create a mass mailer worm, which is something any
>user on the system can do.
It should be clear that this statement is absolutly nonsens.
the author also goes on about how windows defaults the user to admin. He says it's mind boggling as to why they do that. It's not. It's simple. People want it that way. People don't want to be loging into their computer, or feel like one of many users. They want to have it be just their computer, turn it on and it's there. For home use and being used by one person, the multi-user / admin idea sucks. This is one of the things that bugs people about linux, what fans think of as a great thing is a turn off. I think some distro's have changed things to be more windows like.
Not that such a setup isn't usefull, but for most people they just have the computer to themselves, so such a system is pointless. Even in a family environment few care to use such a setup.
However, Popularity == Exploitability.
The classic "network effect" comes in to play here.
Simple example is the first Internet worm. It can be argued that all Unixen running from similar sources suffered the same exploitability that the worm used, but since it was something that was machine specific, no machines other than Sun machines (I believe) were directly affected.
Also, popularity affects the ability to spread, particularly if it's just randomly spawning attacks. If 90% of the machines I ping happen to be Windows boxes, then a Windows virus has a 90% of being able to start propagating right out of the box.
Next, high popularity means high availability to the authors, as well as a large knowledgebase to work from. I'm sure some crafty hacker can come up with something vile that affects TCP/IP enabled C64s, but it also requires, if nothing else, that the author has access to that system in order to create the exploit. Since I haven't seen anyone argue that these virii and worms are State sanctioned, that means the authors are essentially "hobbyists", and will use the system at hand.
Finally, since again these aren't necessarily directed attacks from one entity to another, the motivation seems simply to be notoriety. Mad Hackers will get more out of something that had wide range affect rather than something more restricted.
None of these arguments address the exploitablity of a system. If everyone was running a very secure system, there would still be motivation and means for someone to find an exploit. For example, how vulnerable is, say, BeOS? I don't know, and it really doesn't matter because it's so obscure.
The biggest problem, of course, is that through a long history, the most popular system also happens to be extremely vulnerable. That plus historically, folks have not had to consider security as a primary element of their computing experience.
For example, many packages on Win2K require "root" to simply install, and in one case, Warcraft III, I could not even run the game unless I was Administrator. So to lower the entire Pain In The A$$ factor of the computing experience, it is easier to simply log in as Admin and stay there.
On my old NeXTStation, it was easy to NOT have to log in as root, so I never did. If a consumer oriented program needed root (few did anyway), it asked for the PW at install, installed as root, and plopped me back into my user login. Win2K has something sorta kinda like that, but it doesn't work well, and software makers don't seem to test with it.
I'm sure I'm not the only one out there running my Win2K in Admin mode 24 hours a day, ripe for the picking if not for other measures.
These bad habits, both from users and coders, along with zillions of lines of historical code written in more trusting times come together to form a ripe target for those motivated to infiltrate and cause havoc.
Not to bash MS at all, but its products are less secure by design. With a little effort, one can beef up the security on one a Windows box... the problem is, most Windows users don't really know how to (or even care to, for that matter)...
(Just one example, but a good one...) Defaults like automatic logon for on a user with Admin rights... that's just asking for a system to be compromised.
Don't get me wrong... some linux distros (Lindows) do that default user = ROOT behavior as well... but many others have people setting up user accounts and emphasize not logging in as root unless absolutely necessesary (su).
If someone with access to every critical component/process/etc. is logged in....and a vulnerability on their system is compromised.... they're pretty much SOL.
On my old NeXTStation, it was easy to NOT have to log in as root, so I never did. If a consumer oriented program needed root (few did anyway), it asked for the PW at install, installed as root, and plopped me back into my user login. Win2K has something sorta kinda like that, but it doesn't work well, and software makers don't seem to test with it.
Can you give an exaple of when the Windows privilege elevation didn't "work well" or a specific piece of software you were unable to install or use with it?
(the question then becomes does said softare exist outside of Windows...)
"By default, a user must have root priveledges to access all ports under 1024, SMTP is port 25."
As well by default every user can send email by default, which I believe was the point. It is extremely easy to send mass emails from the command line, on Linux anyway.
That said, something would still have to execute the process. Lets not forget the fiasco with the disguised mp3 that deleted the files from the persons home directory. "Playing" that mp3 executed the code. Could be done for email as well, but again it would only effect the single user, not the whole machine.
okay i use three Oses at home, SuSE Linux 8.1 Pro, WindowsXP, & Redhat 6.0, okay the linux distros maybe slightly out of date but they do their job, now, linux is more secure than windows because of its inherited chmodding system that it inherited from UNIX, this is linux's main strength compared to windows all have execution rights system, also someone mentioned about how can u run an executable without running it ur self, ever heard of the registry, Windows has one, linux has one, just needs the install program to enter one line entry into the registry and then that program can run on startup doing all the damage it wants to, no system is fool proof, and as market share increases so does no of viruses writen for it, look at some hobbyOs's no viruses what so ever y? because they have no market share, it isnt just market share but it plays a huge role in it
Bascule wrote:
"Exploitability in Windows lies primarily in the enormous home market, where Windows is most likely terribly configured from a security standpoint."
The above is an assertion contrary to reported facts. For example: SQLSlammer, U.S. Department of State, almost every corporate network using Windows at least once in the past year.
"A Windows machine configured with a proper security policy and user permissions is no more or less exploitable than a similar Linux system."
The above assertion is contrary to all reported evidence and does not present any evidence in support.
"Were the same level of scrutiny applied to auditing Evolution that is applied to Outlook Express, I'm sure a number of buffer overflows would be found in the message parsing code, and a number of design errors which could lead to automatic execution of attachments."
It is incorrect to assume that the scrutiny level of Evolution code is less than that of Outlook code, or vice versa. After all, the only people looking at Outlook code are those working for MS.
"Read your mail with Pine? [snip] Why hasn't anyone written a mass mailing worm that exploits this Pine vulnerability? Possibly because no one cares enough... "
Possibly because it's already been fixed.
http://rhn.redhat.com/errata/RHSA-2003-273.html
Open source means that people at more than one company can analyze source code, test for vulnerabilities and fix them before they are exploited.
Regards,
Mark Wilson
"Exploitability in Windows lies primarily in the enormous home market, where Windows is most likely terribly configured from a security standpoint."
The above is an assertion contrary to reported facts. For example: SQLSlammer, U.S. Department of State, almost every corporate network using Windows at least once in the past year.
No, the above assertion is certainly correct, even if your interpretation of it is not. Compare the number of hosts infected by the Slammer worm to the number of home users compromised by other worms such as MSBlast and Welchia, neither of which are problems if DCOM has been disabled, but of course no home users are likely to have done that.
"A Windows machine configured with a proper security policy and user permissions is no more or less exploitable than a similar Linux system."
The above assertion is contrary to all reported evidence and does not present any evidence in support.
Please name a critical security feature that is present in the mainline Linux kernel which Windows is lacking.
It is incorrect to assume that the scrutiny level of Evolution code is less than that of Outlook code, or vice versa. After all, the only people looking at Outlook code are those working for MS.
It's not necessary to have access to the source in order to scruitinze a program for security vulnerabilities. The majority of IIS vulnerabilities have been discovered by eEye, who does not have access to the IIS source code.
"Read your mail with Pine? [snip] Why hasn't anyone written a mass mailing worm that exploits this Pine vulnerability? Possibly because no one cares enough... "
Possibly because it's already been fixed.
http://rhn.redhat.com/errata/RHSA-2003-273.html
Open source means that people at more than one company can analyze source code, test for vulnerabilities and fix them before they are exploited.
I can't believe the foolishness of this comment... the fact that a version of Pine which isn't affected by this security vulnerability exist means... that thousands of systems with a vulnerable copy of Pine installed are no longer vulnerable?
Patches were available for the vulnerabilities exploited by the Slammer worm, Welchia and MSBlast, Code Red, Nimda, etc. before any of these worms were in the wild. Yet these worms managed to propagate, but by your total lack of logic this simply shouldn't be, should it?
I think if Windows was less popular, there'd be far fewer viruses, but that's not to say that if the others were more popular, they'd have more.
Can you give an exaple of when the Windows privilege elevation didn't "work well" or a specific piece of software you were unable to install or use with it?
(the question then becomes does said softare exist outside of Windows...)
Pretty much no game will run without being admin on windows (BF1942 popular example if memory serves which often it doesn't). No it doesn't really run on linux but that isn't the point. Why shouldn't the developers of the software make their programs run as a regular user?
People make many claims with regards to viruses on different OS's, and it's interesting that open source software is usually lumped together as a "Linux" problem. For example, if someone breaks into a Linux server through a hole in SSH or a default password of some software they are using, is this really a Linux problem?
What no one has done (at least, none that I have read) is a comparison of Microsoft products, and how they compare to open source products, and the resulting impact. For example, just because a report says that Linux is the most attacked doesn't mean it's the OS at fault. The same goes for Windows. Most of the time, it's not the underlying OS that is the problem, but rather, the applications that are run on top of it.
So when you look at the number of potential security holes on "Linux," would it be fair to compare it with the potential security holes in products that run on Windows?
What I mean is just because something runs on an OS doesn't make the OS a vulnerable. If the applications is broken, the applications is broken. But most reports tally up the number of holes in various software that can run on Linux or BSD, and compare it to Microsoft products only.
If a report counts the number of holes in, let's say, sendmail, and qmail, and various other MTA's, will it also count the number of holes in various Microsoft software and total them up?
I remember one report about a year ago (can't remember the link, sorry), and they were tallying up the results on various open source OSs. When the numbers were finished, the report made it look as though Microsoft was more secure. But when you actually looked at the numbers, they were counting and totaling all popular MTA's bugs, as well as various other software of the same type, and using all those numbers against the Microsoft numbers.
Anyways, I really went off topic here. The point, I guess, is that you need to look at a platform, and the products, and entities. Linux v.s. Mircosoft bug count wars are useless. Comparing direct products to other products is what really matters. Apache v.s. IIS, and not just the number of virii/bugs/holes/etc. The response time is also important, as well as the impact. And the ability to solve the problems yourself, if need be.
my 2cents
Can you give an exaple of when the Windows privilege elevation didn't "work well" or a specific piece of software you were unable to install or use with it?
(the question then becomes does said softare exist outside of Windows...)
I don't recall the product. Among the assorted products, I've had some that simply say "Must be admin to install" and abort, and I had one that asked me for the Admin password, but the install failed.
As I also mentioned, WCIII simply wouldn't run as a normal user, I had to be Admin to just play it, and not just install it.
I also found that there were problems installing on a system that had a "default login", particuarly if it was different from Admin. Originally I had our home machine configured to log in automatically at boot as a regular user. But, I disabled that after having problems when I logged in as Admin and installed something that wanted a reboot. Very nasty.
All of it was pretty specific Windows software. Maybe there are comparable Mac versions, I haven't looked.
I think that a lot of developers migrating off of the W95/98 model towards the 2K/XP model simply don't take the multi-user concept into consideration, particularly with home users. So, they don't test all of the myriad ways someone may want to try and install something.
Certainly, the installer companies and/or Microsoft have considered the problem as witnessed by the security elevation concept. But the fact that I had to run a game as Admin tells me the problem is still pretty entrenched.
Mind, I have no problem with something akin to a root owned X server, while logged in as someone else, because that path CAN be better secured and audited compared to just having blatant root/admin powers for everything from Word to Warcraft to Notepad.
I assume that root runs the X Server on my Sun Ultra 10, I've never looked and it never crossed my mind that it's an issue.
On a single user machine, I think that Windows (or even Unixen here) can use an ACL trick (or simply changing the owner) to open up /dev/video to the logged in user as part of the login process. Thus making this nominally root owned system device (the display) usable by the logged in user vs just making it, essentially, world writable/readable.
I found the article rather well written and argued.
That said, I wonder whether my Windows 2000 system is
any less secure than my Linux systems.
As a home user, I tend to shut down non-essential
services. I regularly restrict what programs I allow
to start at boot. I scan regularly for viruses and
spyware. I use a firewall that allows program by
program access to the LAN and the Internet (Internet
Explorer gets no permission to do anything).
The author makes the valid point that one cannot just
launch an attachment or download. On a Windows
machine, I might get a brain freeze, but my firewall
should catch what is launching, if it tries to call
out. Indeed, that's a feature I miss on Linux, a
firewall that monitors the programs that call out,
and that can detect any changes that occur.
The flip side, is that such security in Windows is
more work. With Linux I save time. Even with dual
boot systems, people must run Linux to check their
e-mail.
yep, a new Microsoft worm-o-the-day!
Somehow I don't think exploits like this would be as easy to exploit and write worms for on Linux.
http://www.divisiontwo.com/articles/usblastworm.htm
Both Windows and Linux are insecure by design. Both are made with the assumption that people in charge of security are perfect. I can't understand why people are so incredibly stupid that they don't realize that security primarily based on ACLs won't work as long as people are infallible. It's not as if people haven't tried that approach, and failed constantly.
So what's the solution then? Well, capability-based security, of course. It works, it works well and the switch could even be made gradually. There is no catch. Only mass ignorance is keeping systems in their current insecure state.
>>capability-based security
Care to define your buzzword?
> >>capability-based security
>
> Care to define your buzzword?
Google is your friend.
The first hit is an introduction to the subject:
http://www.skyhunter.com/marcs/capabilityIntro/
I also recommend reading "Capability Myths Demolished" available e.g. at http://zesty.ca/capmyths/
> ACLs won't work as long as people are infallible
Oops! It should, of course, say "ACLs won't work as long as people are NOT infallible"
I think that Windows being so open to virii is also a motive. White hats want to highlight problems that are blatantly obvious to all but the ignorant while black hats want to wreak havoc on the net and see Windows as an excellent vehicle.
Seems most posters are not even acknowledging the truth of the article. That even if Linux and Mac OS X were targeted as much as Windows, viruses would have less success spreading among the machines. I think the article did a good job of explaining why that would be true.
There was the one Windows user though, who admitted it was true but said that was how he wanted it; because security would just get in the user's way. It would be too inconvenient to have to think about what program you were allowing to run unchecked on your computer. Just click and see what happens. Or don't even click, just allow all processes to run; that's the way Windows users want it!
And that's fine for him. People can allow whatever access they want to thier home computers. Personal preference and all that. It just strikes me as irresponsible to use the same system on the world's servers, where it impacts all of us.
Bascule wrote:
"Compare the number of hosts infected by the Slammer worm to the number of home users compromised by other worms such as MSBlast and Welchia, neither of which are problems if DCOM has been disabled, but of course no home users are likely to have done that."
You don't have anything to back up your arguments.
Now you're talking about the number of hosts vs. home users. Slammer disabled ATM machine networks, among other pernicious effects. Welchia is what hit the U.S. State Dept. And yes, MS does ship their product with security features turned off.
B: "Please name a critical security feature that is present in the mainline Linux kernel which Windows is lacking."
So you've acknowledged that you don't have any evidence to support your argument. I refer you to the article for a comparison of Windows and Linux security features. For example, from the article:
Article: "Even if the OS has been set up correctly, with an Administrator account and a non-privileged user account, things are still not copasetic. On a Windows system, programs installed by a non-Administrative user can still add DLLs and other system files that can be run at a level of permission that damages the system itself."
B: "It's not necessary to have access to the source in order to scruitinze a program for security vulnerabilities. The majority of IIS vulnerabilities have been discovered by eEye, who does not have access to the IIS source code."
It's better to have access to the source code than not. Your example proves my point that having more than one company's employees looking at source code makes it easier to find vulnerabilities before an exploit is developed. It's harder to find vulnerabilities before they are exploited if you don't have access to the source.
"I can't believe the foolishness of this comment... the fact that a version of Pine which isn't affected by this security vulnerability exist means... that thousands of systems with a vulnerable copy of Pine installed are no longer vulnerable?"
I can't believe the foolishness of your comment. You seem to like to create "straw man" arguments by misconstruing what my words said and then argue against that (without facts). If a program has a security flaw, discovered by whatever means, then it should be fixed. No one, least of all me, has ever argued that a particular piece of software is definitely 100% secure now. Stating this truth does not, however, lead to the conclusion that security is impossible and that all OSs are equally vulnerable. But I think you know that already because I doubt that your persistence in advancing silly arguments is based on your being stupid.
"Patches were available for the vulnerabilities exploited by the Slammer worm, Welchia and MSBlast, Code Red, Nimda, etc. before any of these worms were in the wild. Yet these worms managed to propagate, but by your total lack of logic this simply shouldn't be, should it?"
Thank you for the recitation of several of the more costly MS viruses and worms. As has been widely reported, including today, MS patches frequently reopen old security holes and create new ones; MS patches are difficult to install, particularly over a network; MS patches have a history of crashing systems (until the 1.1 release of the patch); etc. Even MS has admitted that their patching approach doesn't work.
Regards,
Mark Wilson
Not to bash MS at all, but its products are less secure by design.
Name some *design* features present in other OSes that are lacking Windows. Please remember the difference between *design* and *implementation*.
I can certainly name several *design* features of (most) unix-like OSes that make it less secure than Windows. I can only think of one where unix-like OSes are clearly superior.
With a little effort, one can beef up the security on one a Windows box... the problem is, most Windows users don't really know how to (or even care to, for that matter)...
Which is basically the point the article is trying to deny.
(Just one example, but a good one...) Defaults like automatic logon for on a user with Admin rights... that's just asking for a system to be compromised.
Actually that's a pretty poor example. The only environments where the default auto-login is left enabled will be ones where the people are implicitly trusted - home users and small offices.
I don't know how many people break into your house to install and propogate viruses from your computer, but it hasn't happened to me yet.
Windows platforms have more viruses because
a) it's a more inviting target
b) users are generally less technically able
c) machines are generally being used in less secure environments.
These are all directly related to popularity. The only times this entire article isn't giving ways Linux is less capable and using them to say it is more secure are the times it's actually contradicting itself and admitting Windows' popularity is the main reason it's more vulnerable.
Not to mention the simple factual errors:
"None of the Unix or Linux viruses became widespread - most were confined to the laboratory."
Yes, the Morris Worm wasn't widespread at all, was it ?
"Let's look further at social engineering. Windows software is either executable or not, depending on the file extension. So if a file ends with ".exe" or ".scr", it can be run as a program [...]."
Things like .scr files aren't actually executables in the same sense as .exe files. They are simply automatically passed on to appropriate handlers when "launched" from the shell. Disassociate the handler from the file extension or change the file extension and the vulnerability disappears.
An identical process happens under most other decent GUIs as well and is equally vulnerable.
"Further, due to the strong separation between normal users and the privileged root user, our Linux user would have to be running as root to really do any damage to the system. He could damage his /home directory, but that's about it."
Whilst not factually incorrect, the underlying point is largely moot. Yes, a regular user can only damage their own files, however, this is being somewhat ignorant of the fact that on the typical system the user's files are the only ones they really care about. Not having any of your OS files touched while a virus merrily wipes out 30 gigs of MP3s and the thesis you've just spent 11 months writing is, at best, a pyrric victory.
Not to mention root access isn't necessary to do things like scan the user's home directory for email addresses, send out mass emails and do most other things Windows worms do.
This whole attitude Linux zealots have about how acquiring root privileges is somehow difficult and thus overall vulnerability is somehow greatly reduced is just a wank. Firstly, acquiring root privileges on and end-user system would not be hard. Secondly, they aren't really necessary to wreak the same levels of havoc current Windows worms do.
"Unfortunately, running as root (or Administrator) is common in the Windows world.
[...] with the power to do anything he wants to the computer."
Administrator != root. Acquiring root privileges exposes a system much more than acquiring Administrator privileges. An Administrator *can't* do "anything he wants to the computer", a root user *can*.
"[...] let's examine software design for reasons why Linux (and Mac OS X) is better designed than Microsoft when it comes to email security. Microsoft continually links together its software, often not for technical reasons, but instead for marketing or business development reasons (see the previous link for corroboration). For instance, Outlook Express and Outlook both use the consistently-buggy Internet Explorer to view HTML-based emails."
Using the system's HTML engine to render HTML in other applications *is* good design. It's a textbook example of modularity and code reuse which, last time I checked, were considered good software engineering practices.
"Finally, if there is an attachment, it does not automatically run ... ever."
I'm not aware of any version of Outlook that has defaulted to automatically running attachments by design. They've always required either an exploited coding bug or user interaction - both of which are equally possible on other platforms.
Very good response. I agree with you on all terms.
Google is your friend.
The first hit is an introduction to the subject:
http://www.skyhunter.com/marcs/capabilityIntro/
Translation: dynamic ACLs.
This approach wouldn't work as it suffers from the big problem of dialog-box-overload. After about the first half-dozen annoying boxes that pop up during the simple process of sending an email, an end-user is either going to a) disable the system or b) simply start hitting "OK" as a matter of course without even readin the message. Indeed, were such a system to be implemented in Windows, I'd predict utilities available to automatically hit "OK" every time would be available within a week and be immensely popular.
And that's only on the desktop side. On the server side it'd be even less practical as the admin either has to sit there approving every operation or pre-define a set of allowable activities (thus removing the only advantage the system has - being dynamic).
Then there's the whole problem of deciding at which point to prompt for each capability. Is simply reading the disk suspicious ? How about writing to it ? Should any outgoing network connection require authorisation ? Is every file deletion going to require answering a half-dozen dialog boxes ? How about over a network share ?
Choice quote:
"Next, Melissa would have to ask you, "Can I have a direct connection to the Internet?" At this point only the most naive user would fail to realize that this email message, no matter how strong the claim that it came from a friend, is up to no good purpose. You would say "No!"
And that would be the end of all such viruses. No fuss, no muss. They would never rate a mention in the news."
The person who wrote this has either never dealt with end users, or is one of the most optimistic and idealistic individuals on the planet. I mean, do they seriously expect peope who can't set the clock on their VCR to even know what a "direct connect to the internet" even *is* ?
I also recommend reading "Capability Myths Demolished" available e.g. at http://zesty.ca/capmyths/
A quick read indicates that this document might address the myths listed and possibly even demolish them, but it doesn't address the problems that would be encountered in actual implementation.
Things like .scr files aren't actually executables in the same sense as .exe files. They are simply automatically passed on to appropriate handlers when "launched" from the shell.
Which, when you're a virus, amounts to pretty much the same thing.
Disassociate the handler from the file extension or change the file extension and the vulnerability disappears.
So you have to hack your system to make it more secure? Gee, that's one hell of a security model for Joe Sixpack and Grandma!
Meanwhile, in Linux (KMail at least), downloaded files cannot be executed straight from the mailer. The user has to make them executable first. Did you read the article?
An identical process happens under most other decent GUIs as well and is equally vulnerable.
Then again, there are a couple of decent GUIs, such as Gnome and KDE on *nix, where this process does not happen. Therefore, according to what you're saying, they are less vulnerable.
"Further, due to the strong separation between normal users and the privileged root user, our Linux user would have to be running as root to really do any damage to the system. He could damage his /home directory, but that's about it."
Whilst not factually incorrect, the underlying point is largely moot. Yes, a regular user can only damage their own files, however, this is being somewhat ignorant of the fact that on the typical system the user's files are the only ones they really care about. Not having any of your OS files touched while a virus merrily wipes out 30 gigs of MP3s and the thesis you've just spent 11 months writing is, at best, a pyrric victory.
Well one should expect that people who have important data on their hard drives keep CD-ROM backup of the most valuable stuff. I also regularly make backup of my files and settings in case my PC gets stolen.
The problem with the new wave of viruses is not so much losing one's files, though. In fact, what's the fun in destroying people's data - you won't even know about it. The main idea behind the nastier viruses of the last few years is to either turn Windows machines into DDoS zombies, or to slow down servers with self-replicating worms. Both of these endeavours - which are the real computer virus threats of the early 21st century, not losing your mp3s - usually require root or Administrative rights.
Administrator != root. Acquiring root privileges exposes a system much more than acquiring Administrator privileges. An Administrator *can't* do "anything he wants to the computer", a root user *can*.
Simply put, BS. Being an Administrator on a Windows system is practically the same as being root on a *nix system. Tell me what you can't do as an Administrator in Windows (well, except recompile your kernel, or course) that you can as root. Real important stuff, you know, something that would actually make your point relevant.
Using the system's HTML engine to render HTML in other applications *is* good design.
The problem is when the HTML engine has one of the worst security record and has been tightly integrated in the OS in order to shut out rival HTML engines. Or perhaps you weren't around when the whole Netscape/MS trial thing was going on?
Seems most posters are not even acknowledging the truth of the article. That even if Linux and Mac OS X were targeted as much as Windows, viruses would have less success spreading among the machines. I think the article did a good job of explaining why that would be true.
No, it didn't. Apart from the parts where it was agreeing that Windows' popularity is one of the main reasons it is so vulnerable (see "monoculture" comments), it was mainly listing ways in which Linux was less capable and hand-waving about how "not being root" would stop worms spreading and dramatically limit local system damage, which is just plain false.
Apart from the parts where it was agreeing that Windows' popularity is one of the main reasons it is so vulnerable (see "monoculture" comments),
Actually that is incorrect. The author does not blame Windows vulnerability on the fact that it's a monoculture. He's saying that viruses can do a lot more damage in a monoculure. There's quite a difference here - your interpretation of what the author is really saying is erroneous.
it was mainly listing ways in which Linux was less capable and hand-waving about how "not being root" would stop worms spreading and dramatically limit local system damage, which is just plain false.
"Not being root" does limit the spreading worm, but it doesn't help local system damage, as in a user's file. That still doesn't contradict the fact that "not being root" is safer: it prevents situation A and doesn't affect situation B either way, which is safer than not having an effection on either situation.
So in fact it appears that the author - who incidentally is a computer security specialist - is right on both these counts, and you aren't. Sorry.
The OSS response to this issue (we don't get viruses therefore we must be secure) always reminds me of a Simpsons episode where Lisa taunts Homer with a rock. It goes something like this.
Lisa: That's specious reasoning Dad, It's like saying this rock keeps away tigers.
Homer: Really? How does it work?
Lisa: It doesn't! It's just a stupid rock! But do you see any tigers around here?
Homer: Lisa, I want to buy your rock!
http://www.macdailynews.com/comments.php?id=P1804_0_1_0_C
- "Administrator accounts in Windows (and therefore viruses that exploit it) have access to all areas of the operating system. In Mac OS X, even an administrator canít touch the files that drive the operating system itself. A Mac OS X virus (if there were such a thing) could theoretically wipe out all of your files, but wouldnít be able to access anyone else's stuff -- and couldn't touch the operating system itself."
"If a consumer oriented program needed root (few did anyway), it asked for the PW at install, installed as root, and plopped me back into my user login. Win2K has something sorta kinda like that, but it doesn't work well, and software makers don't seem to test with it.
I'm sure I'm not the only one out there running my Win2K in Admin mode 24 hours a day, ripe for the picking if not for other measures. "
YES!! Every student here (I'm the Admin at the Linden Hall School in Lititz, PA, USA), has to run our lab machines as an administrator for this very reason. So many of the programs we use will not operate properly unless you are a local administrator of the machine. This of course sucks because it really opens these machines up to all sorts of garbageware over time, but there's simply nothing to be done for it.
You would think that after all this time that software vendors would be more careful, but this is simply not the case. If we could get our users running as simply 'Power Users' or just regular old 'Users' that would be super, but so many educational titles are just progammed poorly.
Which, when you're a virus, amounts to pretty much the same thing.
No, it doesn't. Malicious executable code just needs to be executed to cause damage (eg: it contains system calls to delete hard disk partitions). Something like a .scr file has to get itself "run" by something that has to know which handler to pass it on to. Even then, it has to be passed to an exploitable handler to do damage (eg: must be run by explorer, explorer must have .scr file associated with something, the associated app must be vulnerable to an exploit and *then* the system calls to delete hard disk partitions are run).
So you have to hack your system to make it more secure?
No, you have to configure it to be secure, just like you do with any other platform.
Meanwhile, in Linux (KMail at least), downloaded files cannot be executed straight from the mailer.
Funny, my default kMail install launches things like PDFs and jpegs into an appropriate viewer after giving an "are you sure" prompt. Seems to me it's using exactly the same process as Windows and hence is vulnerable to the same sort of attach. Mail.app on OS X also behaves like this IIRC.
The user has to make them executable first. Did you read the article?
Yes. The process described for launching an attachment is identical to using Outlook in Windows.
Then again, there are a couple of decent GUIs, such as Gnome and KDE on *nix, where this process does not happen. Therefore, according to what you're saying, they are less vulnerable.
Yes, it does. If I double click a .pdf or jpeg in GNOME or KDE, they hand the file off the an associated handler in the same way Windows does. As does Finder in OS X.
Well one should expect that people who have important data on their hard drives keep CD-ROM backup of the most valuable stuff.
One would. Of course, they don't and with a multitude of Linux zealots running around preaching how Linux's superior security will stop viruses from erasing files, they wouldn't be likely to suddenly start, either.
The main idea behind the nastier viruses of the last few years is to either turn Windows machines into DDoS zombies, or to slow down servers with self-replicating worms. Both of these endeavours - which are the real computer virus threats of the early 21st century, not losing your mp3s - usually require root or Administrative rights.
Please detail why root privileges are necessary to attain either of these goals on the average system.
Simply put, BS. Being an Administrator on a Windows system is practically the same as being root on a *nix system. Tell me what you can't do as an Administrator in Windows (well, except recompile your kernel, or course) that you can as root. Real important stuff, you know, something that would actually make your point relevant.
Kill any processes on the system. Delete open files. Modify files where Administrator has not been given write or delete access. Basically all the stuff one could do to a system that Administrator can't - root has no restrictions at all on the typical unix box.
Of course, these aren't really all that applicable to the attacks you feel are important (although they are important). Why don't you list the things a normal user can't do but root can to allow DoS attacks (local and remote).
The problem is when the HTML engine has one of the worst security record and has been tightly integrated in the OS in order to shut out rival HTML engines.
You'll need to describe what you mean by "tightly integrated" (as opposed to "loosely integrated" ?) and how that somehow makes it different to any other widely used OS component - like, say, libc.
Or perhaps you weren't around when the whole Netscape/MS trial thing was going on?
I was. It was a crock then and remains a crock now. Netscape screwed themselves by promising much and delivering nothing. Microsoft's development of a system-level HTML component may well have aided in this process, but was hardly the only - or even major - cause. The development of such a component - and similar ones hence - would have been inevitable once the ubiquity of HTML was established and customers demanded it.
I also find it entertaining how no-one is lambasting Apple for "integrating" a HTML engine. Presumably since they're already a monopoly, it's ok.
Actually that is incorrect. The author does not blame Windows vulnerability on the fact that it's a monoculture.</I.
Windows is more vulnerable because it is more common (more targets, higher probability target is vulnerable).
Windows is more vulnerable because it exposes greater functionality.
Windows worms and viruses cause more damage because it is common.
Windows worms and viruses can spread more quickly because it is common.
The author's comments on "monoculture" are a tacit admission commanility is a fundamental aspect.
[i]He's saying that viruses can do a lot more damage in a monoculure.
Yet his primary thesis is that OS popularity is independent of damage that can be wrought. Basically, he's trying to say if Linux or OS X were in the same position Windows is, the same problems would not plague it.
"Not being root" does limit the spreading worm,
How, from a practical perspective, does lack of root access limit a worm's ability to spread from the typical machine ?
That still doesn't contradict the fact that "not being root" is safer: it prevents situation A and doesn't affect situation B either way, which is safer than not having an effection on either situation.
Without knowing what your situations A and B are it's kind of hard to comment.
So in fact it appears that the author - who incidentally is a computer security specialist - is right on both these counts, and you aren't. Sorry.
The author may be a "Security Consultant", but that article is nothing more than anti-Windows FUD, hand-waving, misleading statements and incorrect conclusions - with a few subtle factual errors thrown in for good measure.
In short, it's a troll.
Ack, repost with decent formatting.
Actually that is incorrect. The author does not blame Windows vulnerability on the fact that it's a monoculture..
Windows is more vulnerable because it is more common (more targets, higher probability target is vulnerable).
Windows is more vulnerable because it exposes greater functionality.
Windows worms and viruses cause more damage because it is common.
Windows worms and viruses can spread more quickly because it is common.
The author's comments on "monoculture" are a tacit admission commanility is a fundamental aspect.
He's saying that viruses can do a lot more damage in a monoculure.
Yet his primary thesis is that OS popularity is independent of damage that can be wrought. Basically, he's trying to say if Linux or OS X were in the same position Windows is, the same problems would not plague it.
"Not being root" does limit the spreading worm, [...]
How, from a practical perspective, does lack of root access limit a worm's ability to spread from the typical machine ?
That still doesn't contradict the fact that "not being root" is safer: it prevents situation A and doesn't affect situation B either way, which is safer than not having an effection on either situation.
Without knowing what your situations A and B are it's kind of hard to comment.
So in fact it appears that the author - who incidentally is a computer security specialist - is right on both these counts, and you aren't. Sorry.
The author may be a "Security Consultant", but that article is nothing more than anti-Windows FUD, hand-waving, misleading statements and incorrect conclusions - with a few subtle factual errors thrown in for good measure.
In short, it's a troll.
> Kill any processes on the system.
Grab PSKill from winternals.com, run it as administrator and it will allow you to stop pretty much any process in its tracks. Just becase Task Manager has a few safety mechanisms that watch what you're trying to kill doesn't mean the sys itself won't let you. The API does not care.
> Modify files where Administrator has not been given write or delete access.
Actually if you go into properties of said file/dir and pick the nice little take ownership options in Security you can do whatever the hell you want. And yes Administrator can do this. A few simple API calls and you've pretty much taken care of that issue.
"The user has to make them executable first. Did you read the article?
Yes. The process described for launching an attachment is identical to using Outlook in Windows."
Can you please explain how as you response looks like a semantic argument i.e. launching as opposed to executing.
In Windows (particularily in 9.x series) you execute a program because it has file extension of .EXE/.BAT/.CMD etc. In the *nix environoment, as you know, you have to copy it to the file system first, chmod and then run it. I don't see how they are the same although Outlook has now had that "feature" switched off.
"Funny, my default kMail install launches things like PDFs and jpegs into an appropriate viewer after giving an "are you sure" prompt." - have PDF's/Jpegs become executable or does your Kmail allow you to run binaries too?
"I can certainly name several *design* features of (most) unix-like OSes that make it less secure than Windows." - can you please name these "design" features, i'd like to make sure they don't affect me.
RE: Youlle - can you tell me where the registry is in your Linux implementations - are you talking the Gnome situation?
Can you please explain how as you response looks like a semantic argument i.e. launching as opposed to executing.
I was commenting on the general "launching attachments" issue. The processes for non-executable attachments are the same.
Actual executable files are a specific example where Outlook & co. have greater functionality. The user still has to specifically authorise running the executable (in a dialog that defaults to "Save"). Some people might consider this a weakness, but I don't - I *like* having the option to run an executable without fiddling around with file permissions first.
Additionally, the difference between having to run a commandline tool and selecting an option in a dialog is largely semantic when talking about end users. If people are dumb enough to open things like "Anna nude", they're definitely silly enough to run "chmod a+x anna_nude" when an email tells them to.
The biggest security vulnerability - as is grudgingly admitted in the article - is social engineering. All current OSes have sufficient levels of programmatic security to provide a practically equivalent level of protection to the average end user. The problem is as soon as you start enforcing too much security programmatically, it encroaches on usability.
can you please name these "design" features, i'd like to make sure they don't affect me.
Unrestricted superuser.
The fact you have to be root to do anything even remotely low level.
Various kludges like privsep, sudo and suid binaries.
Basically, they all revolve around unix's primitive security model, which is barely more than a step away from that of DOS and classic MacOS.
I'm sorry but saying market share is THE factor is rubbish. That's like comparing the security of the more popular Ford Fiesta with a basic immobiliser and no alarm to a Merc SLK with the highest level of security devices. Even if the Merc where as common as the Ford it would still be a lot harder to break into.
I'm sorry but saying market share is THE factor is rubbish.
Agreed. It's a significant one of several.
Even if the Merc where as common as the Ford it would still be a lot harder to break into.
A poor, if deliberate choice of vehicles, but in basic principle the analogy is somewhat valid.
If there were ninty-odd times as many, say, BMWs on the road as there were Audis and Mercs, which type of vehicle out of the three would you expect the feature most prominently in statistics like crashes and thefts ?
"Tell me what you can't do as an Administrator in Windows (well, except recompile your kernel, or course) that you can as root. Real important stuff, you know, something that would actually make your point relevant. "
deleting your kernel image for one thing. relevant enough?
i have developed real time kernel process on linux.
with windows you can indeed shoot yourself in the foot with an admin account.
with linux you can do the same, except you use an atomic bomb instead of a gun.
kind regards,
Int
Simply put, BS. Being an Administrator on a Windows system is practically the same as being root on a *nix system. Tell me what you can't do as an Administrator in Windows (well, except recompile your kernel, or course) that you can as root. Real important stuff, you know, something that would actually make your point relevant.
Actually, drsmithy is right. I believe the equivalent of root in NT is SYSTEM.
Around here the owner of MB has lot higher probability to have ones car stolen or broken into, security measures or not, even if Ford is far more popular. So your comparison was good, interpretation 180 degrees wrong.
Wahur
I wouldn't think that I am to blame that an *.exe can be downloaded and executed by merely **visiting** a homepage, not even clicking at anything...
> > Google is your friend.
> > The first hit is an introduction to the subject:
> > http://www.skyhunter.com/marcs/capabilityIntro/
>
> Translation: dynamic ACLs.
That's an extremely bad translation! I suggest you read "Capability myths demolished" to get a clue.
> This approach wouldn't work as it suffers from the big
> problem of dialog-box-overload.
Showing dialog boxes is an implementation issue and has nothing to do with wether the security is based on capabilities or ACLs. As a matter of fact showing lots of dialog boxes even maps better to ACLs where you can have the dialog-box code just behind the access API.
The difference is that the email client won't give the untrusted application capabilities to open windows or network connections. And even if it did it would still be impossible for the untrusted program to be able to get a capability that the email client doesn't have. No dialog boxes needs to be shown. If the untrusted application doesn't have a capability for opening network connections it can't even ask for a connection to be opened so there is no security checking involved (read: there is no security checking in which there could be a bug or some identity-checking that the untrusted program could fake).
> > I also recommend reading "Capability Myths Demolished"
> > available e.g. at http://zesty.ca/capmyths/
>
> A quick read indicates that this document might address
> the myths listed and possibly even demolish them, but it
> doesn't address the problems that would be encountered in
> actual implementation.
So why don't you check out some real implementations then?
Some starting pointers:
- http://www.erights.org/
- http://www.combex.com/tech/
- http://www.cap-lore.com/CapTheory/
- http://www.eros-os.org/mailman/listinfo/
Posts like yours really contribute a lot to the mass ignorance that I mentioned. Sigh..
I have yet to find an application that I have to run as ROOTADMIN under W2KXP... Granted installation requires admin mostly to write reg keys and drop files in certain locations. We just finished a huge migration to windows xp with around severeal hundred apps on our base image and we found no applications we could not get to work without admin rights. Granted we did have to change permissions on some reg keys and some select files but using a regmon and filemon we were able to find and document theese changes and then provide feedback to the devlopers so they could fix theese issues. Most problems with apps is when they are designed to run on 9xment2kxp all with one code base... slowly but surely devlopers are getting the point about security... Anyone else notice some of you newer games gives you a choice about wether everyone should be able to run this game or not (I think this is mostly Microsoft Games) but others will soon follow.
First, the guy starts off with a strawman, saying people are arguing that linux is invincible. Nobody said that at the Register. They said Linux is MORE secure, not perfectly secure.
Second, I love how the guy tries to get past the fact that in linux (or OS X) only the user's data can be destroyed, not the system files. He asserts it's no big deal to rebuild the system, just stick in a few floppies. This is false. If Windows go south with some unexplainable virus, you might have to rebuilt the entire thing including the system and reinstall all drivers and apps. Lot of work. Second, it's hard to back up the whole system because of the size, while backing up user data (at least data like calendar, email, text type documents) is feasible.
Anyways, at the end of the day, does it really matter why windows is plagued by virus, worms, spyware, adware? It is. That's the simple truth and it ain't going away.
> If there were ninty-odd times as many, say, BMWs on the road as there were Audis and Mercs, which type of vehicle out of the three would you expect the feature most prominently in statistics like crashes and thefts ?
I would say a joy rider would choose the easiest one to break into, I would say a professional car thief would spend more effort in stealing/breaking into the car with the most value (which relates to Wahur's point).
Of course the analogy goes further. A Merc with top security is worse than a Ford if you forget to lock the doors.
No, it doesn't. Malicious executable code just needs to be executed to cause damage (eg: it contains system calls to delete hard disk partitions). Something like a .scr file has to get itself "run" by something that has to know which handler to pass it on to. Even then, it has to be passed to an exploitable handler to do damage (eg: must be run by explorer, explorer must have .scr file associated with something, the associated app must be vulnerable to an exploit and *then* the system calls to delete hard disk partitions are run).
Which is my point: the system is vulnerable by default, and it requires some serious tweaking to make it secure. Even then, there have been exploits around this "feature."
"So you have to hack your system to make it more secure?"
No, you have to configure it to be secure, just like you do with any other platform.
Actually, KMail won't run executables from an e-mail, ever. I'm talking executables, here, not data files that launch an app or viewer: real executables, programs and scripts.
Funny, my default kMail install launches things like PDFs and jpegs into an appropriate viewer after giving an "are you sure" prompt. Seems to me it's using exactly the same process as Windows and hence is vulnerable to the same sort of attach. Mail.app on OS X also behaves like this IIRC.
No it isn't. You can't execute a PDF or jpeg. You're playing with words, here. A jpeg won't erase your hard disk.
"The user has to make them executable first. Did you read the article?"
Yes. The process described for launching an attachment is identical to using Outlook in Windows.
No it isn't! You don't have to make an attached .exe or .scr executable in Outlook for Windows - you can execute it just by double-clicking on it. With KMail you can't even execute malicious code in HTML mails, a bug which affects some versions of Outlook!
Yes, it does. If I double click a .pdf or jpeg in GNOME or KDE, they hand the file off