Secure Coding mailing list archives
Re: Hypothetical design question
From: Crispin Cowan <crispin () immunix com>
Date: Thu, 05 Feb 2004 16:26:57 +0000
Alun Jones wrote: -----Original Message----- From: Crispin Cowan [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 03, 2004 6:52 PM I'm sorry, but that just flies in the face of facts. Viruses are a problem endemic to exactly three platforms: DOS, Windows, and Macintosh, and no others. Why is that? Because viruses thrive in an environment where: * documents are executable * document viewers run with too much privilege I'd add a few more bullets: * users / admins are not well educated in what they are doing. * there's some point to be had in infecting the user-base. But those factors are true of Linux users as well as Windows users. So while they may be necessary conditions (similar to "using digital computers" being a necessary condition) they are not particular or germain to the question of "Why do viruses thrive on Microsoft systems and no where else?" On DOS, "documents are executable" was mostly an issue with floppy disks. On Windows, it became true first in MS Office documents, and then when Outlook became the prevelent mail client and it started executing attached scripts. On Macintosh, it was a similar story with floppies and MS Office, but now is going away with OS X. On any application that has an exploitable buffer overflow bug, documents are executable. I see many of these on various other operating systems that you haven't mentioned. But you don't see thriving viruses, so again, it is irrelevant. Evidence: consider Linux. 3% of the global desktop market, means there is something like 1 million to 2 million Linux desktop users out there. They are very strongly connected via e-mail mailing lists. Prototype viruses for Linux have been known and demonstrated at least seven years ago. If viruses were going to thrive on Linux, they would have done it by now, and they have not. You talk about Linux as if it is a single platform. AFAIK, it runs on multiple different processors, in multiple different versions, with different options compiled in at different places. Windows, Mac and DOS, by comparison, each offer a smaller number of possible arrangements. Uh, no. Microsoft has a similar degree of diversity to Linux: * Microsoft: Win95, Win98, WinME, WinNT4, Win2K, and WinXP (6 major platforms) and MS Outlook and MS Office have a similar degree of diversity * Linux: o Red Hat 6.2, 7.0, 7.3, 9, EL3, and Fedora o SuSE 7, 8 o Debian Woody, Potato o around 10 major platforms: with a lot of shared code, i.e. not significantly more diverse than Microsoft systems So all the hand-wringing about the global nature of the virus problem being everywhere is bunk. Viruses are 100% Microsoft's fault. They only exist in non-trivial volume on platforms where Microsoft Office has a dominant share. Is there something _technical_ that Linux offers, that Windows does not, that makes it immune from viruses? Yes, there is; the technical factors that I enumerated: * Mail client and document handlers like to execute embedded scripts and code * Mail client and document handlers commonly run with administrative privilege These factors are critical to viruses thriving, they are both true on Microsoft systems, and neither is true on Linux systems. If not, then the answer must be that the prevalence of viruses on Windows, and their near-absence on Linux must be due to non-technical reasons (such as the overwhelming prevalence of Windows systems, and of dumb users on those systems). Except that that is completely wrong :) There are plenty of dumb Linux users; just read Slashdot :) The latest viruses show that you don't have to automatically execute attachments - you don't even have to make attachments execute after a single-click - to distribute a virus. I'm beginning to think that if you wrote a virus that required users to copy the code into a text file and run a compiler on it, it would get propagated by some users. Now consider the implications of this on a Linux system: dumb user clicks on the attachment and runs it. The virus tries to infect the machine, and discovers the hard way that [EMAIL PROTECTED] does not have write perms on /user/bin, and therefore infection cannot persist past the lifespan of this process. Another societal benefit is that Linux users are used to running as non-admins. Too many Windows applications require admin privileges. Why should I be an administrator to file my taxes? I shouldn't, so I complain to the author of that application. For a very sound technical reason: because of the Windows legacy. Win95, Win98, and WinME had no notion of privilege: everything was effectively "root". Therefore most legacy Windows apps (including MS Office) are *really* unhappy if you try to run them without Administrator privs. You can kludge around it, but it is hard work. As a result, just about everyone runs as an Administrator user on their Microsoft boxen, not because they're dumb, but because Microsoft software architecture makes them. You've said nothing that actually contradicted my argument, and you've said much that supports it. My argument is that the virus problem is caused by Microsoft architectural faults, and I've detailed the technical basis for this claim. I'm not sure I understaind what your claim is. How have I supported it? [Ed. ...and how about bringing this back to the focus of development of sufficiently secure applications, please? KRvW] Crispin -- Crispin Cowan, Ph.D. http://immunix.com/~crispin/ CTO, Immunix http://immunix.com Immunix 7.3 http://www.immunix.com/shop/
Current thread:
- RE: Hypothetical design question, (continued)
- RE: Hypothetical design question Jeremy Epstein (Jan 30)
- Re: Hypothetical design question der Mouse (Jan 31)
- RE: Hypothetical design question Shea, Brian A (Jan 31)
- RE: Hypothetical design question ljknews (Feb 01)
- RE: Hypothetical design question Alun Jones (Feb 02)
- RE: Hypothetical design question ljknews (Feb 03)
- Re: Hypothetical design question Crispin Cowan (Feb 04)
- RE: Hypothetical design question Alun Jones (Feb 04)
- RE: Hypothetical design question dtalk-ml (Feb 04)
- RE: Hypothetical design question Alun Jones (Feb 04)
- Re: Hypothetical design question Crispin Cowan (Feb 05)
- RE: Hypothetical design question ljknews (Feb 01)
- RE: Hypothetical design question Jeremy Epstein (Jan 30)