LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Relicensing and rebasing LibreOffice

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Open Source And Viruses

Open Source And Viruses

Posted Jun 8, 2004 18:50 UTC (Tue) by thompsot (guest, #12368)
In reply to: Open Source And Viruses by rakoch
Parent article: Open Source And Viruses

I agree that having a more standardized setup makes Win/Office a more viable target, but submitting that popularity is the main driver behind Windows' virus woes is simplistic and short-sighted. If it were popularity alone, why haven't Cisco routers been continually overrun by viruses over the last few decades? And why haven't the Unix boxes that have run most of the internet been crippled every few months like Windows systems seem to be? There were a lot of systems connected to the internet before Microsoft's products filled the datacenter, and there were plenty of talented programmers with ill intent around then too. The problem now is simply sloppiness in coding, and the "everything but the kitchen sink" approach, which makes debugging and security checks much more difficult.

Most of the major damage that has been done has not come from the relatively small talented pool of virus creators, by the way, but from less talented people who use parts of their creations to easily break the weak systems out there.

Now for the required analogy:
Let's say there were two separate lines of guys with arms interlinked, blocking my path to some desirable destination behind each line, and I would need to run at them and try to break through to get there. One line was made up of guys who looked like Arnold Schwarzenegger, but the line was longer and there was about 400 different places I could hit, and from lots of angles. The other was made up of skinny little thirteen year old kids, but they were holding onto each other more tightly and there was only one place I could try to break through. I don't care how "popular" the options were relating to the strong line or how many different ways there were to run at the strong line, most people would take the easy way and try to break through the weak line every time, even though it was "less poplular". If Microsoft's products were less popluar, they might not be the target as much as they are now, but when they did become a target, they would break just as quickly as they do now. The penalty for MS's popularity is against the people using their products, whether few use them or many use them, they will all be affected by the weakness in the product itself.

Popularity has much less to do with it than I keep hearing about. Cisco routers are popular. Unix web servers are popular. They are not crippled three times a year though. They are stronger and harder to crack, so script-kiddies and less talented crackers aren't up to the challenge. And an occational security alert and some patches being issued is not the same as a system being completely crippled, companies losing millions of dollars in downtime, then some patches being issued, then re-issued to fix the earlier patch, etc. Windows boxes are too sloppily coded and too insecure and that's the bottom line, whether you work at Microsoft or OSDL, it's not hard to recognize that this fact stands on it's own, popular or not.

(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds