Re: Hypothetical design question

[Crispin Cowan <crispin () immunix com>]

Alun Jones wrote:


-----Original Message-----
From: Crispin Cowan [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, February 03, 2004 6:52 PM


I'm sorry, but that just flies in the face of facts.

Viruses are a problem endemic to exactly three platforms: 
DOS, Windows, and Macintosh, and no others. Why is that? 
Because viruses thrive in an environment where:


*       documents are executable
*       document viewers run with too much privilege
   



I'd add a few more bullets:

* users / admins are not well educated in what they are doing.
* there's some point to be had in infecting the user-base.

But those factors are true of Linux users as well as Windows users. So 
while they may be necessary conditions (similar to "using digital 
computers" being a necessary condition) they are not particular or 
germain to the question of "Why do viruses thrive on Microsoft systems 
and no where else?"


On DOS, "documents are executable" was mostly an issue with 
floppy disks. On Windows, it became true first in MS Office 
documents, and then when Outlook became the prevelent mail 
client and it started executing attached scripts. On 
Macintosh, it was a similar story with floppies and MS 
Office, but now is going away with OS X.
   



On any application that has an exploitable buffer overflow bug, documents
are executable.  I see many of these on various other operating systems that
you haven't mentioned.


But you don't see thriving viruses, so again, it is irrelevant.

Evidence: consider Linux. 3% of the global desktop market, 
means there is something like 1 million to 2 million Linux 
desktop users out there. They are very strongly connected via 
e-mail mailing lists. Prototype viruses for Linux have been 
known and demonstrated at least seven years ago. If viruses 
were going to thrive on Linux, they would have done it by 
now, and they have not.
   


You talk about Linux as if it is a single platform.  AFAIK, it runs on
multiple different processors, in multiple different versions, with
different options compiled in at different places.  Windows, Mac and DOS, by
comparison, each offer a smaller number of possible arrangements.


Uh, no. Microsoft has a similar degree of diversity to Linux:

   * Microsoft: Win95, Win98, WinME, WinNT4, Win2K, and WinXP (6 major
     platforms) and MS Outlook and MS Office have a similar degree of
     diversity
   * Linux:
         o Red Hat 6.2, 7.0, 7.3, 9, EL3, and Fedora
         o SuSE 7, 8
         o Debian Woody, Potato
         o around 10 major platforms: with a lot of shared code, i.e.
           not significantly more diverse than Microsoft systems


So all the hand-wringing about the global nature of the virus 
problem being everywhere is bunk. Viruses are 100% 
Microsoft's fault. They only exist in non-trivial volume on 
platforms where Microsoft Office has a dominant share.
   


Is there something _technical_ that Linux offers, that Windows does not,
that makes it immune from viruses?


Yes, there is; the technical factors that I enumerated:

   * Mail client and document handlers like to execute embedded scripts
     and code
   * Mail client and document handlers commonly run with administrative
     privilege

These factors are critical to viruses thriving, they are both true on 
Microsoft systems, and neither is true on Linux systems.



 If not, then the answer must be that the
prevalence of viruses on Windows, and their near-absence on Linux must be
due to non-technical reasons (such as the overwhelming prevalence of Windows
systems, and of dumb users on those systems).

Except that that is completely wrong :) There are plenty of dumb Linux 
users; just read Slashdot :)



The latest viruses show that you don't have to automatically execute
attachments - you don't even have to make attachments execute after a
single-click - to distribute a virus.  I'm beginning to think that if you
wrote a virus that required users to copy the code into a text file and run
a compiler on it, it would get propagated by some users.

Now consider the implications of this on a Linux system: dumb user 
clicks on the attachment and runs it. The virus tries to infect the 
machine, and discovers the hard way that [EMAIL PROTECTED] does not have 
write perms on /user/bin, and therefore infection cannot persist past 
the lifespan of this process.



Another societal benefit is that Linux users are used to running as
non-admins.  Too many Windows applications require admin privileges.  Why
should I be an administrator to file my taxes?  I shouldn't, so I complain
to the author of that application.

For a very sound technical reason: because of the Windows legacy. Win95, 
Win98, and WinME had no notion of privilege: everything was effectively 
"root". Therefore most legacy Windows apps (including MS Office) are 
*really* unhappy if you try to run them without Administrator privs. You 
can kludge around it, but it is hard work. As a result, just about 
everyone runs as an Administrator user on their Microsoft boxen, not 
because they're dumb, but because Microsoft software architecture makes 
them.



You've said nothing that actually contradicted my argument, and you've said
much that supports it.

My argument is that the virus problem is caused by Microsoft 
architectural faults, and I've detailed the technical basis for this claim.


I'm not sure I understaind what your claim is. How have I supported it?

[Ed. ...and how about bringing this back to the focus of development of
sufficiently secure applications, please?  KRvW]

Crispin

--
Crispin Cowan, Ph.D.  http://immunix.com/~crispin/
CTO, Immunix          http://immunix.com
Immunix 7.3           http://www.immunix.com/shop/