Useful targets
Useful targets
Posted Apr 12, 2006 22:46 UTC (Wed) by man_ls (guest, #15091)In reply to: Anti-virus to protect against anti-virus vulnerabilities by smoogen
Parent article: Anti-virus to protect against anti-virus vulnerabilities
The only reason you see the comparative lack of malware is not the security model but the fact that less than 10% of useful targets run desktop linuxI can think of many other reasons; most have been discussed here at one time or another. First, the systems themselves tend to be better designed, so this can require attacks to be more specialized. Then there is diversity -- the Windows monoculture makes it all too easy to know your way around your target machine. Another one is the security culture -- Unix and Linux users are better informed, and they tend to know their environments better. Whether this is because they are more technically inclined to begin with or they learn more using Linux is an open issue. Badly designed software is much more common on Windows too; and privacy is less valued, so your private data is more likely to be lying around.
Finally, the security model is actually better than Windows', and this can slow down the expansion of a virus. If this makes it to be below the percolation threshold, then the virus will not propagate very much. Similarly, if the added difficulty makes the activity unprofitable, then phishers and other scammers will not target the platform.
Posted Apr 13, 2006 8:52 UTC (Thu)
by NAR (subscriber, #1313)
[Link] (6 responses)
Hm, what was it, three security-related stable kernel releases in two days? Not exactly the sign of better designed and implemented systems...
Then there is diversity
There might be diversity in distributions, but the applications are the same everywhere. An OpenSSH bug affects nearly everyone. A glibc bug also. But you're right - as long as relatively few people are using (a specific variant of) Linux, it won't worth the work to create malware for Linux. But I'm afraid as soon as Linux reaches "world dominiation", it will become the primary target of malware authors and there will be Linux viruses and worms.
Posted Apr 13, 2006 11:30 UTC (Thu)
by man_ls (guest, #15091)
[Link]
But it's a good point I could have added to my little list. The kernel development process is so open and flexible that bugs are closed as soon as they are found, and there is a special branch for that; if this does not suit them, distributions can (and do) patch their own branches; if it was really serious, we users might patch and install our own kernels.
Contrast this with proprietary development, where flaws are not found so easily; when they are, they are not solved so fast; and often nobody knows what is being solved. The problem with this approach is that sometimes it seems better to just wait for the regular upgrade cycle and hope noone notices: wrong!
A centralized patch managemente strategy is another issue: distributions tend to aggregate lots of software, and any security issues will generally be solved by them. Proprietary systems tend to aggregate lots of software, so administrators (or users) have to go hunting to know about and get the relevant patches for every tiny piece. I would guess most of them give up.
Promiscuity could be mentioned too. GNU/Linux users often rely on a few sources to provide them with software, sometimes just the distribution itself (witnessed by the aphorism "if it's not in Debian it doesn't exist"). Proprietary software users, in contrast, are more likely to download and install software from random sites; not to speak about software from the darknet, which is a completely unreliable source.
Yes, in the end there will be Linux worms but they need not be so devastating as those found now. We have learnt, we will be prepared.
Posted Apr 13, 2006 13:32 UTC (Thu)
by hazelsct (guest, #3659)
[Link]
But this is off topic for XSS.
Posted Apr 13, 2006 15:48 UTC (Thu)
by ljt (guest, #33337)
[Link] (1 responses)
But OSS software *is* already dominating the (internet) world: apache, bind, ntpd, sendmail, openssh, ... OSS is in fact _the_ target to take over the internet, it's all over there and there is even the source to get your proof of concept working!
Yet, worms tend to appear in the win32 world, I wonder why..
Posted Apr 13, 2006 21:15 UTC (Thu)
by hppnq (guest, #14462)
[Link]
(Where's David Wheeler when you need him?)
Posted Apr 13, 2006 20:06 UTC (Thu)
by cventers (guest, #31465)
[Link] (1 responses)
And when that line of defense crumbles, we have technology like PaX
And when that line of defense crumbles, we have the UNIX security model.
Compare this to Windows which is such a breeding ground for malware that
Malware authors may very well target Linux, but they're going to have a
Posted Apr 14, 2006 9:01 UTC (Fri)
by NAR (subscriber, #1313)
[Link]
That's one thing that the bugs are getting fixed. It's a completely different story whether the users actually install the patches.
we have technology like PaX [...] we have the UNIX security model.
Most of the spyware/adware I've seen on Windows was installed by the user himself. PaX or the UNIX security model does not defend against this kind of threat - the line of defense is that there's a lot fewer software for Linux and the installation of non-trusted software is lot more complicated (wget, untar, configure, make) that running an .exe. I'm afraid part of reaching "world dominitation" on the desktop is to remove these defenses.
First, the systems themselves tend to be better designed
Useful targets
Reliable sources
Hm, what was it, three security-related stable kernel releases in two days? Not exactly the sign of better designed and implemented systems...
Hmmm, I would say this concerns the development process, not the design of the systems. A better design would translate in things like defense in depth: the difficulty to exploit a kernel-related bug is higher since you normally require a local account or even superuser privileges.
An OpenSSH bug affects nearly everyone.
You have a point, it's true that OpenSSH is widely used, but even this is not ubiquitous as not everyone uses SSH to administer their systems; some people use webmin, some (as I do now) just use their machines locally. Often different branches (as in Apache httpd 1.3 and 2.0) will have different "bugsets".
There's also diversity of architectures, for those who will take advantage of it. My office desktop is an alpha, and home server/firewall is an ARM Netwinder, both of which are totally immune to all x86 ELF binaries and buffer overflow attacks. It's really not expensive to do this, though running Debian helps. :-)Architecture diversity too
"But I'm afraid as soon as Linux reaches "world dominiation", it will become the primary target of malware authors and there will be Linux viruses and worms. "Useful targets
I think there are a lot more Windows systems out there then you imagine. ;-)
Useful targets
I'm not really worried about viruses and worms, because I think the open Useful targets
source model works for getting bugs found and fixed fast.
(which should be standard) to get in the way of allowing a vulnerability
to be a vector for an arbitrary code exploit.
huge corporations like Sony took advantage of totally stupid design
decisions (such as AUTORUN) to install crap into people's kernels without
permission.
huge challenge in their face when they do. And if they do manage to find
ways to squeeze on in, I'm a million percent confident the OSS community
will close those holes in seconds, because having every line of source
code for your system means that there are orders of magnitude more people
ready and willing to do so.
I think the open source model works for getting bugs found and fixed fast.
Useful targets