LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices

Reply
 
LinkBack Search this Thread
Old 01-04-2006, 07:18 PM   #1
yenonn
Member
 
Registered: Feb 2003
Location: Malaysia
Distribution: Redhat 8.0, 9, Slackware 9.1
Posts: 511

Rep: Reputation: 30
Linux Vulnerable


http://www.techweb.com/wire/security/175801128

Does it true????
 
Old 01-04-2006, 07:25 PM   #2
J_K9
Member
 
Registered: Nov 2004
Distribution: Slackware 11, Ubuntu 6.06 LTS
Posts: 700

Rep: Reputation: 30
It may be (I don't have the time to take a proper look at it), but I think you'll find that almost all the Linux vulnerabilities are minor whereas, in the case of M$, a simple image can allow a remote user to take over the system.

Cheers,

-jk
 
Old 01-04-2006, 07:49 PM   #3
XavierP
Moderator
 
Registered: Nov 2002
Location: Kent, England
Distribution: Lubuntu
Posts: 19,165
Blog Entries: 4

Rep: Reputation: 426Reputation: 426Reputation: 426Reputation: 426Reputation: 426
The list was skewed. And, as is said above, one of our vulnerabilities tends to be pretty minor. Whereas the vast majority of Windows vulns tend to be very major (some might say critical )
 
Old 01-04-2006, 07:50 PM   #4
SciYro
Senior Member
 
Registered: Oct 2003
Location: hopefully not here
Distribution: Gentoo
Posts: 2,038

Rep: Reputation: 51
no, dont trust that article. If you read /., youll have heard that the US CERT thingy included all UNIX/BSD/Linux/MacOSX in the same group. On top of that, they also included 3rd party software's vulnerabilities in the count for Linux. Also, check out and see how many bugs have gone unpatched .... all in all, those numbers are biased, or at least the person taking those numbers was uneducated and touch "well, they all are *nix, so they must share the same valnurabilitie", something which isn't true.
 
Old 01-04-2006, 08:05 PM   #5
Epyon
LQ Newbie
 
Registered: Aug 2003
Distribution: Gentoo
Posts: 25

Rep: Reputation: 15
They included 3rd party software for the windows count too.

It is unfair though that they lumped multiple operating systems together like that.
 
Old 01-04-2006, 10:04 PM   #6
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,039

Rep: Reputation: 952Reputation: 952Reputation: 952Reputation: 952Reputation: 952Reputation: 952Reputation: 952Reputation: 952
But let us never deceive ourselves to think that "Linux does not get viruses." It does!

The single most fundamental vulnerability of Windows is, not how it is designed, but how it is used. Windows ships with one user, automatically logged-in, who is an Administrator, with no passwords anywhere. No wonder it is a "sitting duck!" The things that viruses do, and succeed in doing, would be forbidden to a non-Administrator user!

It's pure numbers: there are millions of victims out there; the odds of finding one by random probing are excellent.

Unfortunately, OS/X presently ships that way too, although it is slightly more aggressive even in its rather (and totally unnecessarily...) vulnerable state.

The mantra is clear:
  • Your everyday account should be an absolutely-unprivileged "ordinary Joe."
  • Use a separate non-root account for system maintenance.
  • Don't activate any accounts that you don't need/use.
  • Use non-trivial passwords that do not occur in a dictionary, such as those which might be based on some mnemonic phrase. (ALLHMISFAWAS = A Little Lamb Had Mary, Its Silky Fleece As White As Snow.) (AALHMABWID = A Little Lamb Had Mary, And Boy Was It Delicious!)
 
Old 01-04-2006, 11:37 PM   #7
Epyon
LQ Newbie
 
Registered: Aug 2003
Distribution: Gentoo
Posts: 25

Rep: Reputation: 15
How many of the vulnerabilities led to exploits that were seen in the wild for Linux?

Linux may get viruses but in all my years of using it I have yet to encounter one.
 
Old 01-04-2006, 11:50 PM   #8
arunvk
Member
 
Registered: Nov 2005
Location: India
Distribution: Fedora 11
Posts: 194

Rep: Reputation: 30
i have been using linux since 2 yrs and not once i felt the need to install a anti virus and restrict my internet browsing for the fear of virus attacks.
 
Old 01-05-2006, 09:00 AM   #9
XavierP
Moderator
 
Registered: Nov 2002
Location: Kent, England
Distribution: Lubuntu
Posts: 19,165
Blog Entries: 4

Rep: Reputation: 426Reputation: 426Reputation: 426Reputation: 426Reputation: 426
The last time I checked, all of the Linux viruses were proof of concept. Although, I think one or two may have been in the wild, but they didn't actually do anything, because we all run as users and they were pretty poorly coded.
 
Old 01-05-2006, 10:21 AM   #10
bigearsbilly
Senior Member
 
Registered: Mar 2004
Location: england
Distribution: FreeBSD, Debian, Mint, Puppy
Posts: 3,269

Rep: Reputation: 165Reputation: 165
Quote:
Originally Posted by sundialsvcs
But let us never deceive ourselves to think that "Linux does not get viruses." It does!
does it?
evidence?

I've never ever ever had one, well not one that does anything I know about like pop-ups porn
CPU usage, adware, ethernet usage, or any out of the way behaviour at all.
So maybe I've had one that doesn't do anything at all.

Have you ever had one?
Do you know anyone who as ever had one?

Just interested.
 
Old 01-05-2006, 10:27 AM   #11
nx5000
Senior Member
 
Registered: Sep 2005
Location: Out
Posts: 3,307

Rep: Reputation: 52
To evaluate a bit more how dangerous a security hole can be, I've discovered CVSS. It is highly subjective and can only be helped to compare two exploit with big different scores. I also think it is not very maintained anymore but we will see..
It would be interesting to calculate the scores for the flaws you mention.

http://www.first.org/cvss/cvss-guide.html


But let us never deceive ourselves to think that "Linux does not get viruses." It does!

=> I agree, very important to keep it in mind!
 
Old 01-05-2006, 10:57 AM   #12
bigearsbilly
Senior Member
 
Registered: Mar 2004
Location: england
Distribution: FreeBSD, Debian, Mint, Puppy
Posts: 3,269

Rep: Reputation: 165Reputation: 165
anyone had a virus then?

try "google linux virus maybe?"
 
Old 01-05-2006, 11:05 AM   #13
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 10,169

Rep: Reputation: 2585Reputation: 2585Reputation: 2585Reputation: 2585Reputation: 2585Reputation: 2585Reputation: 2585Reputation: 2585Reputation: 2585Reputation: 2585Reputation: 2585
You can see my thoughts on this topic here, but a succinct summary is "those numbers are garbage".

--jeremy
 
Old 01-05-2006, 11:27 AM   #14
Charred
Member
 
Registered: Mar 2005
Location: Utah, USA
Distribution: Slackware 11
Posts: 816
Blog Entries: 2

Rep: Reputation: 30
To paraphrase (I've forgotten who), there are "lies, damn lies, and statistics." That article embodies all three.

Last edited by Charred; 01-06-2006 at 11:21 AM.
 
Old 01-05-2006, 11:38 AM   #15
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,039

Rep: Reputation: 952Reputation: 952Reputation: 952Reputation: 952Reputation: 952Reputation: 952Reputation: 952Reputation: 952
There are plenty of vulnerabilities, and it is always prudent to be vigilant. If you don't maintain the mindset of sensible caution, you forget to lock your doors at night.

I think that the main reason why Windows gets such a bad rap is that, most of the time, users are Administrators and have no passwords. There's also the sheer number of them; it's literally a probability issue. But MS also thrust a hole right through the system when they tried to imbed IE so deeply into it that they could tell a court that the two were inseperable. They also clung to compatibility with older applications which diddled with hardware from DOS.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
if linux becomes popular, won't it become more vulnerable than windows lynchpin9 Linux - Security 8 01-25-2006 05:24 AM
Linux servers were the most vulnerable????? xgreen Linux - Security 12 02-23-2004 07:55 PM
How vulnerable is Linux Vincent_Vega Linux - Security 7 01-18-2004 06:44 AM
SpyWare - Linux/UNIX system vulnerable? cmf5150 General 5 01-16-2004 07:25 PM
in what way is Linux less vulnerable than Windows? ryancw Linux - Newbie 18 10-10-2003 03:45 AM


All times are GMT -5. The time now is 07:55 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration