LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

A tempest in a toybox

LWN.net Weekly Edition for January 26, 2012

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Open Source And Viruses

Open Source And Viruses

Posted Jun 5, 2004 10:11 UTC (Sat) by rakoch (guest, #4666)
Parent article: Open Source And Viruses

Imagine you were a virus writer. What system
would you target? Plan9, Atheos, *BSD, OS/2, Linux or Windows? Of course
it's Windows/Office. Would you even think of attacking the exotic OSes in
the list? One will attack Windows systems because they're widespread and
they all have a similar config. A virus can expect certain stuff to be
present on Windows. That makes is worthwile (for a malware writer).

The real problem is monoculture. If all Linux systems were equally
configured we may see more attacks on Linux today. The choice of apps
makes it more difficult for virus writers because only a subset of Linux
systems will have any given security hole. But if Linux were to replace
Windows as the dominant system on consumer devices we'll nevertheless see
the same amount of malware as we see now on Windows. In an ideal world
we'd have an ecosystem of many OSes, Office suits and everything that
malware writers like to attack. As in nature, such ecosystems would be
very robust against malware.

There is no reason to lean back and pad our shouders because we have a
better system. If we do we're in for a surprise if Linux gains more
popularity.

-Rudiger

(Log in to post comments)

Open Source And Viruses

Posted Jun 5, 2004 15:34 UTC (Sat) by tzafrir (subscriber, #11501) [Link]

MacOS and Linux generally have the same "market share". Yet there are MacOS virii and practically no Linux virii.

Open Source And Viruses

Posted Jun 5, 2004 16:09 UTC (Sat) by rakoch (guest, #4666) [Link]

A malware writer for Linux has the choice of either relying only on the
presence of a Linux kernel, glibc and bash or going only after the
fraction of target systems that exhibits the hole in question. If, for
instance, you target OpenOffice you don't hit:
- Linux users that do not use any Office on Linux
- Linux users using KOffice, Gnome Office Apps, LyX, LaTeX
or other markup
- Linux users using MS Office via Wine

MacOS installations look pretty uniform compared to this. This is the
point: monocultures. It may be that Linux systems are slightly more
secure than MacOS but if so then the only reason is that Linux users are
generally more tech savvy and security concerned. Distributions targeting
the desktop market may remove security for ease of use. I heard that the
Lindows default user is root, for instance.

-Rudiger

Open Source And Viruses

Posted Jun 5, 2004 17:58 UTC (Sat) by piman (subscriber, #8957) [Link]

> I heard that the Lindows default user is root, for instance.

This has not been the case for over a year; please stop repeating it.

Open Source And Viruses

Posted Jun 5, 2004 19:42 UTC (Sat) by k8to (subscriber, #15413) [Link]

In all fairness, Lindows brought this on themselves with that decision. It was a mistake at many levels, but one of them was PR.

Open Source And Viruses

Posted Jun 6, 2004 12:37 UTC (Sun) by utidjian (subscriber, #444) [Link]

I think one of the major problems with Mac OS X is that the default user or machine owner is a member of group 'admin'. Take almost any given Mac OS X system and the primary user of that machine logs in with 'admin' user permissions. Sure they have the root user account disabled by default... but what use is that when the most common user that logs in has 'admin' user permissions?

The 'admin' user has permissions rwx on /Applications and /Library... stuff gets written to those folders willy-nilly with no questions asked. This permissions arrangement is set by design, for ease-of-use.

There are other security 'holes' in Mac OS X that are by design. The recent security patch (Security Update 2004-05-24) is a partial fix for the Help Viewer. This hole existed in Mac OS X since the beginning and Apple was made aware of the problem three months before the patch came out.

Another problem with Mac OS X is that there is no consistent method for installing and checking the authenticity of software. The only software installer that does PGP checks is SoftwareUpdate.app and only for system and security updates from Apple.

In my opinion, the only reasons Mac OS X has been relatively 'safe' from malware and viruses is that no one has taken an interest in it yet and its relatively low density.

-DU-...etc...

Open Source And Viruses

Posted Jun 10, 2004 8:02 UTC (Thu) by beejaybee (guest, #1581) [Link]

Yet.

My experience is that 90% of Windows users think _they_ are fully protected but that 90% of the others aren't. There's a straightforward explanation for this; it's called denial, and it's just as responsible for the problems Windows has with worms and viruses as the shoddiness of the product.

Fact of the matter is, defensive programming is neither perfect nor universal, even in the open source world. Don't let yourself be lulled into a false sense of security. If you can be hit, experience suggests that sooner or later you will be.

Open Source And Viruses

Posted Jun 5, 2004 16:12 UTC (Sat) by ineiti (guest, #13626) [Link]

Hi,
well, the normal comment applies: why are there so much more exploits for
MS-webservers than for Apache? I mean, Apache has a way bigger
marketshare. There your algebra doesn't match anymore. But yes, normal
windows-system are just too easy exploitable so that all the Apache- and
other OSS-servers just don't make it up. And when there is really an
exploit and a worm in the wild, usually the OSS-admins are quite quick to
fix it.

I think it's not only MS-desktop-systems that are more widespread, but
also OSS-systems that are administered by more talented people. Add to
that more exploitable bugs in MS-(desktop|server)-systems, and it's clear
who you want to attack...

Anyway, my 2 cents, and yes, my linux-server has been hacked, twice. Once
because I used a weak password and the second time I still don't
know :( But I was quick to fix it ;)

ineiti

Open Source And Viruses

Posted Jun 6, 2004 2:24 UTC (Sun) by vosechu (guest, #20549) [Link]

The reason IIS is easy to hack is manyfold, just like windows. As you pointed out the market audience is not as savvy as the LAMP market.

The point that a lot of people miss (though it was touched on earlier) is that Linux is being hacked, often, and most of the time the hacks are both technical and social problems.

Look at the stanford hack earlier this year (maybe 2 months ago?). The reason it was so easy to hack Stanford was because the Unix boxes weren't updated in ages; this is standard. For a savvy person, an update isn't that hard, for a newbie it's impossible. For a production server it's frowned upon unless you have another that's the exact same hardware to rotate into place.

I can't count the number of Unix boxes I've reinstalled because I made the mistake of updating too often. Just like the windows market it's usually a good idea to wait about a month to see how many machines get broken before updating, but this is extremely difficult to do with Linux's facilities.

Viruses will take hold in Linux/Unix. They started in *nix they will come back. But as someone earlier mentioned there are already fixes in place. The part about Linux that will break viruses is not that it's technically superior, but that it's evolving. Eventually Linux will either move to a microkernel or a super-limited one, or GNU/Mach and GNU/HURD will gain acceptance and become a suitable alternative to GNU/Linux.

Viruses will hit *nix, *nix will evolve. Anyone know if there's a honeypot for viruses yet?

Open Source And Viruses

Posted Jun 7, 2004 22:56 UTC (Mon) by tzafrir (subscriber, #11501) [Link]

Linux distros actually do a good job in providing "minimal" fixes, that almost never brealk anything.

In addition they provide the tools to make a security upgrade simple enough for the newbie.

Open Source And Viruses

Posted Jun 8, 2004 18:50 UTC (Tue) by thompsot (guest, #12368) [Link]

I agree that having a more standardized setup makes Win/Office a more viable target, but submitting that popularity is the main driver behind Windows' virus woes is simplistic and short-sighted. If it were popularity alone, why haven't Cisco routers been continually overrun by viruses over the last few decades? And why haven't the Unix boxes that have run most of the internet been crippled every few months like Windows systems seem to be? There were a lot of systems connected to the internet before Microsoft's products filled the datacenter, and there were plenty of talented programmers with ill intent around then too. The problem now is simply sloppiness in coding, and the "everything but the kitchen sink" approach, which makes debugging and security checks much more difficult.

Most of the major damage that has been done has not come from the relatively small talented pool of virus creators, by the way, but from less talented people who use parts of their creations to easily break the weak systems out there.

Now for the required analogy:
Let's say there were two separate lines of guys with arms interlinked, blocking my path to some desirable destination behind each line, and I would need to run at them and try to break through to get there. One line was made up of guys who looked like Arnold Schwarzenegger, but the line was longer and there was about 400 different places I could hit, and from lots of angles. The other was made up of skinny little thirteen year old kids, but they were holding onto each other more tightly and there was only one place I could try to break through. I don't care how "popular" the options were relating to the strong line or how many different ways there were to run at the strong line, most people would take the easy way and try to break through the weak line every time, even though it was "less poplular". If Microsoft's products were less popluar, they might not be the target as much as they are now, but when they did become a target, they would break just as quickly as they do now. The penalty for MS's popularity is against the people using their products, whether few use them or many use them, they will all be affected by the weakness in the product itself.

Popularity has much less to do with it than I keep hearing about. Cisco routers are popular. Unix web servers are popular. They are not crippled three times a year though. They are stronger and harder to crack, so script-kiddies and less talented crackers aren't up to the challenge. And an occational security alert and some patches being issued is not the same as a system being completely crippled, companies losing millions of dollars in downtime, then some patches being issued, then re-issued to fix the earlier patch, etc. Windows boxes are too sloppily coded and too insecure and that's the bottom line, whether you work at Microsoft or OSDL, it's not hard to recognize that this fact stands on it's own, popular or not.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds