LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-20-2014, 11:16 AM   #31
cynwulf
Senior Member
 
Registered: Apr 2005
Location: Walsall, England
Distribution: OpenBSD
Posts: 1,920
Blog Entries: 5

Rep: Reputation: 981Reputation: 981Reputation: 981Reputation: 981Reputation: 981Reputation: 981Reputation: 981Reputation: 981

Quote:
Originally Posted by 273 View Post
It was pretty much all knee-jerk reaction and missing the point.
The one "knee jerk" in this thread was posted by you.

Quote:
Originally Posted by 273 View Post
To claim that malware is not generally targeted at Windows PCs because most malware authors and most intended targets of that malware are running Windows is to completely ignore all facts.
I made no such claim, I simply challenged your classic 'windows is the larger target' claim, because I feel that it's an oversimplification. (I managed to do so without dismissing your post as a load of rubbish. I took the time to construct a response and treated your post as worth replying to.)

Quote:
Originally Posted by 273 View Post
I replied that the same is true of Windows and there are likely more peole reporting Windows problems which would surely make Windows more secure if problem reporting makes an OS more secure? Explain how one does not follow logically from the other, please?
Except windows does not have more people reporting problems. Free software does, it has mostly public bug tracking and not only upstream but developers of other software and distributions and the multitudes of users are also reporting bugs and coming up with their own patches. MS users for most part just suck it up and reinstall or rely on expensive and bloated and anti malware to police them and their system.

If you examine your statement it doesn't actually make sense:

"In fact, it could be argued that one of the reasons there is more Windows Malware is that there are more people targeting it."

If there are more people targeting it, then there must be more malware. But why are they targeting it in the first place? Of course one factor is that it's the most popular OS, but that's not the one and only factor. Windows has historically made it easy for malware. The system was never shipped locked down, possibly out of fear of scaring the target consumer, and even windows XP which was a much more robust system (NT) than windows 9x was still being shipped to home users in the windows 98 style configuration (one user with admin rights, no password, no firewall (until service pack 1 as I recall), tons of unnecessary and proven vulnerable daemons running by default, etc, etc, etc). Basically in this state just from one execution malware can silently write to the registry and root file system, install services / startup binaries and the typical end user would remain clueless. It was a target not solely because of it's popularity but because it was an open and easy target, things seem to be improving, but they still have a way to go.
 
Old 06-20-2014, 11:30 AM   #32
Syndacate
LQ Newbie
 
Registered: Aug 2008
Location: Santa Clara, CA
Distribution: Ubuntu, mainly. Too much stuff works out of the box O.o
Posts: 27

Rep: Reputation: 35
Quote:
Originally Posted by cynwulf View Post
If there are more people targeting it, then there must be more malware. But why are they targeting it in the first place? Of course one factor is that it's the most popular OS, but that's not the one and only factor. Windows has historically made it easy for malware. The system was never shipped locked down, possibly out of fear of scaring the target consumer, and even windows XP which was a much more robust system (NT) than windows 9x was still being shipped to home users in the windows 98 style configuration (one user with admin rights, no password, no firewall (until service pack 1 as I recall), tons of unnecessary and proven vulnerable daemons running by default, etc, etc, etc). Basically in this state just from one execution malware can silently write to the registry and root file system, install services / startup binaries and the typical end user would remain clueless. It was a target not solely because of it's popularity but because it was an open and easy target, things seem to be improving, but they still have a way to go.
How insecure windows was 20 years ago is kind of irrelevant.

As for the bolded part, it really kinda is the one and only factor - the fact that like 85%+ of the world uses it...that's really the only reason. If it was always historically that Linux distributions had that market share you'd see no viruses for Windows, regardless of how insecure it may have been 20 years ago.
 
Old 06-20-2014, 11:32 AM   #33
metaschima
Senior Member
 
Registered: Dec 2013
Distribution: Slackware
Posts: 1,982

Rep: Reputation: 491Reputation: 491Reputation: 491Reputation: 491Reputation: 491
I think you should face the facts that you cannot compare Windoze and Linux malware because popularity biases it.
 
Old 06-20-2014, 11:47 AM   #34
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 6,612

Rep: Reputation: 1884Reputation: 1884Reputation: 1884Reputation: 1884Reputation: 1884Reputation: 1884Reputation: 1884Reputation: 1884Reputation: 1884Reputation: 1884Reputation: 1884
Quote:
Originally Posted by cynwulf View Post
The one "knee jerk" in this thread was posted by you.
I labeled your post as knee-jerk because you replied to my discussion of another poster's points, in which I pointed out the non-controversial point that install base may lead to more malware and more reported malware for Windows, with a post addressed as if it were to a Windows-only user who "deosn't get it".
I am aware that the base of Linux and Unix have historically meant they are more secure by design than Windows but that is largely irrelevant to my reply especially given the post I was replying to.
When you expend your reasoning in subsequent posts I don't think you'll find we disagree in any way that is particularly significant. I just found your post was a distraction to the point I was trying to make to Pan64 that it is not only Linux users who monitor their systems closely so that may not be a point in its favour and, given other factors, could be more to Windows' favour. I was hoping Pan64 would reply with more detail as I think it's an interesting idea to explore.
 
Old 06-20-2014, 04:40 PM   #35
cynwulf
Senior Member
 
Registered: Apr 2005
Location: Walsall, England
Distribution: OpenBSD
Posts: 1,920
Blog Entries: 5

Rep: Reputation: 981Reputation: 981Reputation: 981Reputation: 981Reputation: 981Reputation: 981Reputation: 981Reputation: 981
Quote:
Originally Posted by Syndacate View Post
How insecure windows was 20 years ago is kind of irrelevant.
I was not talking about windows "20 years ago" (1994). That was back in the days of MSDOS and 16 bit windows...

Quote:
Originally Posted by Syndacate View Post
As for the bolded part, it really kinda is the one and only factor - the fact that like 85%+ of the world uses it...that's really the only reason. If it was always historically that Linux distributions had that market share you'd see no viruses for Windows, regardless of how insecure it may have been 20 years ago.
If you actually believe that, then there's no real point in debating this further.
Quote:
Originally Posted by 273 View Post
I labeled your post as knee-jerk because you replied to my discussion of another poster's points, in which I pointed out the non-controversial point that install base may lead to more malware and more reported malware for Windows, with a post addressed as if it were to a Windows-only user who "deosn't get it".
Your post came across as being from someone who "doesn't get it". I don't use *nix systems because they're obscure and thus not a target, I use them because they're proven to be more secure - once again what exactly do you think is running on most of the world's servers...?

Quote:
Originally Posted by 273 View Post
I am aware that the base of Linux and Unix have historically meant they are more secure by design than Windows but that is largely irrelevant to my reply especially given the post I was replying to.
I don't see how it's irrelevant. You posted something I found to be a glossed over generalisation and I responded.
 
1 members found this post helpful.
Old 06-20-2014, 04:52 PM   #36
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 6,612

Rep: Reputation: 1884Reputation: 1884Reputation: 1884Reputation: 1884Reputation: 1884Reputation: 1884Reputation: 1884Reputation: 1884Reputation: 1884Reputation: 1884Reputation: 1884
Quote:
Originally Posted by cynwulf View Post
Your post came across as being from someone who "doesn't get it". I don't use *nix systems because they're obscure and thus not a target, I use them because they're proven to be more secure - once again what exactly do you think is running on most of the world's servers...?
Servers run by admins who know their stuff and servers which are, generally, in server farms and very, very well secured. Windows runs on more PCs than anything else and that's why the criminals attack it and the casual virus writers used to also, though the latter did it for fun.
Talk of "the biggest server market share" is completely forgetting that any criminal will go after easy pickings. How many kids do you think know how to hot-wire a Ferrari? Ferraris may, or may not, be harder to steal but when it comes down to it the kids don't see them -- the same goes for Linux.
Again, I can't believe I'm having this conversation with people who know about these things. I think it reflects very badly upon Linux that whenever things like the fact market share may affect targeting of malware people get defensive.

To go back to my original points:
It is not enough to say that "I only compile from source because that is safer!" unless you actually read, analyse and understand the source.
It is not enough to say that "I analyse all the coming and going of my Linux system therefore Linus is safer" unless nobody does the same for Windows.
I'm apologise, I fear I am not making myself clear.

Last edited by 273; 06-20-2014 at 04:53 PM. Reason: Typo'
 
Old 06-20-2014, 04:57 PM   #37
cynwulf
Senior Member
 
Registered: Apr 2005
Location: Walsall, England
Distribution: OpenBSD
Posts: 1,920
Blog Entries: 5

Rep: Reputation: 981Reputation: 981Reputation: 981Reputation: 981Reputation: 981Reputation: 981Reputation: 981Reputation: 981
Quote:
Originally Posted by 273 View Post
Again, I can't believe I'm having this conversation with people who know about these things.
I'm of much the same mind. It boggles the mind that you actually think that *nix systems are by nature no more secure than windows - and that it's simply all about market share...

I think I'm done here.
 
Old 06-20-2014, 05:02 PM   #38
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 6,612

Rep: Reputation: 1884Reputation: 1884Reputation: 1884Reputation: 1884Reputation: 1884Reputation: 1884Reputation: 1884Reputation: 1884Reputation: 1884Reputation: 1884Reputation: 1884
Quote:
Originally Posted by cynwulf View Post
I'm of much the same mind. It boggles the mind that you actually think that *nix systems are by nature no more secure than windows - and that it's simply all about market share...

I think I'm done here.
Not what I was saying at all. Why so defensive?
Did you read my last two paragraphs which explained my earlier posts?
How about some actual dialogue about what makes systems trustworthy or secure rather than recycled platitudes?
 
Old 06-20-2014, 05:07 PM   #39
Syndacate
LQ Newbie
 
Registered: Aug 2008
Location: Santa Clara, CA
Distribution: Ubuntu, mainly. Too much stuff works out of the box O.o
Posts: 27

Rep: Reputation: 35
Quote:
Originally Posted by cynwulf View Post
I'm of much the same mind. It boggles the mind that you actually think that *nix systems are by nature no more secure than windows - and that it's simply all about market share...

I think I'm done here.
You're right in that *nix systems by design nature are more secure..but is simply all about marketshare.. A targeted attack may not be, since it's targeted, but 273 summed it up best with the Ferrari example.

Security isn't really the problem, though, since the vast majority of malware has some "victim" interaction (be it social or via computer). The problem is where people source software from. Trusted sites really aren't a problem for the most part, closed or open, though with open source you have the peace of mind that you can verify it...but most people don't. If you start running binaries obtained off some sketchy website it doesn't matter much which system is more secure, the malware will be installed because the user allowed it to be.

Last edited by Syndacate; 06-20-2014 at 05:08 PM.
 
1 members found this post helpful.
Old 06-20-2014, 08:10 PM   #40
Shadow_7
Senior Member
 
Registered: Feb 2003
Distribution: debian
Posts: 2,979
Blog Entries: 1

Rep: Reputation: 625Reputation: 625Reputation: 625Reputation: 625Reputation: 625Reputation: 625
Quote:
Originally Posted by Syndacate View Post
How insecure windows was 20 years ago is kind of irrelevant.
It's not that irrelevant. There are still computers with their original OS functioning 10+ years later. The FCC comment system is 17 years old. ATMs running XP. In the early days of linux it was a badge of honor to say that your system had been up (and no kernel updates) for hundreds of days.

I don't really trust anything. But there are things I'm not yet able to change. At least with the sources you can audit things and change things. Compiling is probably safer than trusting binary packages, but that assumes some degree of trust about the compiler.
 
Old 06-20-2014, 08:47 PM   #41
Syndacate
LQ Newbie
 
Registered: Aug 2008
Location: Santa Clara, CA
Distribution: Ubuntu, mainly. Too much stuff works out of the box O.o
Posts: 27

Rep: Reputation: 35
Quote:
Originally Posted by Shadow_7 View Post
It's not that irrelevant. There are still computers with their original OS functioning 10+ years later. The FCC comment system is 17 years old. ATMs running XP. In the early days of linux it was a badge of honor to say that your system had been up (and no kernel updates) for hundreds of days.

I don't really trust anything. But there are things I'm not yet able to change. At least with the sources you can audit things and change things. Compiling is probably safer than trusting binary packages, but that assumes some degree of trust about the compiler.
Well yes, but that's extremely unlikely that the compiler will put in a back door. It assumes that because you CAN analyze the source that you WILL, and that's a bad assumption (ie. TrueCrypt). That being said, because the source is available, it makes malicious features much more unlikely, I do agree there.

What I mean by it being irrelevant is not that there's no systems running old software, but rather you can't use it as a metric for "standard security" when the majority of systems are running up-to-date server software. Finding a vulnerability with the latest/most relevant software I feel is much more important over finding one in old, outdated software. Software development is a continuous development process, so the vast majority of times software will get better given time.
 
Old 06-20-2014, 10:26 PM   #42
Randicus Draco Albus
Senior Member
 
Registered: May 2011
Location: Hiding somewhere on planet Earth.
Distribution: OpenBSD
Posts: 1,647
Blog Entries: 8

Rep: Reputation: 578Reputation: 578Reputation: 578Reputation: 578Reputation: 578Reputation: 578
Quote:
Originally Posted by Syndacate View Post
You're right in that *nix systems by design nature are more secure..but is simply all about marketshare..
Almost nothing in world is due to only one factor. Claiming that the targets for malware attacks are chosen only on the basis of market share and directed at only the company with the largest share* is, I shall be diplomatic with my words, very naive.

*In case it misses the notice of anyone, Microsoft is not the only large software company. In fact, the last I read, Apple is making more money than Microsoft.

For some reason you also view home and office systems as the only targets. Since most of the world's servers use Linux and BSD systems, why would they not be a preferred target? Internet traffic has increased dramatically and become somewhat important. Thus:
Quote:
Security isn't really the problem, though, since the vast majority of malware has some "victim" interaction (be it social or via computer).
And how do those victims encounter said malware? On the internet perhaps? I do not want to bash Windows here, but with viruses and other so-called malware infesting websites, a system as vulnerable to security threats as Windows is will have proportionately more "victims" than other systems.

Last edited by Randicus Draco Albus; 06-20-2014 at 10:45 PM.
 
Old 06-21-2014, 02:02 AM   #43
cynwulf
Senior Member
 
Registered: Apr 2005
Location: Walsall, England
Distribution: OpenBSD
Posts: 1,920
Blog Entries: 5

Rep: Reputation: 981Reputation: 981Reputation: 981Reputation: 981Reputation: 981Reputation: 981Reputation: 981Reputation: 981
Quote:
Originally Posted by 273 View Post
Not what I was saying at all. Why so defensive?
Not defensive at all. I've already quoted the one overly defensive post in this thread - and it wasn't one of mine.
Quote:
Originally Posted by 273 View Post
Did you read my last two paragraphs which explained my earlier posts?
Did you read or understand anything I posted? It appears not.
Quote:
Originally Posted by 273 View Post
How about some actual dialogue about what makes systems trustworthy or secure rather than recycled platitudes?
That's what is being attempted, though if you really want to know why *nix systems are more secure than windows, you'd better do some reading...
Quote:
Originally Posted by Syndacate View Post
You're right in that *nix systems by design nature are more secure..but is simply all about marketshare..
Do you not see how nonsensical this statement is?

Quote:
Originally Posted by Syndacate
Security isn't really the problem, though, since the vast majority of malware has some "victim" interaction (be it social or via computer). The problem is where people source software from.
Security isn't the problem? "Security" is what we have, along with good system administration practices, to prevent malware taking over a system. I touched on where people source software from already - as one of the main flaws of windws.

Quote:
Originally Posted by Syndacate
Trusted sites really aren't a problem for the most part, closed or open, though with open source you have the peace of mind that you can verify it...but most people don't. If you start running binaries obtained off some sketchy website it doesn't matter much which system is more secure, the malware will be installed because the user allowed it to be.
You miss the point entirely. Of course almost no end users look through the source of every, or indeed any, program they install. GNU/Linux being open source is a big factor in it being more secure, but the source being open to end users to look at before deciding to install software is not an issue.

Comparing a multi user UNIX - like operating system like OpenBSD, NetBSD, Debian, RHEL all based on open source code which has been tried, tested and audited over 40+ years to an OS like windows (closed source, small team, proven record of major security flaws, holes) in terms of security is pointless. I won't do the research for you, do some reading... or not - up to you.

Last edited by cynwulf; 06-21-2014 at 02:04 AM.
 
Old 06-21-2014, 03:26 AM   #44
Shadow_7
Senior Member
 
Registered: Feb 2003
Distribution: debian
Posts: 2,979
Blog Entries: 1

Rep: Reputation: 625Reputation: 625Reputation: 625Reputation: 625Reputation: 625Reputation: 625
Quote:
Originally Posted by Syndacate View Post
...What I mean by it being irrelevant is not that there's no systems running old software, but rather you can't use it as a metric for "standard security" when the majority of systems are running up-to-date server software. Finding a vulnerability with the latest/most relevant software I feel is much more important over finding one in old, outdated software. Software development is a continuous development process, so the vast majority of times software will get better given time.
I would call that optimistic. But I guess it depends on what you call a server. My ddwrt routers at home run a version of the firmware that is over a year old and is not the latest by any stretch. The lastest version of the firmware does run and doesn't brick the device, but I lose hardware support (wireless) on them, so that's not going to happen.
 
Old 06-21-2014, 03:36 AM   #45
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 6,612

Rep: Reputation: 1884Reputation: 1884Reputation: 1884Reputation: 1884Reputation: 1884Reputation: 1884Reputation: 1884Reputation: 1884Reputation: 1884Reputation: 1884Reputation: 1884
I can't believe that the same old claptrap about Linux running on so many servers so that means it has a higher market share than Microsoft thus proving that malware is not targeted by market share is being trotted out. Really, I expected better.
If you don't understand the difference between cheap, mass-produced malware requiring user interaction and targeted server attacks then I suggest you think about it a little.
I now know why so many people dismiss Linux when the advocates try to deny the most simple premise to try to venerate their most trusted operating system.
By the way, Shadow_7, I'd google around a bit as a lot of older router firmware has been found to be vulnerable. I'm sure that's just because it is a badly written operating system though and not because it has been a round a while.
Similarly I'm sure that the malware in the Android store is only because Linux is a rubbish insecure operating system by design and not because Android is increasingly popular.

Last edited by 273; 06-21-2014 at 03:38 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Can I trust linux? JonJAN Linux - Security 13 08-15-2011 02:24 PM
Software signature is required..Do you trust the source of the packages ? TheIndependentAquarius General 18 09-29-2010 09:36 PM
How much do you trust Linux? JROCK1980 Linux - Security 0 02-22-2004 03:27 AM
Connecting a Trust cam. to linux box bwyatt Linux - Hardware 3 07-02-2003 08:50 AM


All times are GMT -5. The time now is 09:41 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration