MyDoom (was: Test)
Derek Martin
invalid at pizzashack.org
Tue Feb 3 21:46:38 EST 2004
On Tue, Feb 03, 2004 at 08:33:29PM -0500, bscott at ntisys.com wrote:
> > Isn't it true that most of the malware that's plaguing the Net either
> > relies heavily on all the mis-features (like automatic blind execution of
> > content) added to the various Microsoft applications in the name of
> > "convenience" ...
>
> Actually, no. While there certainly is malware in the wild that does
> target specific exposures like that, a good deal does not. MyDoom depends
> entirely on user stupidity. Blaster attacked a buffer overflow (FOSS is
> hardly immune to those). Ditto Slammer. There really isn't anything
> inherently worse or better about Microsoft vs FOSS in these.
I disagree, and I'm surprised to hear you say that. It's true that
FOSS does have many buffer overflows, but even when they are attacked,
the Linux/Unix model is inherently more secure. The fact that under
most circumstances, ALL code executed on a Windows PC being used by
the average home user runs with the equivalent of superuser
priviledges means that essentially any compromise is devastating.
In the Unix model, unless the user happens to be stupid enough to run
as root all the time, despite all the warnings against doing so in the
manuals and during the install process, attacking the user's mail
client can not result in system-wide devastation. It will not be
possible to replace system libraries and binaries, for example (unless
the attacker can make use of a secondary vulnerability on the system,
of course, which is a more difficult attack).
The Linux/Unix model IS inherently better at stopping the spread of
malware. Which is not to say that it is incapable of spreading it...
I do agree though that much of the difference is user education. But
I think that this is also somewhat inherent in the FOSS model. It
takes a certain level of knowledge and interest to be bothered with
replacing your operating system, and even as easy as it has gotten
these days, it is still not something for the clueless user.
Generally, I think the clueless people also have no reason to be
motivated to switch to FOSS, which contributes to the high level of
FOSS-users' education.
I don't see that changing any time soon; but even when it does, Linux
will still be better. Most vendors these days are shipping with fewer
services running by default. [1] Most distributions also provide a
firewall at install time. The model used by most FOSS software
projects holds security closer to its heart than any Microsoft
equivalent. Take Mozilla vs. Internet Explorer as an example...
I think there are still many ways FOSS is inherently better than
Microsoft for security. None of these guarantee that FOSS won't
spread malware, but they all make the situation better for those
running FOSS than those running Microsoft. Still, as we all know, if
you aren't careful with your services, don't do updates, and you
leave your system connected to the 'Net, sooner or later you're
probably going to get your system trashed, no matter what OS you're
running. In the end, you're right; it comes down to the operator.
-=-=-=-=-=-=-=-=-
[1] Though IMNSHO there are still too many... who uses automounter on
their home desktop? (Of course, there will be some...) Personally I
think essentially NO services should be running after the initial
install, and users should have to enable anything they want/need.)
--
Derek D. Martin
http://www.pizzashack.org/
GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address.
Replying to it will result in undeliverable mail.
Sorry for the inconvenience. Thank the spammers.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20040204/a65bd4d5/attachment.bin
More information about the gnhlug-discuss
mailing list