D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Virus scanners??


Hash: SHA1

Neil Williams wrote:

It is already known that exploits do exist in GNU/Linux but these are patched 
quickly and there is little excuse for systems not being updated.

I remain to be convinced on the "patched quickly".

For example, one possible reason virus writers tend to pick on windows
is that if you're going to write a virus you might as well write it to
infect the most widely used OS.

I think there is a more specific issue here, in that Windows XP was so
poorly deployed, and Microsoft so slow to address the issues that arose
(not all of their making), that it generated a business for criminals
exploiting that weakness.

The vast bulk of compromised PCs are I suspect compromised for profit
(predominantly spamming/phishing services but that is changing).

It is quite a small number of people involved in this black market,
perhaps only a handful in the actual coding, although there is kind of a
hobbiest botnet thing happening as a result.

The problem for Windows has always been this spread - historically it has been 
far too easy to infect one Windows machine from another.

But this is in part a problem due to numbers.

With any epidemic there are critical masses effects, where each infected
item must infect slightly more than one other to propagate successfully.

That said GNU/Linux is well past the point in terms of connectedness and
 numbers where viruses became epidemic in DOS. DOS boxes at my
University were almost continuously infected with viruses, even before
the Universities were connected via Internet protocol, and I don't think
any of them were propagated worm fashion, they just lived mostly on
floppy boot sectors, or in executables.

But how much this illustrates that GNU/Linux is more secure, and how
much it illustrates the diversity of the boxes involved is hard to
decide by mere observation.

This has nothing to do with users - some of the most damaging malware on 
Windows attacked servers and spread between Windows servers.

The MS SQL worm was a wake up call for application level security issues.

Of course there should never have been so many boxes listening on the
Internet for MS SQL connections in the first place, but I know people
who still do this, mostly because the VPN or other secure type
connections are just too painful to configure.

But MS SQL wasn't the only database with stupid default account settings ;)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org


The Mailing List for the Devon & Cornwall LUG
Mail majordomo@xxxxxxxxxxxxx with "unsubscribe list" in the
message body to unsubscribe. FAQ: www.dcglug.org.uk/linux_adm/list-faq.html