Re: [inbox] Re: Show me the Virrii!

["Exibar" <exibar () thelair com>]

----- Original Message ----- 
From: "Curt Purdy" <techman () inu net>
To: "'Exibar'" <exibar () thelair com>; <John.Airey () rnib org uk>;
<full-disclosure () lists netsys com>
Sent: Wednesday, January 07, 2004 12:18 PM
Subject: RE: [inbox] Re: [Full-disclosure] Show me the Virrii!


> Exibar wrote:
>
> > Why do you ultimately blame Windows/DOS for the virus
> > problem?  This is
> > simply not true.  Are there not SQL worms?  Was it not a SQL
> > worm that was
> > the fastest to spread in history?  Are there not many Linux worms and
> > viruses, and more being written each day?  Are there not
> > viruses and/or
> > worms that exploit Cisco products?
>
> Jeeze, you know how many pages I had to delete off the end of this thing?
> It doesn't take remembering PINE to know how to clean up your act.
>
> OK, to business.  Your points: the SQL worm exploited ONLY MS SQL.  The
> cisco worm exploited IIS that was the web interface in their DSL routers.
> Yes, there are a few Linux worms but the numbers are tiny vs. MS.  And
that
> is NOT because MS is so prevelant, although of course that is a factor as
> explained in the seminal work "Cyberinsecurity: The Cost of Monopoly".
The
> primary reason for so many MS virii is the poorly written code that has
> evolved into their current elephants of OS's.
>
> All is not lost for MS, but it will take a ground-up rewrite to solve the
> problems.  Unfortunately they seem to be taking the opposite tack of
taking
> W2K, the best OS they have come up with yet, and folded it into XP, the
> biggest pile of dog doo since 3.1 and telling customers they can't get 2K
> even if they prefer it.

  I'm in no way saying that Microsoft writes perfect code.  Nothing is
perfect.  My point is simply that if Linux was the preferred OS of millions
of people, that the number of Windows "malware" would be much much smaller
and the number of Linux "malware" would be at the same number that Windows
is currently.  It's all a matter of the VX'r getting the most bang for their
buck.
   The poorly written code only makes it easier to write a piece of malware
for a closed source program.  It's just as easy to write a piece of malware
for an open source program.  How many Apache bugs were exploited in the past
couple months?  Quite a few, I'll even bet a dime for a dollar that there
have been MORE apache exploits and/or vulns than IIS in the past 4
months....  Most bang for the buck....

  Sorry about the pages of quoted old message before guys :-)

  Exibar

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html