MyDoom (was: Test)

bscott at ntisys.com bscott at ntisys.com
Tue Feb 3 22:24:44 EST 2004 

On Wed, 4 Feb 2004, at 11:46am, invalid at pizzashack.org wrote:
>>   Actually, no.  While there certainly is malware in the wild that does
>> target specific exposures like that, a good deal does not.
>
> I disagree, and I'm surprised to hear you say that.  It's true that FOSS
> does have many buffer overflows, but even when they are attacked, the
> Linux/Unix model is inherently more secure.  The fact that under most
> circumstances, ALL code executed on a Windows PC being used by the average
> home user runs with the equivalent of superuser priviledges means that
> essentially any compromise is devastating.

  Yes, but this has nothing to do with the design or implementation of
either Linux/Unix or MS-Windows.  It's simply a matter of operator mindset.  
Most of those MS-Windows users have no concept of security and "just want to
be able to do everything".  I've seen those same kind of users doing
everything as "root" on their Linux/Unix systems.  Likewise, on a properly
administered MS-Windows system, regular users have no special privileges.

  There's also the fact that, again, much of the current malware does not
need any special privileges to do what it does.  Self-propagation rarely
requires anything more then the ability to initiate BSD socket connections,
which unprivileged users can do on both MS-Windows and Linux/Unix.

> I do agree though that much of the difference is user education.  But I
> think that this is also somewhat inherent in the FOSS model.  It takes a
> certain level of knowledge and interest to be bothered with replacing your
> operating system ...

  It absolutely requires a higher level of knowledge and interest to replace
your OS.  But if tomorrow, Dell, HP/Compaq, IBM, Sony, and Gateway all
started shipping Linux as the default OS on their computers, and by default
those computers used "root" for the regular user account, do you really
think FOSS would do any better?

  It is not an inherent difference, or a technical one; it is entirely about
the people using the software, and how they use it.

> I don't see that changing any time soon; but even when it does, Linux will
> still be better.

  You are assuming.  LindowsOS uses "root" as the default user account.  
Sure, LindowsOS is not exactly taking the world by storm, but who is to say
that the Linux distribution that *does* take the world by storm is going to
be better designed?  I should point out that if design superiority was a
necessary criteria for success, Microsoft Windows would not be in the
dominant position it is, and we would not be having this conversaion...

  I actually do have a point here.  A lot of FOSS advocates frequently voice
the opinion that Linux is somehow inherently more secure then MS-Windows.  
As it turns out, I agree with them -- it is.  But, as we all know, security
is only as good as your weakest link.  And if the weakest link is the system
operator, it does not matter *AT ALL* what your software is.  Thus, these
FOSS advocates are unwittingly creating a false expectation that simply by
installing Linux, all the security problems go away.  At best, that means no
gain in security, and lost time and productivity.  At worst, newbies decide
Linux advocates are a bunch of liars, and go back to MS-Windows.

-- 
Ben Scott <bscott at ntisys.com>
| The opinions expressed in this message are those of the author and do  |
| not represent the views or policy of any other person or organization. |
| All information is provided without warranty of any kind.              |

More information about the gnhlug-discuss mailing list