borfast Posted July 30, 2004 Posted July 30, 2004 (edited) Here's an interesting article from newsforge.com: http://www.newsforge.com/article.pl?sid=04/07/30/052254 Some quotes: There has been exactly one (1) virus -- Bliss -- ever found in the wild that could affect Linux, and you had to run as root to have it infect your computer in any meaningful way.and another from Evans Data Corporation:It's not surprising that Linux systems aren't hacked to the degree that Windows-based machines can be exploited. The reasons for the greater inherent security of the Linux OS are simple, more eyes on the code means that less slips by and the OS is naturally going to be better secured,' said Nicholas Petreley, Evans Data's Linux analyst. 'As also found in Evans' recently released Security Development Survey, the mechanism by which a Linux machine can be compromised is by users inadequately configuring security settings. Ironically, the other flaws that crackers use to compromise Linux servers are flaws in applications which run on competing operating systems, so those vulnerabilities are not specific to Linux.' Note the difference between "hacking" and "cracking", which is something, as the author says, that people confuse a lot. For those of you who are not used to these terms, "hacking" means to change something to better fit our needs, in this case, the software code is modified (hacked) to fit the author's needs. On the other hand, "cracking" means to gain unauthorized access to a system (and note that it can be any type of "system", not only a computer system), by means of exploiting a security hole, social engineering, reverse engineering or any other unauthorized means. Edited July 30, 2004 by TCH-Raul Quote
Madmanmcp Posted July 30, 2004 Posted July 30, 2004 Interesting and it followed my first impression of the headline..."that can't be a correct percentage". My previous job was with a Leading "Survey" company and I know that numbers can be very misleasding and if you ask the wrong question the wrong way can come up with very strange results. Quote
borfast Posted July 30, 2004 Author Posted July 30, 2004 Exactly By the way, I forgot to mention this in my previous post: I believe "Bliss" isn't the only Linux virus around but can anyone confirm this? Quote
MikeJ Posted July 30, 2004 Posted July 30, 2004 (edited) There was a Linux virus before Bliss called "Staog" (1996) but it was more of a proof of concept virus (to prove that it can be done on Linux) and didn't do any real damage. If you look in Symantic's virus database, you'll see many other Linux viruses (what exposure they actually got and how many of them are truly different and not just slight mods of previous ones I don't know). If you want to get a more objective overview of security and various operating systems, I highly recommend taking some time and reading the publication "A Taste of Computer Security" which includes some decent background on computer security of various popular operating systems and discusses more factual information then the misleading statements that "opensource" (many eyes) alone makes something more secure. Edited July 30, 2004 by TCH-MikeJ Quote
borfast Posted July 31, 2004 Author Posted July 31, 2004 (edited) Thanks, Mike. I don't think that having "many eyes" looking at the code does something all by itself but I do think it's a better way to create software. I'll try to get that book (if it's not too expensive, since my finances are a bit low, lately ) and perhaps it will change my mind Edit: Well, it's not a book, it's an online publication! Thanks a lot, Mike! Edited July 31, 2004 by TCH-Raul Quote
MikeJ Posted July 31, 2004 Posted July 31, 2004 (edited) I don't think that having "many eyes" looking at the code does something all by itself but I do think it's a better way to create software. Just FYI, I'm not trying to change your mind. I'm not, and haven't been, saying that opensource is bad. I'm a big supporter of opensource myself. I'm just making the statement that when people claim that something is more secure just because it's opensource, they aren't looking at the whole picture. Edited July 31, 2004 by TCH-MikeJ Quote
TCH-Thomas Posted July 31, 2004 Posted July 31, 2004 Exactly By the way, I forgot to mention this in my previous post: I believe "Bliss" isn't the only Linux virus around but can anyone confirm this? Not sure if this is what you might look for: http://www.viruslist.com/eng/viruslistfind.asp?findWhere=011&findTxt=linux Quote
borfast Posted July 31, 2004 Author Posted July 31, 2004 I'm just making the statement that when people claim that something is more secure just because it's opensource, they aren't looking at the whole picture. Yes, I know what you meant, Mike But although I know there are many folks who associate "security" with "opensource" and I think that's wrong, I'm kind of biased towards that kind of thinking myself and I know I shouldn't Thomas, thanks for the link! I guess we have that question answered, now Quote
skeptismo Posted August 25, 2004 Posted August 25, 2004 I'm just making the statement that when people claim that something is more secure just because it's opensource, they aren't looking at the whole picture. This is correct. Eventhough I'm new to *nix world, I do recall some GREAT exploits on sendmail that had a lot of IT staff did some .... overwork ! Mad!!! But nowdays, open source "seems" more "typical" in security issues than from many private companies, and as far as I'm concerned if localization was good enough I would implement all in my company (I live in Greece, where MS holds about 98% of the software market, due to localization issues mostly ... is a pain to learn new programs to secretaries and to learn them to type ... correctly if no spelchecker is available in OpenOffice ! ) Anyway in some specific regions, Open Software is a really cool alternative, (like browsers, nothing new to learn, Web Hosting/Apache, etc). Even in "paid" services of Open Source, like Linux Advanced Server which my company uses in development of an Oracle application, the advantages are FAR more than MS (instant support from RedHat, 30-40% faster performance of our DB in Linux than MS, and a lot more ... !) Maybe it's time to move to Open Software ! Naughty Quote
allaboutmadonna.com Posted September 3, 2004 Posted September 3, 2004 I'm using Windows XP and I never had a virus !!! 90 % of Linux users have never had a virus becouse no one makes them for linux ... Quote
Deverill Posted September 3, 2004 Posted September 3, 2004 I'm using Windows XP and I never had a virus !!!I felt that way too until I started working for a company with about 500 users. It made us a bigger target than a single user and there were a lot of goofballs doing stupid things that I'd never do at home. To paraphrase, 90% of power users have never had a virus because they know better than to do stupid things. 90 % of Linux users have never had a virus becouse no one makes them for linux ... The question should be: "Is a virus for Linux too hard to make successfully or is the thrill too low to be worth it because of low userbases?" Here's a great article about the issue: www.theregister.co.uk/2003/10/06/linux_vs_windows_viruses/ One thing the article brings to mind. In Windows there was recently a problem where you could send an EXE with a WMA extension, it would go to the Windows Media Player and the player would, purely as a favor to you, run the file because it realized it was an exe. In Linux you would never (too strong?) find a media player that would take a music file, boost itself to root priviledge and run it as an executable program. There are a lot of good points in the web link so I'll not go over them, but the very nature of Unix derivatives is at the core of the differences more so than the Open Source status... but that doesn't hurt it either. If you made a goofy media player like that in open source the community would call you an idiot and patch it or throw it out. If Microsoft makes one like that then no one knows about it, they can't change it if they did and it's sometimes not worth throwing it out if there's no new one to replace it. Just some food for thought. Quote
allaboutmadonna.com Posted September 4, 2004 Posted September 4, 2004 ... Maybe I never had any problems with viruses 'couse I'm using Kaspersky Anti-Virus + Zone Alarm Pro, and my Windows XP is allways updated ... Quote
TCH-Rob Posted September 4, 2004 Posted September 4, 2004 Jim, We are missing something. 90% of Linux users know enough to look for or subscribe to places that discuss issues that arise in their distro. Up the numbers of Linux users to MS users and I think all heck would break loose. Think of all the people that will have the default install and not know how or where to get updates. Sure, it is an open system so anyone can fix it but then how do all those novice usesr know about it and download it and untar it to install it? If the users come they will write the virus and it will do damage. It isnt the system as much as it is the users on the system. Maybe I never had any problems with viruses 'couse I'm using Kaspersky Anti-Virus + Zone Alarm Pro, and my Windows XP is allways updated ... Maybe, aside from updating my system I didnt run AV nor a firewall because I paid attention. I now have to run AV on the wifes machine because she is like the Typhoid Mary of the computer wold. We just need to pay attention to what we are doing. Quote
borfast Posted September 4, 2004 Author Posted September 4, 2004 (edited) We just need to pay attention to what we are doing. Amen, Rob! When I still used Windows, I didn't have any anti-virus or firewall installed for years, because I knew what I was doing! I just started using them when my dad and sister started using their computers to navigate the web through my machine. That's when things started to get complicated. And no, I never had any problems with virus, either. But about this whole Linux-being-more-secure-than-Windows thing, I think it's a bit because of Linux's Unix roots. As Jim said, the very nature of the system makes it much harder to write viruses to than Windows. What Rob said is also true: Linux users are usually people who know a lot about computers or at least more than the average user, and so they know they should keep their systems up to date. And as for the old question of if Linux would be the dominant OS instead of Windows, there would be more viruses for it, read the article Jim pointed. Its big but it sure is worth the time. Very good reading. Thanks, Jim. And to finish, I'll just point a little example that came to my mind: if we consider a company with 500 users where the majority of them use Linux, we can consider that in this confined environment, Linux is the dominant OS, right? OK, now take the examples you know of such companies (you can start with TCH, given that all our servers from 1 to 82 run Linux ) and tell me how many had problems with viruses. Then consider the companies you know of that use mostly Windows and tell how many had problems with viruses. Get my point? Edited September 4, 2004 by TCH-Raul Quote
TCH-Rob Posted September 4, 2004 Posted September 4, 2004 I cant argue with those points however, give the millions that use MS and their knowledge and you will see the same thing happen. Yes it is harder to write those viri but it can and will happen. It is an invalid argument as until Linux becomes 98% GUI and monkey simple it will not get the average MS user. We just have to wait to see it become dominant first. When that happens we can test our theories.... ...... and shoot pigs out of the sky. (Last remark for you Raul. Just because ) Quote
borfast Posted September 4, 2004 Author Posted September 4, 2004 Yes, I'm not saying it will not happen. It could even happen today, when Linux is not a dominant OS. But my point is that when it happens, those viruses won't be able to propagate as easily as the windows ones. But as you said, we'll just have to wait to test our theories Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.