Dealing with widespread worms like Sasser raises the cost of using Windows, a research analyst said Wednesday. Mark Nicolett, research director at Gartner, recommended that enterprises boost spending on patch management and intrusion prevention software to keep ahead of worms, which are appearing ever sooner after vulnerabilities in Windows are disclosed.
Gartner: Worms Jack Up the Total Cost of Windows
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
I’m sorry, but thats kinda obvious. Where I work I know all the anti-virus, security, and worm precautions /has/ to be costing tons of money. We’re always prepared, and so far most of the time its smooth but all those precautions cost $$$$.
Change to Linux or Sun Java Desktop.
OTOH, if enterprises buy virus and firewall software they *only* … have to buy it every year to get virus updates 🙂
This is like an infinite loop, Alternative OS users are effected in the worst kind of way from these epidemics, the internet goes down and we have to walk away from our computers due to the fact that seemingly no one can visit the Windows update site. This stuff is always big news and people will always make three word comments like “Switch to linux, use mac, FreeBSD can grooom your dog” They are annoying, but true, what are us Alternative OS users supposed to do or say besides shake our heads and say “look pal my computer is fine”
ACtually 99% of these security holes are found and patched by microsoft before there is a worm ever invented. Crackers take the patch released from microsoft and see what it did then they make a worm based off of that. So really all you need is to stay current and you will be fine most of the time. Of course IMHO any system that is so easily exploited and so often is poorly designed but that is another discussion, bottom line we are too hard on Microsoft some times.
When will people learn.
http://zdnet.com.com/2100-1105_2-5205815.html
This is not MS fault. The patches have been avliable for more than 2 weeks.
Windows 95 wasn’t made for massive Internet. It was made to be fast on a samll ethernet (they had NT 4 for the bigger ones)… so it designed “like that”…
I agree we (them) are too hard with all Microsoft related, I still have a strong suspicion about the anti-virus business.
“So really all you need is to stay current and you will be fine most of the time.”
That’s what I don’t understand. If it was a just a few clueless home users getting the worms, it wouldn’t amount to anything. But corporation with their own IT managers also get the worms. This current one, Sasser. At first they said it was a weak one, wouldn’t amount to much. Then the next thing you know, there’s 100,000 computers with it.
But there’s a huge amount of users that runs pirated version of XP, who can’t use windows update. And it doesn’t only affect those people, it affects all of us. You could always blame them, but wouldn’t it be smarter of MS to release those patches to anyone? It would surely reduce the amount of infected boxes. It’s not like those people will pay for Windows just to get the patches.
Besides there’s also a lot of people that doesn’t know how to update the system, or even know that it’s possible.
And there’s always a lot of people who gladly will click any attachment that is sent to them.
Are we too hard on microsoft? Sometimes perhaps. But if they would have considered some things from a security perspective more often some of these things wouldn’t have existed. The idea of releasing an email client that is able to execute code by only reading an e-mail is really insane. They are either stupid or just naive.
There will always be security holes and flaws in any OS, but they could have been reduced a lot if they only took their time to make sure it was as secure as possible.
But as always, MS just wants to make money, and make it fast, they are responsible to do that, as a public company.
sigh.
“This is not MS fault.”
Patch, patch, patch. Miss even one, or don’t get it the very day it comes out and you could be screwed. The average user shouldn’t have to worry about this everyday. They don’t spend hundred of dollars on a new computer just to have something new to stress about.
If you’re a Mac user, this ought to make you happy, as this might the only thing that can turn mass quantities of people away from Windows to OS X.
And OSS dosent have patches. I just spent the last 4hrs upgrading my Slackware 9.1 system to -current. Dont you read the weekly security advisories on http://www.linux.com, http://www.linuxtoday.com, etc?
Nothing is perfect. The fact that windows is used by ~90% of the worlds desktops only magnifies the need to patch.
Well, you really don’t know the Windows crowd then. They’ve become addicted to poorly written software and cannot use anything but Microsoft. The Mac OS X platform is fine and you really don’t want a bunch of Windows users switching over to OS X — it will destroy us!
can i have a job at gartner, i too can come up with such insights as “viruses increase TCO of windows”.
This is not MS fault. The patches have been avliable for more than 2 weeks.
That’s like saying it’s not Ford’s fault if your 2004 Mustang explodes after less than a year of driving, so long as they told you 2 weeks before that this would happen.
“Oh, don’t complaint about it. It’s your fault. If you only upgraded your car every night you’d be fine. Moron.”
You may have point on that one yes. What about the vulnerabilities which were found, about which Microsoft has been notified, and which has not been patched. In which the patch time varries from of 2 month till more than half a year?!
If that goes wrong someday, what is the excuse then? I guess the poker game has then been lost, since there’s no strong argument to defend this behaviour…
Microsoft -and its patching customers- should be glad whitehats research the vulnerabilities in ie. MSIE and NT, and don’t publish much information before the patch because else they’d been fried by worms before they got the patch rollin’.
Oh you want proof. Fine. Eeye.com -> upcoming and Google for “Georgi MSIE Vulnerabilities” and “Lui MSIE Vulnerabilities”.
First, anyone can download the patches from microsoft’s website they just need to use a mix of MSBSA and the knowledge base to find the pathes listed. Windows Update makes it easier but by no means should Microsoft make this utility available to people who pirated Windows.
Second, it’s not Microsoft’s fault that some people aren’t smart enough to use their OS and keep it up to date. Some people have trouble driving, does this mean automakers need to rethink the UI for automobiles to make it more difficult for people to talk on their cell phone, yell at their kids and eat fast food while driving?
That’s neither here nor there though as many of these viruses are spreading throughout largecorporations, infecting their systems and wreakign havoc. Explain to me why these admins aren’t doing their jobs? The clueless user excuse only goes so far. Firewalls, AV software and personal responsibility have kept viruses and worms off my systems since the Windows 3.1 days.
Hardly, its more like you intentionally crashed into a wall and then blamed the manufactor of the car you were driving.
Its the users fault for not patching.
The problems that are known are the least of my worries.
It’s the ones that are unknown, and actively being exploited. And it happens on any OS.
A (good) firewall will help a lot, but still isn’t completely safe. And I think it’s a good idea that MS builts in a firewall and turns it on by default. On the other hand, I hope it will be easy to maintain and set up by the “normal” home user.
‘Worms Jack Up the Total Cost of Windows’
Sounds a bit like ‘stepping on landmines
can be hazardous for your health’…
Who would’ve expected otherwise…
But perhaps in other parts of the world,
these things things go differently…
AvS
Yes all OS’s must patch. 90% of all viruses and worms out their target holes in Internet Explorer. Outlook being part of tight intergration uses IE as it’s rendering engine. REmove those two pieces from the equation and most virues and worms won’t affect you anymore. Switch to mozilla, or Opera, and most of the hard hits go away.
MS knew about the exploit from Sasser 6 months ago according to the third party that found it. That potentionally gives hackers a 3-4 month window to build the virus. Any other software maker would of released software patch fixing that probelm in a week. ms took 6 months and it will take another 6 months to fix the probelms that the patched caused.
A lot of companies had a choice with the patch that “fixed”sasser lose their corpate server because the patch broke everything else, or don’t patch. Money rules.
by no means should Microsoft make this utility available to people who pirated Windows.
Why not? It should be in their interest to prevent worms from infecting windowsboxes, because it gives them a bad reputation. Making it easily available to anyway doesn’t mean that they should openly support pirating windows.
Second, it’s not Microsoft’s fault that some people aren’t smart enough to use their OS and keep it up to date.
As I said in my post, some of it is their fault. It is their fault that you can get infected by reading a mail, it’s not their fault if a user opens an unknown attachment. Both parts are to blame for this.
Perhaps we should make a harmless virus that just displays a message in fullscreen “DO NOT OPEN ATTACHMENTS FROM UNKNOWN SOURCES AGAIN OR ELSE I’LL WIPE YOUR HDD!”. Perhaps that would get a few people thinking
Many worms like Sasser can be blocked with a basic firewall on Windows. It is shameful that MS didn’t lock down the install defaults though; it was very stupid of them not to block virtually all traffic and only enable what the user needs. As for email viruses, Outlook Express has shown to have some horrendous security exploits, yet the people who found this out the hard way continue to use it anyway.
re: rain
With a cracked copy of XP the only update you can’t install is SP1 (and presumably SP2).
I think it’s great that Microsoft creates patches, because eventually someone is going to find the hole and exploit it. The problem is mainly users not patching systems often enough. But what really irks me is when Microsoft doesn’t patch known flaws OR makes a kludgey patch to fix it.
http://www.eeye.com/html/Research/Upcoming/index.html
Check out the #1 flaw, its been 152 days overdue, that is, it has been known for 182 days without a patch.
Also if you look at the last 5 or so patches by Microsft, 3 of them took around 8 months for a fix.
http://www.eeye.com/html/Research/Advisories/index.html
As far as kludgey patches, just check out that IE patch that fixed the problem where people could trick IE into thinking you are downloading a different file type than you actually are. When they fixed it they removed support for some FTP/Domain login method. Or some WMP patch that fixed a security hole, but added DRM crap.
Sometimes its impossible to update your PC weekly. You go on a holiday for a month, and when you come back you want to update your PC, but you’re susceptable to every nasty which broke out during the month. You want to install an OS fresh, and the second you connect it to the net for all possible updates, you’re vulnerable.
It is impossible for some people to always be up-to date. Thats a fact of life.
I defend MS where I think they are not at fault, but I am not about to say they are not at least partly to blame for the worms that wreak havoc on windows boxes. Sasser and Nachi spread because MS ignored the VERY FIRST RULE in computer security. There is simply no excuse for breaking that rule.
Right, there is no TCO involved, servers patch themselves after hours.
Server admins NEVER MISS ONE either, then Microsoft’s patches ALWAYS WORK! (Blaster comes to mind, as does Nimda. Wonder why..)
…blame yourself. I don’t imagine I’m any different from most home users…I watch movies, do online banking, browse the web, play games, listen to music, etc and I havn’t had to deal with Blaster, or Sasser.
In fact, my windows box has been virus/trojan/worm free for as long as I can remember. Grab a hardware firewall, use Mozilla for browsing and e-mail, and you’ll be fine.
Then again, you could always do the geek thing and use BeOS, Linux, BSD, etc. It never hurts to have at least 3-4 operating systems installed. I know I do =)
no duh security is a factor in the TCO equation. i have a phd to figure that out?
fact is all oses ever made have security vulnerabilities…
so, all businesses and users if responsible implement updating routines, firewalls, anti-virus, gateways…etc etc etc regardless of the computing platform.
the county school system where i live still has a large number of classic mac os systems in place…guess what, the network is protected by all the same security measures that the pc segments are….including licensed anti virus software.
if you use a mac and jump around in glee thinking you are saving $15 per yr because you dont pay for av software, you are sadly misinformed and a menace to a networked community.
also, linux distros, windows, and macs all have regular updates that need to be downloaded and installed….what is the issue with setting auto updates on any of those oses that can do it and then leave it alone? updating pcs is not something one has to fret about.
grow up.
Sometimes its impossible to update your PC weekly. You go on a holiday for a month, and when you come back you want to update your PC, but you’re susceptable to every nasty which broke out during the month. You want to install an OS fresh, and the second you connect it to the net for all possible updates, you’re vulnerable.
It is impossible for some people to always be up-to date. Thats a fact of life.
Even if your senario was true and coming back from vacation and connecting to the Internet would make you vunerable to something, this wouldn’t be a problem if you have something called a FIREWALL!!! Hell, even the free ones will protect you from this crap.
“And OSS dosent have patches. I just spent the last 4hrs upgrading my Slackware 9.1 system to -current. Dont you read the weekly security advisories on http://www.linux.com, http://www.linuxtoday.com, etc?
Nothing is perfect. The fact that windows is used by ~90% of the worlds desktops only magnifies the need to patch.”
No, the difference is that even if you don’t patch, Sasser is not going to mess you up. The only thing you have to worry about is crackers, but this is a worm thread. MS love to point to all the OSS patches, but Alternate OSes still don’t have the same vulnerabilities as Windows.
The fact that Windows is used by 90+% means they have great responsibility to go with all that money they’re making. If they can’t make it secure for the common folk, then they should go back to selling Altair Basic.
There should be no fat clients inside an enterprise. Only small thin clients who download their desktops when they log in. Everything should be maintained from the server. No excuses. This is the only way to Minimise Total Cost.
BTW Linux and MacOS X aren’t immune from Worm/Virus problems. Their time will come.
Worm/Virus exploits lazyness and ignorance. To deal with the effects, you must fix the root of the problem.
(1) With Windows, you don’t have to patch every day. Just turn on auto patch download and update if you don’t want to be bothered with checking all the time. Apple’s approach is to deny that there is a vulnerability until they come up with a patch. Even then, they rate things like “arbitrary code execution over a network as root user” as a “minor problem with long passwords” The Mac OS X platform is fine because there’s no fame or reward in exploiting it.
(2) If “masses” of people move to a different OS, that OS will simply become the new target, and it will suffer as well, and people will fail to update it as well. If you go to a platform that updates without user intervention, it will invariably break the system, and the cure will be deemed as bad as the disease. Both Windows and OS X have had such deadly patches.
(3) There are plenty of unpatched vulnerable Linux boxen out there. They are hacked (though mostly seem to be rooted, not wormed) and it would be quite easy to attack Linux or any other vogue system. I have seen the exploits and vulnerabilities of linux grow right alongside the popularity.
(4) Enterprise level patch management is very complicated. It’s not as easy as giving people admin rights and having them patch their machines every day. A bad patch could cost millions if said patch causes problems worse than the virus (e.g., not being able to boot afterwards) Managing 30,000 boxes is not a straightforward job whether they be Windows, Linux, or otherwise.
Windows users can install firewalls on their machines. Then no worms will attack them. Use Mozilla instead of IE/Outlook and all the virus email problems mainly dissapear. Install a virus scanner (yearly update costs) and all viruses will disappear.
Even then you will have some problems with spyware, so use adaware and spybot S&D.
The only problem is that now you cannot use ActiveX specific things. This is not normally a problem if you are just a SMB (Small – Meduium Buisness) user. But in some large enterprises they have their intranet apps use activeX. In this case it is the application designer that is at fault because they used a product with known security flaws.
Also in a large enterprise you cannot use the cheap firewall software, because you have to pay for it due to liscence issues.
Every machine needs its protection in a large network because the access to the Internet is no longer only through the servers. Now this software can be brought in on laptops that have been outside of the firewall. So every machine needs a firewall. Also some viruses can come in on other media such as CD’s, Flash Drives, MP3 Players etc. So every machine needs a virus scanner. Also there is wireless networking to consider.
Basically Sysadmins now need to rethink their security strategy and realise that every machine needs to be a fortress. You can no longer protect the network with a few firewalls and an incoming virus scanner.
“No, the difference is that even if you don’t patch, Sasser is not going to mess you up.”
So? Thats like saying, I dont have to worry about patching windows, becauase a vulnerability in openssl only effects some *nix OSes. This isnt just about Sasser, its about security, everyone needs to patch!
” The only thing you have to worry about is crackers,”
Like the ones that hacked into the Debian, Gentoo, and Gnome servers? They were unpatched too.
“but this is a worm thread”
Maybe for you but for the rest of us, its about security in general.
“but Alternate OSes still don’t have the same vulnerabilities as Windows.”
http://math-www.uni-paderborn.de/~axel/bliss/
“Bliss has been called a virus for Linux, a common Unix trojan, a virus-like trojan with worm-like features etc…”
Luckily it was only demo code,meant to show how to exploit a vulnerability.
“The fact that Windows is used by 90+% means they have great responsibility to go with all that money they’re making.”
Windows has been the dominant OS for most of the “computer revolution”. I agree, they have lapsed on security because of a lack of competion. Now we have linux/BSD which are giving MS a run for their money.
“If they can’t make it secure for the common folk,”
So you people want security but when MS anncounes that Longhorn will have MANDATORY patching, you start yelling that their stealing your freedom?
Make up your mind. Users must sacrifice some freedom if they want to be protected.
“Why not? It should be in their interest to prevent worms from infecting windowsboxes, because it gives them a bad reputation. Making it easily available to anyway doesn’t mean that they should openly support pirating windows. ”
Think of it as the “price” for being a pirate.
It may be in their “interest” to stop worms, and other such, but it’s in their greater interest not to have people pirating their software, and to have you as a “paying” customer that will support their efforts to produce a better OS (no comments from the peanut gallery, please).
Why so much talk about blame? I don’t care who is to blame for the effects of viruses, worms etc (no chance of suing MS or someone else anyway). The only thing that matters is that it will cost a lot of money to fix broken computers (or take preventive measures). So it is a cost that every company has to take into account. It is that simple.
I’m a senior consultant in the SMB-segment. When a new update comes, we first run it on our own machines (using time that we could have been paid for). If that works fine, we advice the “normal” users to just run the updates.
If it breaks something, and more than too often it does, we have to find a workaround, before we visit the customers, helping them with the updates, or ommitting the one that breaks the system. There’ll allways come an update to the update, so we make that methode work somehow.
When it comes to servers it’s another show alltogether.
First we create a Ghost image of our test server, before we run the update. If that works fine, we do the same for our other servers, before we advice our customers to update.
Is all this really needed?
Yes, the cost of uncritical updating rapidly becomes huge if all machines won’t boot after a security update!
Another problem is applications that simply do not accept any updates. After an update they just won’t run!
Microsoft sends a bundle of updates, and it can be a big job to find the update that broke the application.
If you are depentent of an application like that, the only choice is to get that machine of the net. Now that itself present a new problem. How can that machine interact with the other macines? Well, it can’t!
For two of my customers, the firm that made the applications didn’t want to upgrade the application to work after update; “Buy our last version, that’ll support it”. Now that would, for one of the firms, cost NOK 70.000,- ($ 10.390,-) pluss the time used to learn the new GUI.
We have a few customers like that, and right now, we’re testing with a personal firewall, AV-app and a Bot-remover to see if we can make the machines safe enough.
The Linux servers I maintain have never seen any problem like this. I’m not saying that they never will, but as of so far the track record is 100%.
I allways update the Linux servers over ssh, but I’d never update a Windows server remote.
Sometimes (rare, but it has happened) we haven’t been able to create a workaround that will install an update without breaking something, and if the follow-up-update hasn’t arrived, the exploit arrives before the machine has been patched. Now that’s something that cannot be blamed the users or administrators, but Microsoft itself.
As soon as one can trust the updates coming from Microsoft, and I don’t, we can expect the updates to be more effective.
So the TOC of Windows are indeed linked closely to patches, updates and sloppyness from Microsoft.
“With a cracked copy of XP the only update you can’t install is SP1 (and presumably SP2).”
Everyonce can, provided they know how; not everyone knows how. It has been done before. You just may not use one of those blacklisted serials. If you do, you can change your serial to a legal one.
The impaxt of worms like these would be less when there were more diversity in the computer sector.
“BTW Linux and MacOS X aren’t immune from Worm/Virus problems. Their time will come.”
Come again? The first worm ever was a Sendmail worm. 1989. Sendmail is the most popular MTA in the world (i really do not understand why, but that’s a different discussion). If there is a more diversity, based on standards, with multiple MTA’s, at least a worm takes down less % of the MTA’s in the world.
“Like the ones that hacked into the Debian, Gentoo, and Gnome servers? They were unpatched too.”
You are ill-informed.
1) Debian/Gentoo were unknown vulnerabilities. Because of that, they were patched.
2) Gentoo was merely a mirror. The kid got caught in a trap too btw. Debian was indeed huge.
3) Someone exploited a rsync vulnerability to get local access (unknown vulnerability) and from there exploited a Linux kernel vulnerability to get root access (unknown vulnerability).
4) The Linux kernel developers didn’t found the problem a local root vulnerability. Because of that, it wasn’t fixed. Then some kid found out. Together with the rsync problem it was jackpot for them.
Can’t speak of GNOME. You forgot MPlayer and FSF btw, such a pity.
Now, unless you’re really ignorant, that is something different than ScreamOnline’s crack on Microsoft done in 2001 which was possible since Microsoft didn’t patch their own computers. It is also different than Microsoft not patching vulnerabilities known to a company/person who helds it secret to the general public. There’s no full disclosure!
You’ll find out that the patches in FLOSS programs and Linux distributions are generally fast. If you get a patch, you know it is fixed fast and you also know full disclosure is out. On the contrary, if you get a Windows patch, it might be just as well one of those patches which were already known for various months, luckily in past cases to a group of whitehats…
[/i]http://math-www.uni-paderborn.de/~axel/bliss/
“Bliss has been called a virus for Linux, a common Unix trojan, a virus-like trojan with worm-like features etc…”
Luckily it was only demo code,meant to show how to exploit a vulnerability.
“The fact that Windows is used by 90+% means they have great responsibility to go with all that money they’re making.” [/i]
I was going to give you loads of abuse about posting stuff that you either had not read properly, or taken in…
However, when I think about it, why should I give you hassle ? you obviously know that the all the known exploits under linux all need to be run as root and are limited to the damage they can do locally, and that it is almost impossible to get it to infect another linux machine, either over the lan or the internet.
I understand YOU knew all that before posting, but I had to follow up…….
Windows users who install linux will probably run as root, they will download binaries, they will install and run them as root. They will infect their own machines. Tough, they deserve to get hit.
Now there might be enough ex-Windows users out there all running as root, all installing binaries as root, and MAYBE infecting each other. Ah well, they all deserve to get hit, in fact, they should parcel the pc back in the box it came in, take it back to PC World and tell the salesmen that they are too stupid to own a pc and get their money back.
Virus/Trojans etc will never be the same problem under linux as it is under windows. the might be some damage with user ignorance, but once people learn how to use the system,,,, no problem
I personally listen to my Gartner. Just last week he told me he would then cut my hedges, otherwise there would be small game living in it soon. Also, noone mows the lawn better and faster. Truely, having a Gartner is good, having a good Gartner is priceless.
Even if your senario was true and coming back from vacation and connecting to the Internet would make you vunerable to something, this wouldn’t be a problem if you have something called a FIREWALL!!! Hell, even the free ones will protect you from this crap.
Firewall? What’s he talking about? Ahhhhh… You must mean the software that comes for free with Mac OSX and Linux, and whose default settings are secure, but which doesn’t come with Windows, or if it does, comes with pathetically insecure settings.
Think of it as the “price” for being a pirate.
It may be in their “interest” to stop worms, and other such, but it’s in their greater interest not to have people pirating their software, and to have you as a “paying” customer that will support their efforts to produce a better OS (no comments from the peanut gallery, please).
But there’s a difference between functionality updates and security patches. I agree that the functionality updates should only be provided to those who pay for windows.
The unpatched pirated machines are affecting all of us, either by spreading the worms or slowing down our networks. Those people will not buy Windows anyway so making the patches easily available would IMO be the only reasonable solution.
Besides, if it’s their greater interest to prevent piracy then they are digging their own grave. MS has piracy to thank for their world dominance.
“The unpatched pirated machines are affecting all of us, either by spreading the worms or slowing down our networks.”
Kind of takes the starch out of the argument that piracy is a victum-less crime, doesn’t it?
“Those people will not buy Windows anyway so making the patches easily available would IMO be the only reasonable solution.”
So? They will not buy Windows. Why should they be rewarded even moreso for making a poor decision? IMHO the only resonable decision would be making them clean off every machine their bad decision affected.
“Besides, if it’s their greater interest to prevent piracy then they are digging their own grave. MS has piracy to thank for their world dominance.”
Maybe, but that should have been their decision to make from the beginning, and the consequences of said decision would be theirs as well. Piracy is someone else making the decision for you, but you getting stuck with all the consequences. Also don’t forget the legal findings that show that there were other factors that made them dominant, not just piracy.
Use SMS(System Management Server) with Advertising Agents. This Agent will be configured by the Admin and Forcible Run on Users PC which resides in Organisation Domain. The Agent will run on given schedule and patchup pcs for individual users without user intervention,
Kind of takes the starch out of the argument that piracy is a victum-less crime, doesn’t it?
I am not defending piracy. But it’s there and it’s better to make it less harmful to the rest of the people.
It’s the same with drugs, you can’t really ever prevent people from taking drugs but you can try to do something about the social problems drugs create. (like giving free drugs or medication to addicts)
IMHO the only resonable decision would be making them clean off every machine their bad decision affected.
Sure, but it still affect more than just those people. MS won’t be able to get rid of piracy, at least not for a long time, so they better make the best out of the situation. It’s not the ones who use illegal copies who gets the reward it’s the rest of us.
Piracy is someone else making the decision for you, but you getting stuck with all the consequences. Also don’t forget the legal findings that show that there were other factors that made them dominant, not just piracy.
Piracy is still one of the best ways to give away free versions of your product without publically doing so. A lot of companies are thankful for piracy. I remember back in the late 90’s when talking to a person (don’t remember his name) at NewTek about piracy and his answer was “It makes good lightwavers.”
A lot of people can’t afford the product, and instead of buying a cheaper product they pirate it, thus eliminating the competition and becomes good at the product and use it later in their profession with a legal version.
IMO, piracy is worse for the consumers than it is for the large companies.
Sure there are other factors for the growth of windows, but piracy is a big one.
Here in Florida, most of the government offices in Tallahassee were hit, as well as the offices here in Tampa… it just amazes me.
What is really bad is for the most part, if you just had a simple firewall up and didn’t have the patch you are protected from the worm…. it just boggles my mind how bad some setups are.
Unless you are on the network with anyone else that is!
You don’t run firewalls on corporate and government desktops (though I often wonder why!) Even still, without a good patch management solution it is VERY easy to miss a system when you have hundreds in your farm. It’s 1am, do you know how many servers there are left to patch? 😉
“Piracy is still one of the best ways to give away free versions of your product without publically doing so. ”
I disagree. The game industry has already solved this problem for most people (the truely greedy will never be satisfied).
Also a lot of companies bundle “lite” versions with hardware.
“A lot of people can’t afford the product, and instead of buying a cheaper product they pirate it, thus eliminating the competition and becomes good at the product and use it later in their profession with a legal version. ”
They can also become “good” with the “lite” version as well, plus you just made the argument for the government stopping piracy. Piracy as an anti-competitive manuover.
So? They will not buy Windows. Why should they be rewarded even moreso for making a poor decision?
It’s not a question of rewarding anyone, but of protecting our network infrastructure. Security updates should be provided to anyone, no questions asked.
In any case, Microsoft has benefitted a lot from piracy. If tomorrow morning everyone was forced to pay for their copy of Windows or MS Office, you can bet that there would be a lot of new Linux/Mac OSX and OpenOffice users.
Piracy has helped spread MS Office so that now virtually everyone uses it, and .doc and .xls files are de facto standards. Proprietary file formats being the principal element that has sustained Microsoft’s monopoly, I think it’s safe to say that MS has in fact gained more through piracy that it has lost.
I disagree. The game industry has already solved this problem for most people (the truely greedy will never be satisfied).
One of SCEA’s former executive has once said that the PlayStation wouldn’t have become so popular if PS games weren’t so easy to pirate.
Personally, I stand against piracy because it is against the copyright holder’s wishes. This is why I use Linux and open-source software, a view that is shared by most Linux users. In fact, you’ll find that a French Linux user group is currently lobbying the French government so that it seriously cracks down on piracy – knowing full well that many people will flock to FLOSS instead of buying the overpriced OS and Office packages from Microsoft.
Now there might be enough ex-Windows users out there all running as root, all installing binaries as root, and MAYBE infecting each other. Ah well, they all deserve to get hit, in fact, they should parcel the pc back in the box it came in, take it back to PC World and tell the salesmen that they are too stupid to own a pc and get their money back.
I am unsure where this belief that code not running as root is effectively neutered has come from, but it is false and you are doing yourself and anyone you advise a significant disservice by continuing to spread it.
Virus/Trojans etc will never be the same problem under linux as it is under windows.
Yes, they will. Once the platform is as widespread and the users significantly less competent, the same trojans that people willingly run today on their Windows machines, they will be willingly running tomorrow on their linux machines.
the might be some damage with user ignorance, but once people learn how to use the system,,,, no problem
What makes you think they’ll learn how to use the system ? They haven’t learnt how to use Windows.
While I don’t think it’s wise to run as root, I don’t really see why a virus wouldn’t be able to do any harm if it can’t access the whole system.
As long as it can access your home-folder then it can do a lot of harm. It’s not such a big deal if it destroys the system, it can be easily installed again, but if it damages any files that I have created myself such as music, images or texts then it is practically impossible to repair.
“Well, then backup!” sure sure, I have learned to backup after loosing thousands of hours of work, but a lot of people just doesn’t care to do backups or they don’t do it often enough. They don’t think that anything will happend to them until it’s too late.
So I never really got the “a virus can’t do any damage if it doesn’t run as root”-argument. Sure it can’t harm the system and it can’t harm other users files. But it can harm the most valuable files on the system: your files.
I believe the subject of the article (and of much of the hoopla on the rest of the net) is worms, not trojans or viruses that destroys a user’s file.
The problem with worms is how it spreads itself from machine to machine without the user’s intervention. While it is theroetically possible for a Linux worm to exist, none have ever been seen in the wild. Meanwhile, on Windows they represent a serious problem. Sasser is the latest incarnation.
Now Microsoft apologists can theorize all they want on how it would be different if Linux had a bigger market share, the fact of the matter is that the number of malware for Windows with regards with Linux is disproportionate to actual market share by a factor of at least 50. It’s not just a question of popularity, but of architecture and design choices.
“The problem with worms is how it spreads itself from machine to machine without the user’s intervention. While it is theroetically possible for a Linux worm to exist, none have ever been seen in the wild. Meanwhile, on Windows they represent a serious problem. Sasser is the latest incarnation.”
Yes there were: For at least Apache and Sendmail. Not sure about OpenSSH.
A worm is using the Internet to spread itself exploiting a vulnerability a service or program the computer is running. Viruses OTOH, do not exploit a vulnerability. They attach themselves to one or multiple files. They used to be spread by floppies. To be effective they had to spread throught multiple files since the chance it would be copied would be greater.
Windows has, at last glance, 96% of the US computer market and a similiar percentage of the world market. How many millions of computers running Windows OS’s is that? I am not defending Outlook or IE both which are a security nightmare, I tell everyone who i talk to on windows to use alternative browsers like Mozilla and mozilla mail. Microsfot has been good about patches and linux and os x have had security issues and still do. Fortunately for us Linux and mac users due to permissions and other security restraints they are a lot less likely to be serious. AS for the letting pirated copies patch, i agree it would help everyone but from a business perspective it wouldn’t go over to well. I’m not defending microsoft at all I think Windows is the most poorly written collective of software in the histort of mankind (that applies to all versions) I swear by my Slackware box.
You are right, there was an Apache/SSL worm on a Linux (though I couldn’t find anything about Sendmail). I stand corrected.
What’s telling, however, is that the worm did very little damage, despite targeting one of the most popular OS/Web Server combination (further contradicting the “popularity” argument). It should also be noted that, unlike the parade of Windows worms, this anomalous piece of Linux malware exploited a vulnerability that wasn’t in the OS itself, but rather in a third-party application that had to be consciously installed, set up and activated.
I’m not saying that Linux has no malware problem – just that, by its design, Linux is more secure from a malware point of view. One of the main elements, of course, is that a file cannot be determined to be an executable simply because of its filename extension – that simple design decision is responsible for countless security problems.
Meanwhile, on Windows they represent a serious problem.
Compared to email trojans, worms make up an insignificant proportion of malicious code. More importantly, securing machines against worms is trivially easy, securing it against trojans is very difficult.
Now Microsoft apologists can theorize all they want on how it would be different if Linux had a bigger market share, the fact of the matter is that the number of malware for Windows with regards with Linux is disproportionate to actual market share by a factor of at least 50.
It’s not quite as simple as “marketshare % should equal worm %”. THere’s this thing called critical mass.
Added to that, take out all the *variants* of each worm (most of them get, what, upwards of 10 variants each) and you’ve got a more reasonable comparison.
It’s not just a question of popularity, but of architecture and design choices.
Given that NT’s architecture and design are at least as secure as Linux’s (if not more so) clearly that’s not anywhere near as important an issue as you’d like to say it is.
Simple fact is the marketshare of a platform *is* important. All else being equal, A worm targeted at a platform only present on 1 in every 100-odd machines is going to spread much slower and cause much less damage than one targeted at 95 out of every 100 machines. This is such a basic and inescapable fact it constantly amazes me people still wave their hands around trying to say it doesn’t matter.
However, added to that, all else *isn’t* equal. The average competency of windows users is far, far less than the average competency of Linux users. Ergo, the Linux platform, already less vulnerable because of its relative rarity, has its vulnerability further reduced because a much larger proportion of its users are capable of a) initially securiing their machine in the first place, b) identifying when their machine has been compromised, c) rectifying the problem and d) patching so it doesn’t happen again.
What’s telling, however, is that the worm did very little damage, despite targeting one of the most popular OS/Web Server combination (further contradicting the “popularity” argument).
You are comparing the wrong aspect of marketshare. Apache may well be the most popular webserver, but compared to all the internet-connected machines, the marketshare of apache servers is miniscule.
Your example does nothing to contradict the “popularity” argument.
It should also be noted that, unlike the parade of Windows worms, this anomalous piece of Linux malware exploited a vulnerability that wasn’t in the OS itself, but rather in a third-party application that had to be consciously installed, set up and activated.
Another reason why it does nothing to contradict the “popularity” argument.
I’m not saying that Linux has no malware problem – just that, by its design, Linux is more secure from a malware point of view.
No, it isn’t.
One of the main elements, of course, is that a file cannot be determined to be an executable simply because of its filename extension – that simple design decision is responsible for countless security problems.
This issue isn’t even relevant to worms. It is relevant to trojans, but if you think requiring ignorant end users to type “chmod a+x trojan_executable” is going to slow them down, you’re either naive or stupid.
Added to which, NT’s permissions system *does* let you deny file execution, regardless of file extension.
Compared to email trojans, worms make up an insignificant proportion of malicious code.
However, they cause a lot of damage. Frequency is not the only gauge of how serious a malware issue is.
It’s not quite as simple as “marketshare % should equal worm %”. THere’s this thing called critical mass. […] Simple fact is the marketshare of a platform *is* important.
Well, since worms target mostly servers, and that Linux’s market share for servers is roughly half that of Windows, then I think it’s safe to assume that we do have critical mass. And yet worms for Windows far outnumber those for Linux.
Given that NT’s architecture and design are at least as secure as Linux’s (if not more so)
Actually, it’s not more so. For starters, in Linux you can’t have a file be considered an executable simply because of its extension. There are also numerous ways to fsck up the system you’re on even if you don’t have administrative rights. Because the desire of MS to shut off competition by tightly integrating parts of the OS together has not equivalency in Linux, you don’t have a parade of glaring vulnerabilities like those related to Internet Explorer and Outlook Express. Finally, Linux distros have not typically run vulnerable services by default, as Windows has done many times over the years.
A worm targeted at a platform only present on 1 in every 100-odd machines is going to spread much slower and cause much less damage than one targeted at 95 out of every 100 machines.
Well, as it happens Linux servers represent a lot more than 1% – and these are the computers most likely to be involved in worm propagation. The “critical mass” factor clearly isn’t sufficient to explain this discrepancy.
MS’s security record speaks for itself. Only its faithful apologists would refuse to acknowledge it.
You are comparing the wrong aspect of marketshare. Apache may well be the most popular webserver, but compared to all the internet-connected machines, the marketshare of apache servers is miniscule.
That is irrelevant. A worm exploits a service, Web serving is a common service, Apache is the leading webserver (by a margin of 2 to 1). So the effect of the Worm should have been quite noticeable, but in fact it wasn’t. Futhermore, such worms have been very rare. So the popularity of Linux/Apache Webservers, which represents millions of machines, should have made the system more of a target. It hasn’t.
This issue isn’t even relevant to worms. It is relevant to trojans, but if you think requiring ignorant end users to type “chmod a+x trojan_executable” is going to slow them down, you’re either naive or stupid.
Name-calling…why doesn’t that surprise me. Anything to spread the FUD, I guess.
Are you really arguing that having users having to chmod files to make them executable would not slow down virus propagation? And then you have the gall to call me stupid?
“Linux is more secure from a malware point of view.”
No, it isn’t.
Yes it is. There are about 5,000 times more viruses for Windows than Linux, while Windows has about 40 times the market share. The “critical mass” argument isn’t enough to explain the discrepancy. I mean, there are plenty of Linux-haters out there, there should be more Linux malware…but there isn’t.
5,000 times more malware for Windows than Linux…I think anyone will admit that Linux is, in fact, more secure than Windows from a malware point of view. Unless they’re MS fanboys or employees, that is.
Added to which, NT’s permissions system *does* let you deny file execution, regardless of file extension.
Yeah, too bad it’s not turned on by default, and 99% of Windows NT users don’t know how to do it. (Let’s not even talk of the hundreds of millions of PCs who still use Win9X).
That’s what I mean when I speak of “security by design”, and no amount of head-in-the-sand will solve this.
However, they cause a lot of damage. Frequency is not the only gauge of how serious a malware issue is.
Very true, but email trojans also cause a lot of damage.
I know which one I consider the bigger threat, and it isn’t worms.
Well, since worms target mostly servers, […]
Your assumption is flawed.
[…] and that Linux’s market share for servers is roughly half that of Windows, then I think it’s safe to assume that we do have critical mass.
Linux machines would barely make up 5% of the internet connected machines out there, if that. Linux servers, even less. It’s a *long* way from critical mass.
And yet worms for Windows far outnumber those for Linux.
Indeed they do, primarily for the reasons I outlined previously.
What’s the point in writing a worm for Linux ? It’ll be found quickly and the vast majority of the userbase will be patched and protected within a week.
Contrast this to Windows machines, where most people won’t even know they’re infected, let alone know how to clean the problem and patch.
Actually, it’s not more so. For starters, in Linux you can’t have a file be considered an executable simply because of its extension.
Sure you can. It’s something done by the shell, not the OS. Not that it’s particularly important anyway.
There are also numerous ways to fsck up the system you’re on even if you don’t have administrative rights.
Such as ?
Because the desire of MS to shut off competition by tightly integrating parts of the OS together has not equivalency in Linux, you don’t have a parade of glaring vulnerabilities like those related to Internet Explorer and Outlook Express.
Your paranoid and childish rants are not relevant.
Finally, Linux distros have not typically run vulnerable services by default, as Windows has done many times over the years.
This is not a design issue, it’s configuration semantics.
Not to mention Linux distros typically *have* run like this, until fairly recently. So has most of the internet, for that matter.
Well, as it happens Linux servers represent a lot more than 1% […]
Bullshit. Linux servers would be barely 1% of all the machines on the internet, if that.
[…] – and these are the computers most likely to be involved in worm propagation.
No, they’re the machines *least* likely to be involved in worm propogation, because they are generally run by competent people who have their security patches up to date and quickly notice aberrant behaviour.
The machines *most* likely to involved in worm propogation are the ones in unmanaged environments, ie: home users. The machines next most likely are the ones that aren’t used by professionals directly, ie: business desktops.
I’m not sure why you’ve got this idea in your head that servers are more vulnerable and more targeted, but it’s wrong. Targeting servers is stupid, because they are generally professionally managed, well protected and carefully monitored.
The “critical mass” factor clearly isn’t sufficient to explain this discrepancy.
It’s more than sufficient. It pretty much explains the discrepancy on its own, without even having to venture into the relative levels of user competence and the platform worm writers are most likely to be familiar with.
MS’s security record speaks for itself. Only its faithful apologists would refuse to acknowledge it.
Only idiots would refuse to acknowledge that marketshare is a critical aspect of a) whether or not a platform is targeted, b) how quickly a successful exploit will propagate and c) how much damage will be caused. A worm could be released tomorrow that affected 90% of the Linux machines in the world and it would be unlikely to cause even a hundredth the damage of even a relatively “quiet” Windows worm.
That is irrelevant.
It is completely relevant. A worm doesn’t pass on a potential victim because it isn’t a server (quite the opposite, in fact – a semi-intelligent worm would pass over the servers, if it was going to pass over anything).
A worm exploits a service, […]
No, a worm (generally) exploits a platform – a unique combination of operating system and software. If worms exploited services, then every web server (for example) would be vulnerable to the same exploits.
[…] Web serving is a common service, Apache is the leading webserver (by a margin of 2 to 1).
You are using numbers that count domains, not machines. While Apache is still the most popular webserver, there aren’t twice as many Apache *machines* out there as there are anything else.
This is an important distinction, because it is that *machine* that is infected.
So the effect of the Worm should have been quite noticeable, but in fact it wasn’t.
Why should it ? The proportion of vulnerable machines on the ‘net would probably struggle to reach single digit percentages.
Futhermore, such worms have been very rare. So the popularity of Linux/Apache Webservers, which represents millions of machines, should have made the system more of a target. It hasn’t.
That’s because in terms of the entire internet, Linux/Apache webservers are a miniscule proportion.
Name-calling…why doesn’t that surprise me. Anything to spread the FUD, I guess.
I repeat, if you think requiring ignorant end users to type “chmod a+x trojan_executable” is going to slow them down, you’re either naive or stupid.
This is not name calling, it is a statement of fact, much like saying anyone who doesn’t patch their system and expects not to be infected, is either naive or stupid.
If you do not believe either of these two words are applicable, please explain why. I’m sorry if you find it insulting, but I sincerely doubt there are any applicable words that you *wouldn’t* find insulting.
Are you really arguing that having users having to chmod files to make them executable would not slow down virus propagation?
Yes. Well, it might add a few seconds here or there, but it’s not going to make any *appreciable* difference.
Not long ago, yet another trojan went around. It required end users to open a password-protected zip file (the password was in the email) and then execute the contents. As I expected, people did this in droves.
I repeat, requiring people to “chmod u+x” is not going to make any difference. It’s like putting speed bumps in front of an army base and expecting them to stop tanks.
And then you have the gall to call me stupid?
Not just you. Anyone who thinks like that is either naive, or stupid.
Yes it is. There are about 5,000 times more viruses for Windows than Linux, […]
Discount the variants of each one and see how that number changes.
[…] while Windows has about 40 times the market share. The “critical mass” argument isn’t enough to explain the discrepancy.
Yes, it is. Personally, I think you’d need upwards of 10% – maybe even 20% marketshare before worms, viruses and trojans really started to have a noticable impact in the larger picture.
I mean, there are plenty of Linux-haters out there, there should be more Linux malware…but there isn’t.
What makes you think this is relevant ?
What would be the point of writing malware for Linux ? Even if you infected 90% of the Linux machines out there it’d be unlikely anyone outside of the technology industry would know about it.
5,000 times more malware for Windows than Linux…I think anyone will admit that Linux is, in fact, more secure than Windows from a malware point of view. Unless they’re MS fanboys or employees, that is.
More secure ? No.
Less likely to be targeted or affected (for now) ? Yes.
I doubt a Lamborghini has a much better security system than the average BMW either, but I bet I can guess which one is more likely to be stolen.
Yeah, too bad it’s not turned on by default, […]
It’s not something you can “turn on” or “turn off” system-wide. It’s a file permission.
[…] and 99% of Windows NT users don’t know how to do it.
So what makes you think that percentage would be any different if Linux was as widely used as Windows ?
The problem, as you ever so nearly admit here, is not the lack of security features, it’s how little they are used.
That’s what I mean when I speak of “security by design”, and no amount of head-in-the-sand will solve this.
So what do you suggest ? Microsoft send out storm troopers to force everyone to upgrade to XP ? That we don’t let people use computers until they’ve done sufficient study to know how to configure their machines ?
Not to mention, the only “insecure by design” thing you’ve managed to come up with is execute permissions, which at most are a relatively minor issue, even if you ignore the fact that most Linux DEs do the same thing for 99% of filetypes.
Of course it is! They release software full of bloody holes and insecurities. If we stop and count all the various holes that have been patched up since we started with each seperate version of windows what have left???
Something akin to Swiss Cheese.
An O/S where security was an after-thought.
Simple as that.
Well said. Slack is a great distribution.
Maybe this sounds ignorant but here goes.
If the O/S needs to be patched so frequently, can we fairly say, that security must have been absolutely almost zero – and for how many years???
Perhaps the public could sue them for producing a product that was known to be so crap in the security department.
It sort of makes one laugh at all the people banking on the internet if your O/S is so insecure does it not?
If the O/S needs to be patched so frequently, can we fairly say, that security must have been absolutely almost zero – and for how many years???
Given Linux is patched at least as often, where does that put it ?
If worms exploited services, then every web server (for example) would be vulnerable to the same exploits.
You’re nit-picking here. When I said service, I meant OS/software combo. Of course a worm will not target a port number – it needs something specific on the other side. This is why the RPC vulnerability on Windows didn’t affect the same ports on other machines.
While Apache is still the most popular webserver, there aren’t twice as many Apache *machines* out there as there are anything else.
I’m not claiming that. You’d be naive or stupid to believe that this is what I was saying. What I’m saying is that the number of Apache servers (15 million, more or less) is big enough for a worm to theoritically have a noticeable effect.
Why should it ? The proportion of vulnerable machines on the ‘net would probably struggle to reach single digit percentages.
I think you underestimate the number of Linux servers on the net. Yes, I’m saying “Linux servers” because this is the only real worm that affected them. So the fact remains that, even though Linux has an appreciable presence on the Internet, it’s been virtually untouched by worms – unlike Windows. Ergo, the “popularity” and “critical mass” arguments are pure bull. You’d have to be naive or stupid to believe them.
If you do not believe either of these two words are applicable, please explain why. I’m sorry if you find it insulting, but I sincerely doubt there are any applicable words that you *wouldn’t* find insulting. […] I repeat, requiring people to “chmod u+x” is not going to make any difference. It’s like putting speed bumps in front of an army base and expecting them to stop tanks.
It is going to make a difference, because most people will not bother doing it, as opposed to a double-click. A lot of other will grow suspicious when faced with a list of tasks they don’t understand (especially if it involves opening up a terminal), and those who know what chmod does will not be tricked. Each of these hurdles reduces the risk of inspection. You’d have to be either naive or stupid not to understand that. Or a Microsoft shill.
In fact, this is proven by the example you’ve give: password-protected “zip” viruses have a lower rate of propagation than other types of e-mail viruses.
More secure ? No.
Less likely to be targeted or affected (for now) ? Yes.
Therefore, more secure. Security isn’t about what could be, but what is. Right now, Linux is more secure than Windows with regards to malware. This could change in the future, but there’s no guarantee that it will. You’d have to be naive or stupid to be convinced of that.
I doubt a Lamborghini has a much better security system than the average BMW either, but I bet I can guess which one is more likely to be stolen.
That’s quite a stupid analogy. BMWs are more likely to be stolen because there are more of them. If you have both a Lamborghini and a BMW next to one another, the BMW is still more likely to get stolen because the parts are more easily sold on the black market. However, the Lamborghini owner is more likely to have a better security system on his car because he paid a lot more for it. It’s also probably got better insurance.
Moreover, this is a really stupid analogy, like most car/computer ones. I’m not saying that you’re stupid, mind you. Just that your analogies are.
Discount the variants of each one and see how that number changes.
Well, if we discount the variants, the proportion wouldn’t change that much, since most Linux viruses are variants as well. You would still end with about 5,000 more viruses for Windows than Linux, or 100x more than the market share would suggest. Again, this indicates that the “popularity” and “critical mass” arguments are just pipe dreams for MS shills.
Yes, it is. Personally, I think you’d need upwards of 10% – maybe even 20% marketshare before worms, viruses and trojans really started to have a noticable impact in the larger picture.
A totally useless statistic which you just made up. Linux has 25% market share for servers. Unix used to have a lot more.
So what makes you think that percentage would be any different if Linux was as widely used as Windows ?
It wouldn’t matter, because Linux doesn’t have that “feature.” So even if Linux was as widely used as Windows it wouldn’t be affected by this security flaw.
Not to mention, the only “insecure by design” thing you’ve managed to come up with is execute permissions, which at most are a relatively minor issue, even if you ignore the fact that most Linux DEs do the same thing for 99% of filetypes.
Head in the sand again. Execute permissions are not a minor issue: they are responsible for the majority of trojan infections.
And you show your ignorance by claiming that Linux DEs do the same thing – they don’t. A file cannot be made an executable by its extension. It can call up a program to load it (after a file dialog) but that not the same thing at all. Only a MS shill (like you’re proving yourself to be once more) would argue such a thing.
Given Linux is patched at least as often, where does that put it ?
The OS is not patched at least as often (applications are) and the vulnerabilities are often less serious. Also, Linux users have the possibility to downgrade versions while a patch isn’t available for the affected software, and they do not risk lowering performance of their system or rendering them unusable by applying monster patches – two problems that have plagued recent MS patches (and that you’ll no doubt ignore once more in your ceaseless MS cheerleading efforts).
You’re nit-picking here. When I said service, I meant OS/software combo.
Maybe to you, but to me the word “service” does not mean what you think it means.
I’m not claiming that.
Yes, you are, by implication.
You’d be naive or stupid to believe that this is what I was saying.
Your implication was clearly that because Apache has twice the web server marketshare, it should be targeted in proportion to this. I was pointing out that the marketshare figures you are referring to are based on *domains*, not *machines* and that this is an important distinction because it is *machines* that are compromised.
What I’m saying is that the number of Apache servers (15 million, more or less) is big enough for a worm to theoritically have a noticeable effect.
15 million machines (assuming the number is correct) represents about 5% of internet connected machines – and *that* isn’t including the ones behind firewalls and/or NAT.
5% is not a particularly large proportion of all the machines out there. Whittle it down to specific Apache+OS combinations, and it’s even less.
I think you underestimate the number of Linux servers on the net.
I don’t.
Incidentally, please stop trying to insert some artificial distinction between “servers” and other ‘net connected devices. In the context of malware, there is no need to make this distinction.
Yes, I’m saying “Linux servers” because this is the only real worm that affected them. So the fact remains that, even though Linux has an appreciable presence on the Internet, it’s been virtually untouched by worms – unlike Windows.
Linux, as a proportion of all ‘net connected machines, has an insignificant presence on the internet. Even the most generous estimates would only put it at around 5%.
Ergo, the “popularity” and “critical mass” arguments are pure bull. You’d have to be naive or stupid to believe them.
You’ve not even presented a coherent argument to support this assertion, let alone a logical one supported by evidence.
It is going to make a difference, because most people will not bother doing it, as opposed to a double-click.
Yes, they will. I state this with complete confidence based on watching people, time after time, install spyware, trojans and various other bits of malware either because they do something cool, or because they *might* get something out of it.
A lot of other will grow suspicious when faced with a list of tasks they don’t understand (especially if it involves opening up a terminal), […]
Your optimism is refreshing, but not grounded in cold, harsh, reality.
[…] and those who know what chmod does will not be tricked.
Users competent enough to know what chmod does would be about as common as users competent enough not to go double clicking on random executables in Windows. Which is to say, pretty rare. I think we can safely count them out of both sides of the equation.
Each of these hurdles reduces the risk of inspection. You’d have to be either naive or stupid not to understand that. Or a Microsoft shill.
A single hurdle, if you could call it that, will barely slow people down. Trying to run executables from Outlook gives a fairly sternly worded message saying it’s a bad idea (and defaults to save), yet people still do it. You think a random command, that gives no feedback or warning whatsoever, is going to be significantly more of a deterrant ?
In fact, this is proven by the example you’ve give: password-protected “zip” viruses have a lower rate of propagation than other types of e-mail viruses.
The fact they propagate *at all* pretty much demonstrates requiring an innocent looking command is going to make little difference.
Therefore, more secure.
No. I’d also expect AmigaOS and OS/2 to be vastly less likely to be targeted as well, but (hopefully, at least) no-one would seriously try and argue they are more secure.
Security isn’t about what could be, but what is.
Security is not an end result, it is a process. You cannot judge the process solely by results.
Right now, Linux is more secure than Windows with regards to malware.
No, it is simply targeted less and has more competent users.
This could change in the future, but there’s no guarantee that it will. You’d have to be naive or stupid to be convinced of that.
I see little evidence to believe Linux (or OS X, for that matter) would fare any better if exposed to the same levels of exposure and marketshare that Windows is.
BMWs are more likely to be stolen because there are more of them. If you have both a Lamborghini and a BMW next to one another, the BMW is still more likely to get stolen because the parts are more easily sold on the black market.
Precisely my point.
Well, if we discount the variants, the proportion wouldn’t change that much, since most Linux viruses are variants as well.
And here I was thinking “most Linux viruses” as an entire species struggled to reach double figures, based on typical Linux zealot rantings in here.
I’d be surprised if the average Linux virus had the 10-odd variants Windows viruses seem to average.
You would still end with about 5,000 more viruses for Windows than Linux, or 100x more than the market share would suggest.
It’s not quite as simple as a one-to-one ratio of marketshare, as I’ve tried to explain before.
Again, this indicates that the “popularity” and “critical mass” arguments are just pipe dreams for MS shills.
No, it doesn’t.
Incidentally, for someone who was quick to rail against “name calling”, you seem to be quite happy to do it yourself.
A totally useless statistic which you just made up.
Actually I “made it up” quite some time ago. It’s my *personal belief* (hence the “personally” part) that until a platform has marketshare around that point, it’s simply going to go unnoticed.
Linux has 25% market share for servers. Unix used to have a lot more.
*sigh*. Linux’s share of the server market, in this context, is not relevant. The relevant measure is its proportion of potential targets, which encompasses all internet-connected devices.
I really cannot understand this single-minded obsession you have with “servers”. Worms don’t specifically target servers. Worms aren’t smart enough to know whether the IP they are scanning and trying to exploit is a server or not, they just do it.
The really silly thing about it is, that even if worms were smart enough to distinguish between “servers” and “not servers”, the “not servers” would be far, far more attractive targets than the “servers”.
Basically, what appears to be a significant basis for your argument (“Linux makes up a signficant proportion of servers”) is not only irrelevant, but fundamentally flawed.
It wouldn’t matter, because Linux doesn’t have that “feature.”
Yes, it does. Both NT and Linux can control “executability” via file attributes.
So even if Linux was as widely used as Windows it wouldn’t be affected by this security flaw.
Such as it is. Certainly in KDE and GNOME, when I double click certain filetypes, they are launched by the shell – which is exactly the same thing that happens in Windows.
I can only assume you’ve latched onto this issue so fervently because it’s the only one you can come up with, because in the grand scheme of things it’s not particularly important.
Head in the sand again. Execute permissions are not a minor issue: they are responsible for the majority of trojan infections.
Heh, and you say I’ve got my head in the sand.
The thing responsible for the majority of trojan infections is the user. As I’ve pointed out numerous times, requiring the user to type “chmod u+x filename” is going to slow them down by about 5 – 10 seconds.
It’s a social problem, not a technological one. Ergo, no technological solution is going to fix the problem (without being unreasonably intrusive), although it can somewhat mitigate the effects.
Alas, I doubt it’s ever going to change. Much like people are quite happy to divulge their passwords at the drop of a hat, they’re also quite happy to run arbitrary programs if they think there’s some sort of trivial reward at the end. Pavlov would be thrilled.
And you show your ignorance by claiming that Linux DEs do the same thing – they don’t. A file cannot be made an executable by its extension. It can call up a program to load it (after a file dialog) but that not the same thing at all.
This is precisely what Explorer does for most filetypes. The only ones it doesn’t, being actual executable machine code, which are easily made executable on Linux with a simple chmod, or even just a right click from modern DEs.
Not to mention tar files will retain execute permissions, and I can assure you, if people will extract files and run them from password protected zip files, they’ll do it from tar files.
Only a MS shill (like you’re proving yourself to be once more) would argue such a thing.
Windows, GNOME, KDE and probably others treat filetypes like mp3, pdf, etc exactly the same way. They hand it off to aother program.
The only files that are automatically “executable” – in the “chmod u+x” way – are .EXEs and .COMs, which are trivial for a user to make executable under Linux. A trivial extra step does not a significant difference make.
The OS is not patched at least as often (applications are) and the vulnerabilities are often less serious.
Now you’re simply moving the goalposts around by using different definitions of “OS” and “less serious” for Windows and Linux.
Also, Linux users have the possibility to downgrade versions while a patch isn’t available for the affected software, […]
1. How is this going to help the security hole ?
2. Why can only Linux users do this ?
3. Do you seriously think average users would do this ?
[…] and they do not risk lowering performance of their system or rendering them unusable by applying monster patches – two problems that have plagued recent MS patches […]
I won’t ignore it, I’ll simply note that it is uncommon and, as a relative measure, no more frequent that Linux patches breaking things.
Remember, a patch that affects 1% of Windows users is going to be vastly more visible and damaging (by and order of magnitude or more) than one that affects 1% of Linux users, simply by virtue of their relative marketshares.
In other words, even if Linux and Windows had equal proportions of “bad patches” (to their relevant user bases), the Windows ones are still going to be much more visible, cause many more problems and be much more well known.
[…] (and that you’ll no doubt ignore once more in your ceaseless MS cheerleading efforts).
All I’m doing is pointing out the factual and logical errors in your arguments.
…is a total waste of time. Especially when you keep twisting what I say. An example:
Yes, it does. Both NT and Linux can control “executability” via file attributes.
We were talking about file extensions. That’s the whole point. You cannot make a file executable in Linux through its extension. That is a major security flaw.
I didn’t bother reading the rest of your post because it was mostly circular logic and more misinterpretations of what I said. Just a few random points, in no particular order:
Incidentally, for someone who was quick to rail against “name calling”, you seem to be quite happy to do it yourself.
You started it.
Incidentally, please stop trying to insert some artificial distinction between “servers” and other ‘net connected devices. In the context of malware, there is no need to make this distinction.
The reason I’m talking about servers is that worms propagate themselves through open ports, and ports are usually open to allow certain services. A server is a piece of software that offers the service over the network, and by extension the machine that offers this (and possibly other) services. Therefore Internet-connected servers are a prime target for worms because they have open ports, whereas other Internet machines shouldn’t have any.
The fact that you seem not to know that worms often target servers shows how little you know about computer security. Here, to enlighten you, are some worms you may have heard about:
Slammer, which targets MS SQL server:
http://securityresponse.symantec.com/avcenter/venc/data/w32.sqlexp….
Code Red, which targets Microsoft Index Server:
http://securityresponse.symantec.com/avcenter/venc/data/codered.wor…
Blaster, which targets RPC, a service:
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster…
Slapper, which targets Linux + Apache server:
http://securityresponse.symantec.com/avcenter/venc/data/linux.slapp…
The only files that are automatically “executable” – in the “chmod u+x” way – are .EXEs and .COMs,
I’m tired of debating someone who’s either ignorant or deliberately misleading: what about .bat, .com, .scr and .vbs files?
which are trivial for a user to make executable under Linux. A trivial extra step does not a significant difference make.
Actually, it does. Every extra step reduces the risk of propagation.
All right, I’m done with this thread, it’s too old. You may write another long-winded response if you want, I won’t read it. You’re fighting a losing battle anyway, the world is more than well-aware of the security problems facing Windows and Microsoft. No amount of obfuscation, twisting and half-truths will change that.
Until the next “New Windows Security Threat” article, then. (That shouldn’t take too long, anyway.)
We were talking about file extensions.
Actually, no, at that point you were replying to a comment about NTFS file execute permissions.
That’s the whole point. You cannot make a file executable in Linux through its extension. That is a major security flaw.
It’s a minor problem.
I didn’t bother reading the rest of your post because it was mostly circular logic and more misinterpretations of what I said.
So, you didn’t read it, but you know what it said ?
By the way, the definition of “circular logic” is not “arguments I cannot refute”.
The reason I’m talking about servers is that worms propagate themselves through open ports, and ports are usually open to allow certain services. A server is a piece of software that offers the service over the network, and by extension the machine that offers this (and possibly other) services. Therefore Internet-connected servers are a prime target for worms because they have open ports, whereas other Internet machines shouldn’t have any.
Ah, now I understand. When you say “server” you don’t mean server in the sense that everyone else understands it – web servers, FTP server, file servers, mail servers, etc – machines officially and deliberately offering services to clients, you mean it in the sense of “something listening on a port”.
It would be helpful if you made this definition you are using clear *beforehand* next time.
The fact that you seem not to know that worms often target servers shows how little you know about computer security.
Actually, it just shows how little I know about your personal definitions.
Most people I know don’t call a machine a server just because it listens on a port. My desktop machine is remotely accessible via SSH, but I wouldn’t call it a server.
I’m tired of debating someone who’s either ignorant or deliberately misleading: what about .bat, .com, .scr and .vbs files?
.COM I already noted. .BAT, .SCR and .VBS are passed off by the shell to their relevant handlers, just like other filetypes.
Actually, it does. Every extra step reduces the risk of propagation.
Insignificant steps result in insignificant reductions.
All right, I’m done with this thread, it’s too old. You may write another long-winded response if you want, I won’t read it.
A shame.
You’re fighting a losing battle anyway, the world is more than well-aware of the security problems facing Windows and Microsoft.
Unfortunately, there’s a whole cadre of people out there like you spreading half truths (if not outright lies) boosting your pet projects and *misleading* people into a false sense of security.
Until the next “New Windows Security Threat” article, then. (That shouldn’t take too long, anyway.)
Indeed. More of your groundless assertions and hand waving.
“Given Linux is patched at least as often, where does that put it ?”
What do you mean with Linux? I heard computers are expensive the other day. The person saying that meant SUN clusters, though.
If you mean the kernel, i’d be interested in how it came in your mind that there have been significant remote vulnerabilities in the kernel, leading to root access. That hasn’t been the case since 2.2.14 IIRC.