LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

A tempest in a toybox

LWN.net Weekly Edition for January 26, 2012

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Open Source And Viruses

Open Source And Viruses

Posted Jun 5, 2004 16:12 UTC (Sat) by ineiti (guest, #13626)
In reply to: Open Source And Viruses by rakoch
Parent article: Open Source And Viruses

Hi,
well, the normal comment applies: why are there so much more exploits for
MS-webservers than for Apache? I mean, Apache has a way bigger
marketshare. There your algebra doesn't match anymore. But yes, normal
windows-system are just too easy exploitable so that all the Apache- and
other OSS-servers just don't make it up. And when there is really an
exploit and a worm in the wild, usually the OSS-admins are quite quick to
fix it.

I think it's not only MS-desktop-systems that are more widespread, but
also OSS-systems that are administered by more talented people. Add to
that more exploitable bugs in MS-(desktop|server)-systems, and it's clear
who you want to attack...

Anyway, my 2 cents, and yes, my linux-server has been hacked, twice. Once
because I used a weak password and the second time I still don't
know :( But I was quick to fix it ;)

ineiti

(Log in to post comments)

Open Source And Viruses

Posted Jun 6, 2004 2:24 UTC (Sun) by vosechu (guest, #20549) [Link]

The reason IIS is easy to hack is manyfold, just like windows. As you pointed out the market audience is not as savvy as the LAMP market.

The point that a lot of people miss (though it was touched on earlier) is that Linux is being hacked, often, and most of the time the hacks are both technical and social problems.

Look at the stanford hack earlier this year (maybe 2 months ago?). The reason it was so easy to hack Stanford was because the Unix boxes weren't updated in ages; this is standard. For a savvy person, an update isn't that hard, for a newbie it's impossible. For a production server it's frowned upon unless you have another that's the exact same hardware to rotate into place.

I can't count the number of Unix boxes I've reinstalled because I made the mistake of updating too often. Just like the windows market it's usually a good idea to wait about a month to see how many machines get broken before updating, but this is extremely difficult to do with Linux's facilities.

Viruses will take hold in Linux/Unix. They started in *nix they will come back. But as someone earlier mentioned there are already fixes in place. The part about Linux that will break viruses is not that it's technically superior, but that it's evolving. Eventually Linux will either move to a microkernel or a super-limited one, or GNU/Mach and GNU/HURD will gain acceptance and become a suitable alternative to GNU/Linux.

Viruses will hit *nix, *nix will evolve. Anyone know if there's a honeypot for viruses yet?

Open Source And Viruses

Posted Jun 7, 2004 22:56 UTC (Mon) by tzafrir (subscriber, #11501) [Link]

Linux distros actually do a good job in providing "minimal" fixes, that almost never brealk anything.

In addition they provide the tools to make a security upgrade simple enough for the newbie.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds