| Tobias DiPasquale on Fri, 15 Mar 2002 11:20:18 -0500 |
|
On Fri, 2002-03-15 at 08:37, Arthur S. Alexion wrote: > > Is the real reason *nix is relatively spared virus problems practical > rather than technical? Partially. The technical aspects of UNIX having an _enforced_ root user make it difficult to reak havoc on a UNIX system without having said permissions. But having said that, most creators of viruses that actually see the wild are looking to infect a lot of computers. This is not truly feasible in the UNIX world, since a cross-UNIX virus would be technically difficult, at best (it would have to be very large to understand the differences between the different Unices). > > If I wanted to take the trouble of writing mischievous code, I would want > my efforts to result in the greatest possible impact. Since 90% of the > computers out there run windows, my first decision would be to write a > virus that operates in windows. Now, if I planned to distribute my virus > via eMail, I better pick a ubiquitous eMail program, so I'd pick -- > Outlook. And so on. > > I feel that even my windows computer is safer than most since I don't have > Outlook installed. I've lost count of the times a virus has infected a > list to which I subscribe, only to find that nothing happens to my system > running either Eudora or Pegasus (with all the Outlook features turned off). > > I suppose Macs are safer for the same reason. The problem is just exactly that. Microsoft products, not Windows as a platform. The petri-dish environment they have created in their applications, where every possible action can have a macro attached to it, allows for the vast majority of the new viruses today. Viruses were never this prevalent when they had to travel via BBS and floppy disk. Microsoft's attitude towards a scripted future of integrated apps has sealed their fate in this regard. And, to boot, if you wish to turn the scripting off in an attempt to be safer, much of the functionality of the product is turned off with it. So, in a sense, the customer is being punished for wishing for better security. > One of the best cures for paranoia is the realization that you are not a > particularly interesting target. Safety thrives in obscurity. This all depends on your outlook on the subject (no pun intended). I may not be a very interesting target, but if I'm an easy one, I don't see much difference in the two situations. I can (and probably will) be exploited by some automated script or infection mechanism, simply because a vulnerability exists. My Apache server still gets hits from the Code Red worm, attempting to locate default.ida. No matter how uninteresting a target you may be, an attack on you will surely interrupt the flow of your day. And the easier it is to perpetrate such an attack, the more you will get attacked. Safety thrives in security. > Art > > > > _________________________________________________________________ > Art Alexion """ mailto:arthur@alexion.com > <(©¿©)> > Arthur S. Alexion LLC «o» http://www.alexion.com > v > > > ______________________________________________________________________ > Philadelphia Linux Users Group - http://www.phillylinux.org > Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce > General Discussion - http://lists.phillylinux.org/mail/listinfo/plug -- << T o b i a s D i P a s q u a l e >> anany@ece.villanova.edu | tdipas01@villanova.edu | toby@khenry.com Of course, in order to partially emulate an ASR-33, you could perhaps connect an IBM selectric up to your computer while running a looped recording of gunfight and an idling 58 chevy with one blown piston. For the final touch, you could replace the room's light switch with a dimmer switch and wiggle it back and forth whenever you are printing something out. -- Anonymous Coward, SlashDot, commenting about Caldera's release of some original UNIX sources Attachment:
signature.asc
|
|