Full Disclosure mailing list archives

Re: Linux (in)security (Was: Re: Re: No Subject)

From: Ron DuFresne <dufresne () winternet com>
Date: Thu, 23 Oct 2003 12:04:31 -0500 (CDT)

On Wed, 22 Oct 2003, Paul Schmehl wrote:

--On Wednesday, October 22, 2003 6:00 PM -0600 Bruce Ediger
<eballen1 () qwest net> wrote:


The real questions go something like:

"Source code for Unix viruses has been available for years, from sources
almost too numerous to mention.  Why haven't Unix viruses become epidemic
the way that Windows viruses have?"

The usual argument is that Windows is more ubiquitous than Unix and is
therefore the target of choice.  I would argue that the *real* reason is
that Windows is more ubiquitous as a *desktop* operating system and is
therefore the target of choice.  However, that's changing.  Linux is
gaining in the desktop space and so is Mac OS X, which is really "exposed"
for the first time.  By that I mean that previous Mac OSes weren't as
easily attacked remotely because they used Appletalk rather than TCP/IP.
(Yes, Macophiles, I know TCP/IP was available before OS X.)

The real key to prevalence of malware, IMNSHO, is the ease of attack *and*
the potential pool of victims.  People think it's really stupid to "surf"
the Internet using an administrator account on Windows.  Well what do you
think the neophyte Linux users are doing?  I seriously doubt you'll find
many that have a regular account and use su or sudo to do administrative
tasks.  They're bound to run in to something sooner or later that they find
irritating (like being prompted for root's password every time they try to
run up2date on RedHat) and they'll do the same thing they always do on a
desktop system.  They'll start logging in as root because they don't get
"pestered" by all those warning messages and they can install software any
time they want.  (Mind you, Windows still has a long way to go in that
regard.  MS doesn't make it easy to run as an unprivileged user, that's for
sure.)


I think the key there is the phrase "ease of attack".  Combined with a
poor patching stradgy on the part of the vendor who only bandaids the
issues <how many outlook/IE problems have to muster in before the core
issues are fixed?  Hom many times must DCOM and/or RPC be attacked before
the issue is fixed at the core of the problem?  shatter bugs in key
apps...>


        [SNIP]

Thanks,

Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: Re: No Subject, (continued)
- - - Re: Re: No Subject Michal Zalewski (Oct 21)
    - Re: Re: No Subject Paul Schmehl (Oct 21)
    - Re: Re: No Subject Byron Copeland (Oct 21)
    - Re: Re: No Subject Peter Busser (Oct 22)
    - Linux (in)security (Was: Re: Re: No Subject) Peter Busser (Oct 22)
    - Re: Linux (in)security (Was: Re: Re: No Subject) Bruce Ediger (Oct 22)
    - Re: Linux (in)security (Was: Re: Re: No Subject) Darren Reed (Oct 22)
    - Re: Linux (in)security (Was: Re: Re: No Subject) Gary Flynn (Oct 22)
    - Re: Linux (in)security (Was: Re: Re: No Subject) Ron DuFresne (Oct 23)
    - Re: Linux (in)security (Was: Re: Re: No Subject) Paul Schmehl (Oct 22)
    - Re: Linux (in)security (Was: Re: Re: No Subject) Ron DuFresne (Oct 23)
    - Re: Linux (in)security (Was: Re: Re: No Subject) George Capehart (Oct 23)
- RE: No Subject Schmehl, Paul L (Oct 20)