Post by Doc O'Leary Post by Heidi
: Briefly, they are (mostly) executables that do something we would
: rather our
: computers didn't do - sometimes self harm. Any computer with an i/o
: facility is liable to be attacked regardless of hardware/OS combo.
Ah.. so Linux is not infallible then. Just that Windows gets hit more. :)
Got it now. Thanks William.
No, you don't. William vastly oversimplified the issue. The problem
with Windows is that often times the harmful code is run
*automatically*. Related is the issue of what can be done locally and
what can be done over a network; Windows simply has too many proprietary
services enabled by default to be safe.
Any system can be social engineered, which is essentially what a trojan
does. Unix, however, has long been a social system and has many
mechanisms in place to protect one idiot user from another. This is
very evident as you look at the details for something like
Trojan.Linux.Zab. It is itself a trojan of a malicious program: it
would only be downloaded and used by someone attempt to exploit another
system. It further requires that it be run as root, meaning no local
hole is exploit. A far cry from the Windows concerns of being owned by
simplying reading email!
Sure, *nix might have better security aspects, but the main factor that
has caused a plethora of Windows based virii et al as opposed to the few
*nix equivalents is because Windows is a piece of commercial software
written by the big bad Microsoft. It is the most common OS family and is
most widely used amongst corporations and government institutions (South
Korean govt being an exception IIRC).
2000/XP, because they are the central parts of these computer networks,
are the most badly hit. Note that 2000/XP security isn't terribly bad,
and can work well if used properly. Many of the vulnerabilities are
"buffer overruns" which can occur anywhere and are only known because of
the popularity of the OS. The only real problem is the fact that MS
could probably fix some of these problems preemptively if they so
desired. 98/Me are basically user-oriented.
*nix, on the other hand is often seen as the 'good-guy' alternative to
MS software and is used far less widely; for these reasons these
hackers, etc, are less likely to look for vulnerabilities. Also, this
stream of OSs isn't widely known by the general public and so would gain
less attention. For this reason, even though *nix OSs are widely used,
for example, as servers, they are not a target. I'm sure that there are
security issues with Linux that could be found if people were to look
hard enough; to that extent William was absolutely correct. To say that
Linux etc has bulletproof security is naive.
So yes, whilst *nux may have some superiority in terms of security, this
isn't the main reason why there are fewer attacks on it.