Secure Coding mailing list archives

Re: Hypothetical design question

From: Crispin Cowan <crispin () immunix com>
Date: Wed, 04 Feb 2004 15:14:48 +0000

Alun Jones wrote:

Antivirus scanners typically work by matching against 
patterns of known
viruses.  For VMS that is the null set.

Hope you don't mind me saying this, but that's essentially a null argument.

I'm sorry, but that just flies in the face of facts.

Viruses are a problem endemic to exactly three platforms: DOS, Windows, 
and Macintosh, and no others. Why is that? Because viruses thrive in an 
environment where:

    * documents are executable
    * document viewers run with too much privilege

On DOS, "documents are executable" was mostly an issue with floppy 
disks. On Windows, it became true first in MS Office documents, and then 
when Outlook became the prevelant mail client and it started executing 
attached scripts. On Macintosh, it was a similar story with floppies and 
MS Office, but now is going away with OS X.

Evidence: consider Linux. 3% of the global desktop market, means there 
is something like 1 million to 2 million Linux desktop users out there. 
They are very strongly connected via e-mail mailing lists. Prototype 
viruses for Linux have been known and demonstrated at least seven years 
ago. If viruses were going to thrive on Linux, they would have done it 
by now, and they have not.

So all the hand-wringing about the global nature of the virus problem 
being everywhere is bunk. Viruses are 100% Microsoft's fault. They only 
exist in non-trivial volume on platforms where Microsoft Office has a 
dominant share.

Now this may change: if the Linux market becomes fully bug-compliant 
with Microsoft, and starts deploying mail clients (such as Evolution) 
and applications (such as OpenOffice) that are eager to execute 
untrusted scripts, then Linux will become a host for viruses too. But it 
depends on the Linux market repeating Microsoft's critical mistakes., 
and I do *not* mean buggy software.

Crispin

-- 
Crispin Cowan, Ph.D.  http://immunix.com/~crispin/
CTO, Immunix          http://immunix.com
Immunix 7.3           http://www.immunix.com/shop/

Current thread:

Re: Hypothetical design question, (continued)
- - Re: Hypothetical design question Fernando Schapachnik (Jan 30)
- RE: Re: Hypothetical design question Nick Lothian (Jan 29)
- Re: Hypothetical design question Greenarrow 1 (Jan 30)
- RE: Re: Hypothetical design question Carl G. Alphonce (Jan 30)
- RE: Hypothetical design question Jeremy Epstein (Jan 30)
  - Re: Hypothetical design question der Mouse (Jan 31)
- RE: Hypothetical design question Shea, Brian A (Jan 31)
  - RE: Hypothetical design question ljknews (Feb 01)
    - RE: Hypothetical design question Alun Jones (Feb 02)
    - RE: Hypothetical design question ljknews (Feb 03)
    - Re: Hypothetical design question Crispin Cowan (Feb 04)
    - RE: Hypothetical design question Alun Jones (Feb 04)
    - RE: Hypothetical design question dtalk-ml (Feb 04)
    - RE: Hypothetical design question Alun Jones (Feb 04)
    - Re: Hypothetical design question Crispin Cowan (Feb 05)
- RE: Hypothetical design question dtalk-ml (Feb 04)