Hi,
I note that this has moved to some degree mor eto worms than MUA based
viruses. The barrier of getting a user to jump the hoops and execute an
email attachment is accepted. So some exploit or (not uncommon) stupidity
is required.
On Tue, 03 Feb 2004, Rick Moen wrote:
> In the *ix world, we're able to apply fixes in a much more atomic
> fashion. You can patch _just one thing_. Likewise, because we favour
> standardised, documented software interfaces at fairly fine levels, we
> can if necessary sidestep a problem by switching to some functional
> equivalent.
> I.e., if there were a problem with Apache without an immediately
> satifactory fix, most sites can switch to thttpd, boa, WN, Mathopd,
> Yaws, Seminole, chttpd, xs-httpd, etc. ....
> Last, both the windows of vulnerability and severity of such problems
> tend to be, in general, lower (when you compare groups of systems
> serving up similar degrees of functionality -- absent which proviso we'd
> all want to run bare MS-DOS or such).
> The Morris worm was largely aided by a sendmail debug faclity
> negligently left enabled in most copies, and by the absence of shadow
> passwords at that time.
> The Slapper worm exploted a notorious hole in an obsolete version of
> OpenSSL, on badly maintained sites using a particular configuration of
> Apache with that obsolete OpenSSL version.
There's nothing untrue that I see here. However, as I understand it the
biggest virus problems in the Windows world comes from
* Home users who know nothing and patch nothing (anti-virus or otherwise)
* Offices with (or without) admins who know nothing and patch nothing
There's no doubt that if you know what you're at you can secure linux
pretty effectively. The question is though, would ordinary users upgrade
linux? If a bug appears in their MUA, will they hear? Will they
habitually run updates? As pointed out, there is less disincentive due to
licensing issues, but most people are just plain lazy/ignorant and more
(currently anyway) don't have the bandwidth.
They sure as heck won't know to substitute apache for thttpd when an apache
based worm appears and it's not patched yet. This point is more pertinent
to services which are setup by the standard installer (eg the portmapper in
debian).
Linux users/admins are said by some to be more clueful on average. If
there were serious uptake of linux, this would likely cease to be the case.
If Rick were using Windows for some reason, you may be sure it'd be secured
by one means or another. The question is, if my Mother went to Walmart and
bought a PC with linux installed would it be secure in six months time? If
everyone's mother did, what percentage of those machines would be cannon
fodder for a worm? My guess is it'd be pretty high.
If people don't upgrade anti-virus software (the most oft quoted solution
in Windows) why would they upgrade linux?
Gavin
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
