Sponsored link
Vyatta –
Linux & Open Source
Alternative to Cisco –
Advanced Routing,
Firewall, VPN, QoS..
Free Download ->
| |||||||||||
A different kind of bad weekA different kind of bad weekPosted Sep 25, 2003 2:51 UTC (Thu) by smoogen (subscriber, #97)Parent article: A different kind of bad week
--- I think the user is a too smug here. The problem here is user training and not how poorly the program is. Even when people have mailers that do not allow the program to be executed but has to be saved.. they will save the attachment, and then go to their desktop, double click and infect themselves. The really sad thing is that when they do that it doesnt need to have any 'root' priveledges. If/when Linux gets to be popular, watch the number of these types of virii show up because too many users are not as trained in how social engineering works (or dont care enough to know)
(Log in to post comments)
It's a bit harder... Posted Sep 25, 2003 12:51 UTC (Thu) by dion (subscriber, #2764) [Link] I think the situation on Linux is a bit different, because programs need more than just a magic filename to be executed, they need the execution bit to be set and it isn't by default.This means that if a user clicks a file named loveletter.jpeg.exe then all that happens is that they are told that no program is available for viewing .exe files. The user would need to set the execute bit to actually run the file and the clueless user will never have done that before because it's something that only programmers do (when having created a script for example), everyone else just installs software from an rpm or using make install. ... but it depends on what the GUI actually does to view/execute file, if it's at all sane then it shouldn't run code from files without the execute bit set, no matter what the last part of the filename is.
It's a bit harder... Posted Sep 26, 2003 1:18 UTC (Fri) by giraffedata (subscriber, #1954) [Link] Hmm. So if Linux is safer because Linux users don't know how to (or are too lazy to) detach a file and run it (by the way, there doesn't have to be an execute bit involved. The Swen analogy would be an RPM attachment that you would rpm -i), then it must also be less safe because users don't know how to or are too lazy to install real security updates.I don't think Linux can win here.
It's a bit harder... Posted Oct 2, 2003 16:46 UTC (Thu) by Baylink (subscriber, #755) [Link] > I don't think that Linux can win hereOn the contrary, I suspect it already has. The Deep Thought in Jon's commentary here is really "defense in depth", one of the most important approaches to any type of security... and exactly what you get from the fact that there are *so many* places in which to deploy genetic diversity: different kernels, different distributions, different mail clients, different desktop managers. It rapidly becomes difficult to pick a sweet spot to target as a malware author. But, of course, this is largely *because* of the lack of "consumer" deployment of Linux. Figuring out how to continue to take advantage of that as Linux penetrates more deeply into the "consumer" market will be the big question.
|
|||||||||||