|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] Re: Linux on the desktop
|
Hi:
> On 01 Mar, 2004, at 08:08, George Langford, Sc.D. wrote:
> >In the context of whether Linux is ready for the desktop,
> >yesterday I received notice from my Symantec NAV S/W
> >running on a PC under W98SE that there was a virus in the
> >PLUG Digest Vol. 1 #1106.. Even though Linux is relatively
> >immune to virus attacks, Linux users appear to be lulled
> >into a false sense of security that leaves their emails
> >vulnerable to infections.
The latest round of email viruses forge "From:" addresses.
All it takes for such a virus to hit this list is for an
infected box to have both the list and one subscriber to it
in their address book. I briefly considered forging the
"From" address in this message... but that's too anti-social
just to make the point.
Basically, you're implying that Linux is not ready for the
desktop because a LUG mailing list was the recipient of an
infected message which was sent by an infected Windows box?!
* William H. Magill <magill@mcgillsociety.org> [2004-03-01 10:39:45 -0500]:
> The important point, which you hint at but fail to expand
> on... TODAY, Linux is not a "target" of virus writers.
Maybe so... but how do you know this?
> While people don't like to admit it, both Linux and Mac OS X,
> enjoy CONSIDERABLE "security by obscurity." It is not so much
> that any Unix environment is inherently "more secure," but
> rather, there are far fewer resources around devoted to
> attacking Unix based systems. (Remember, ALL forms of
> non-Microsoft operating systems represent only 10 or 12% of
> the desktops worldwide.)
That is flawed logic.
Do burglurs avoid the 10 houses with security systems out of
100 in a neighborhood just because the 10 are fewer?
> "Obviously," if/when Linux succeeds on the desktop, that
> will change. Then virus writers will turn their efforts
> towards devising Unix oriented virus programs -- "because
> they're there."
Nonsense. Virus writers (in league with spammers) will
"obviously" target the least secure systems (just like
the burglur... even the motivation is the same.)
Known insecure systems are targeted, whether they are many
or few. When vulnerabilities in F/OSS are found, attempts are
made to exploit them, e.g.: the recent security failures of
several high-profile CVS servers, the OpenSSH rootkits of
a year or two ago, the attempted hijacking of the Linux kernel
BK/CVS gateway, etc.
If anything, I think that F/OSS will become more secure as
it becomes more widely used. If an individual component
is terminally insecure then it will likely be replaced
(e.g. sendmail and hopefully CVS).
Regards,
--
Mark M. Hoffman
mhoffman@lightlink.com
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|