LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-21-2014, 04:08 AM   #46
Randicus Draco Albus
Senior Member
 
Registered: May 2011
Location: Hiding somewhere on planet Earth.
Distribution: OpenBSD
Posts: 1,647
Blog Entries: 8

Rep: Reputation: 578Reputation: 578Reputation: 578Reputation: 578Reputation: 578Reputation: 578

Quote:
Originally Posted by 273 View Post
I can't believe that the same old claptrap about Linux running on so many servers so that means it has a higher market share than Microsoft thus proving that malware is not targeted by market share is being trotted out. Really, I expected better.
No one has stated any such thing. What has been pointed out is that servers will a tempting target. Why?
Quote:
cheap, mass-produced malware requiring user interaction
What is the most effective way to infect the largest number of computers? Target each computer downloading files or infect the servers and websites the files are downloaded from?

This is simply another case of a couple people making incomplete, inaccurate, misunderstood or false statements (in this case #2 and 3), someone else adding more information or clarification (in this case the latter), and the original participants refusing to acknowledge even the possibility of error.
Quote:
Really, I expected better.
But we all know that the quickest way to destroy a good discussion is to confuse the issue with facts, and the easiest way to make oneself look stupid is to admit when one is wrong. (In case it is not obvious, the foregoing is sarcasm.)
 
Old 06-21-2014, 04:16 AM   #47
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 6,589

Rep: Reputation: 1879Reputation: 1879Reputation: 1879Reputation: 1879Reputation: 1879Reputation: 1879Reputation: 1879Reputation: 1879Reputation: 1879Reputation: 1879Reputation: 1879
Quote:
Originally Posted by Randicus Draco Albus View Post
What is the most effective way to infect the largest number of computers? Target each computer downloading files or infect the servers and websites the files are downloaded from?
which has happened through vulnerabilities in things like PHP. Which OS would the served malware be targeted for? Linux that has ~1% desktop market share or Windows that has ~90%?
Oh, of course, it's Windows because it's more vulnerable. Except, of course, it is not as a piece of user-space malware using a browser exploit is about as hard under any OS since most Linux installs have absolutely no protection against it at all -- putting them on a par with Windows.
I really cannot believe that in pointing out the logical flaws of a couple of posts we descend into attempts to try to explain how malware targeting has nothing to do with market share.
I suppose you also missed the malware for that rubbish OS Linux Android or that rubbish OS Linux embedded in routers. Both, of course, targeted due to a rubbish OS with poor security models and nothing to do with the fact there are a lot of devices running them.
 
Old 06-21-2014, 04:48 AM   #48
Randicus Draco Albus
Senior Member
 
Registered: May 2011
Location: Hiding somewhere on planet Earth.
Distribution: OpenBSD
Posts: 1,647
Blog Entries: 8

Rep: Reputation: 578Reputation: 578Reputation: 578Reputation: 578Reputation: 578Reputation: 578
Quote:
I really cannot believe that in pointing out the logical flaws of a couple of posts we descend into attempts to try to explain how malware targeting has nothing to do with market share.
Why do you claim others state the opposite of what they actually state, then argue those other people are wrong? Do I need to post a face-palm photograph? No one has claimed market share is not a factor. Or as you put it, has nothing to do with it.

We state; Market share is only one factor.
You reply; You are wrong to claim market share is irrelevant.

We state; Servers are also a target, because they can easily spread malware.
You reply; You are wrong to claim only servers are targeted.


Read what is posted, twice or thrice if necessary, before responding. Twisting, distorting and ignoring what other participants in a discussion say or post, then vehemently arguing against something that was not said or written does not win a debate.
 
Old 06-21-2014, 04:53 AM   #49
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 6,589

Rep: Reputation: 1879Reputation: 1879Reputation: 1879Reputation: 1879Reputation: 1879Reputation: 1879Reputation: 1879Reputation: 1879Reputation: 1879Reputation: 1879Reputation: 1879
I think we come back to this.
Quote:
Originally Posted by 273 View Post
I labeled your post as knee-jerk because you replied to my discussion of another poster's points, in which I pointed out the non-controversial point that install base may lead to more malware and more reported malware for Windows, with a post addressed as if it were to a Windows-only user who "deosn't get it".
I am aware that the base of Linux and Unix have historically meant they are more secure by design than Windows but that is largely irrelevant to my reply especially given the post I was replying to.
When you expend your reasoning in subsequent posts I don't think you'll find we disagree in any way that is particularly significant. I just found your post was a distraction to the point I was trying to make to Pan64 that it is not only Linux users who monitor their systems closely so that may not be a point in its favour and, given other factors, could be more to Windows' favour. I was hoping Pan64 would reply with more detail as I think it's an interesting idea to explore.
I'm still waiting for the further explanations I mentioned here.
Quote:
Originally Posted by 273 View Post
To go back to my original points:
It is not enough to say that "I only compile from source because that is safer!" unless you actually read, analyse and understand the source.
It is not enough to say that "I analyse all the coming and going of my Linux system therefore Linus is safer" unless nobody does the same for Windows.
I'm apologise, I fear I am not making myself clear.
 
Old 06-21-2014, 07:57 AM   #50
Shadow_7
Senior Member
 
Registered: Feb 2003
Distribution: debian
Posts: 2,973
Blog Entries: 1

Rep: Reputation: 620Reputation: 620Reputation: 620Reputation: 620Reputation: 620Reputation: 620
The malware for said routers was shown to have a vulnerability. And the fix was to make that vulnerability only exposed to the intranet, not to remove the flaw. For the firmware supplied by the manufacturer of the device. Which was most of my reasoning for going with ddwrt. And now that I've used ddwrt, it's nice to have more wireless encryption options than what came with the device and they actually work.

I don't know if you've done much programming. But when I was coding for an m$ shop, the manuals spent more time explaining why you shouldn't use this or that function because it's wrong or unreliable, or whatever. In linux those flaws get fixed, in said m$ platform, it is what it is, till the ends of time. Linux may very well be crap, but at the end of the day it's the most useful and polished turd you could ever hope to be burning inside a paper bag on your front porch. When the microsoft one burns the mice and rats relocate for a period and you actually have to buy food to feed your cat. Plus a new couch because the cat had to stay active.
 
Old 06-21-2014, 07:07 PM   #51
cynwulf
Senior Member
 
Registered: Apr 2005
Location: Walsall, England
Distribution: OpenBSD
Posts: 1,914
Blog Entries: 5

Rep: Reputation: 972Reputation: 972Reputation: 972Reputation: 972Reputation: 972Reputation: 972Reputation: 972Reputation: 972
Quote:
Originally Posted by 273 View Post
I can't believe that the same old claptrap about Linux running on so many servers so that means it has a higher market share than Microsoft
No one made any such claim...

Quote:
Originally Posted by 273 View Post
thus proving that malware is not targeted by market share is being trotted out. Really, I expected better.
Quote:
Originally Posted by 273 View Post
If you don't understand the difference between [blah blah blah]
Give it a rest.
Quote:
Originally Posted by 273 View Post
I now know why so many people dismiss Linux when the advocates try to deny the most simple premise to try to venerate their most trusted operating system.
Bollocks - and yet another straw man argument.
Quote:
Originally Posted by 273 View Post
By the way, Shadow_7, I'd google around a bit as a lot of older router firmware has been found to be vulnerable. I'm sure that's just because it is a badly written operating system though and not because it has been a round a while.
If those vendors don't support and patch their Linux based devices, then what is to be done...? Yet again another irrelevant aside.
Quote:
Originally Posted by 273 View Post
Similarly I'm sure that the malware in the Android store is only because Linux is a rubbish insecure operating system by design and not because Android is increasingly popular.
Android uses the Linux kernel, but a completely different userland (much the same kind of thing as any other smartphone). "google around"
 
Old 06-21-2014, 07:23 PM   #52
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 6,589

Rep: Reputation: 1879Reputation: 1879Reputation: 1879Reputation: 1879Reputation: 1879Reputation: 1879Reputation: 1879Reputation: 1879Reputation: 1879Reputation: 1879Reputation: 1879
Wow, I make a comment in passing about market share and still the Linux Fan posts come.
 
Old 06-21-2014, 07:24 PM   #53
replica9000
Senior Member
 
Registered: Jul 2006
Location: USA
Distribution: Debian, FreeBSD, Android
Posts: 1,050
Blog Entries: 2

Rep: Reputation: 224Reputation: 224Reputation: 224
opcorn:
 
Old 06-22-2014, 01:38 AM   #54
cynwulf
Senior Member
 
Registered: Apr 2005
Location: Walsall, England
Distribution: OpenBSD
Posts: 1,914
Blog Entries: 5

Rep: Reputation: 972Reputation: 972Reputation: 972Reputation: 972Reputation: 972Reputation: 972Reputation: 972Reputation: 972
Quote:
Originally Posted by 273 View Post
Wow, I make a comment in passing about market share and still the Linux Fan posts come.
Yet you still reply... and resort to sticking labels, making incorrect generalisations.

This thread reminds me of your idiotic "iceweasel IS NOT firefox" multi page embarrassment of a few years ago. In that thread also you refused to see the point of view of anyone else in the thread, nor accept that you had overwhelmingly been proven wrong and resorted to ad hominem attacks.

In this thread you got your knickers in a twist over my initial reply and since then have been trying to save face - trying to portray this as otherwise is futile as anyone can read the thread.

Done.
 
Old 06-22-2014, 03:25 AM   #55
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 6,589

Rep: Reputation: 1879Reputation: 1879Reputation: 1879Reputation: 1879Reputation: 1879Reputation: 1879Reputation: 1879Reputation: 1879Reputation: 1879Reputation: 1879Reputation: 1879
I am replying because I am waiting for a response to my earlier post:
Quote:
Originally Posted by 273 View Post
To go back to my original points:
It is not enough to say that "I only compile from source because that is safer!" unless you actually read, analyse and understand the source.
It is not enough to say that "I analyse all the coming and going of my Linux system therefore Linus is safer" unless nobody does the same for Windows.
I'm apologise, I fear I am not making myself clear.
 
Old 06-22-2014, 04:59 AM   #56
Randicus Draco Albus
Senior Member
 
Registered: May 2011
Location: Hiding somewhere on planet Earth.
Distribution: OpenBSD
Posts: 1,647
Blog Entries: 8

Rep: Reputation: 578Reputation: 578Reputation: 578Reputation: 578Reputation: 578Reputation: 578
Quote:
Originally Posted by 273 View Post
I am replying because I am waiting for a response to my earlier post:

It is not enough to say that "I analyse all the coming and going of my Linux system therefore Linus is safer" unless nobody does the same for Windows.
Perhaps users having the availability to analyse the system makes it potentially much safer than a system (Windows) that hides the internal workings from users? Not to mention the UNIX file system is inherently safer than that used by Windows. (Notice I used the words potentially much safer, not much safer; and inherently safer, not definitely, certainly or infinitely safer.)
 
Old 06-22-2014, 05:07 AM   #57
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 6,589

Rep: Reputation: 1879Reputation: 1879Reputation: 1879Reputation: 1879Reputation: 1879Reputation: 1879Reputation: 1879Reputation: 1879Reputation: 1879Reputation: 1879Reputation: 1879
Quote:
Originally Posted by Randicus Draco Albus View Post
Perhaps users having the availability to analyse the system makes it potentially much safer than a system (Windows) that hides the internal workings from users? Not to mention the UNIX file system is inherently safer than that used by Windows. (Notice I used the words potentially much safer, not much safer; and inherently safer, not definitely, certainly or infinitely safer.)
Thanks, you made me think there and I realised that putting together the two ideas of analysing what the system is doing and being able to see the source code means that if, for example, you find a process listening on a port you can then check the code for that process and perhaps gain an understanding of why. Similarly if you see data being transmitted -- you can dig into the code of that process and perhaps see what is being transmitted. Sure, if you don't know C at all then it could be a little bit of a challenge but it may still be possible.
Also, to answer my own question, if you compile everything yourself form source then you know that you have the exact source code used for that application so if at a later date you do want to analyse as above you know you're analysing the full source.
 
Old 06-22-2014, 08:32 AM   #58
onebuck
Moderator
 
Registered: Jan 2005
Location: Midwest USA, Central Illinois
Distribution: SlackwareŽ
Posts: 12,712
Blog Entries: 27

Rep: Reputation: 2055Reputation: 2055Reputation: 2055Reputation: 2055Reputation: 2055Reputation: 2055Reputation: 2055Reputation: 2055Reputation: 2055Reputation: 2055Reputation: 2055
Member Response

Hi,

The two major reason for my use of Slackware are that I trust Patrick & Team for their maintenance record for Slackware. Along with team members that participate with 'Slackbuilds.org';
Quote:
The SlackBuilds.org project is maintained by a small group of people, but we want the scripts in our repository to be representative of the entire Slackware user community. There's no way that the few of us can possibly write scripts for all of the extra applications that users want to have, so we depend on YOU to help us out. If there's some application that you use, and we don't have it in our repository already, please consider writing a build script for it and submitting it to us for possible inclusion - see the Submissions page.
AlienBob maintains his packages at his site;
Quote:
From README;
Slackware packages made by Alien ================================
Here you'll find the Slackware packages I built and that other people requested to be made available (or that I thought you might like). Alien's SlackBuilds contain a 'build' and a 'pkg' directory. The 'build' directory contains everything (SlackBuild script, slack-desc file. plus all the source files) you'll need when you want to build the packages yourself. The 'pkg' directory contains the binary packages, ready for installation using 'installpkg' or 'upgradepkg'. You'll find *.tgz (the package itself), *.txt (the package description) and *.md5 (containing the md5 checksum of the package) files in each 'pkg' directory. The optional 'tmp' directory contains the directory structure that is packed into _<packagename>.tar.gz file in the 'build' directory. This is a skeleton for building the package. An easy way to download the 'build' directory for any of the available programs to your local computer is the following command (provided you installed the lftp package) - Change the string <program> to the name of the package you want to download: lftp -c "open http://www.slackware.com/~alien/slackbuilds/<program>/; mirror build" Then do cd build sh <program>.SlackBuild to build a package which will be created in the /tmp directory. If you have any questions or requests, drop me a line. You can contact me in Freenode IRC in #slackbuilds. Look out for alienBOB. Eric Hameleers < alien -at- slackware -dot- com > / 28-nov-2006 /
Eric's involvement with Slackware is much appreciated by the Slackware community. I have used Slackware since the first release and find the resources very broad and when a problem arises the issues are immediately addressed by the team or Slackware community. Look at the official Slackware forum to get a feel for the interactivity of LQ Members. Look at [Slackware security] vulnerabilities outstanding 20140101 by mancha who is providing a great service back to the community and very much appreciated by all.

As you can see I am a avid supporter of Slackware by my personal involvement in helping my fellow Slackware LQ members and within my community when possible.

Another important thing to remember is History of this Gnu/Linux. Look at Slackware as the oldest active Gnu/Linux and still being a great usable distribution by a strong supporting community.

Hope this helps.
Have fun!
 
Old 06-22-2014, 01:00 PM   #59
frieza
Senior Member
 
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,214

Rep: Reputation: 397Reputation: 397Reputation: 397Reputation: 397
Quote:
Originally Posted by 273 View Post
Servers run by admins who know their stuff and servers which are, generally, in server farms and very, very well secured.
this is true, however this is really not really relevant in some ways as 'server' versions of windows are more hardened out of box than 'home' versions of windows which not only have a lot of the server features turned off but removed entirely.

Quote:
Originally Posted by 273 View Post
Windows runs on more PCs than anything else and that's why the criminals attack it and the casual virus writers used to also, though the latter did it for fun.
Talk of "the biggest server market share" is completely forgetting that any criminal will go after easy pickings. How many kids do you think know how to hot-wire a Ferrari? Ferraris may, or may not, be harder to steal but when it comes down to it the kids don't see them -- the same goes for Linux.
nothing is completely secure, even fort knox can be robbed if enough people with the right equipment have enough smarts, determination and time.
the big difference between linux and windows here

market share may be one factor, but isn't the be-all and end all as those numbers are heavily skewed towards windows, since it's impossible to keep track of how many actual people are using a free software like Linux, and since buying a computer from a big box store such as wal-mart or best buy etc.. comes pre-installed with windows, so that counts as a windows user in the demographics even if that computer gets re-formatted with linux the moment it is removed from the box


Quote:
Originally Posted by 273 View Post
Again, I can't believe I'm having this conversation with people who know about these things. I think it reflects very badly upon Linux that whenever things like the fact market share may affect targeting of malware people get defensive.
i believe most people are simply saying it isn't the ONLY factor in these issues
the fact is, windows is built to spoon feed the average idiot who doesn't want to bother them selves with the more 'technical' aspects of a computer, but this spoon feeding comes at a cost of leaving holes in the system big enough to pilot o jumbo jet through.

one of the chief complaints of people trying to switch from windows to linux is that it isn't 'user friendly' enough, but their concept of 'user friendly' amounts to
'just do it for me' without realizing that by automating a system to the extent windows does compromises the very security they were hoping to achieve by switching to linux in the first place

Quote:
Originally Posted by 273 View Post

To go back to my original points:
It is not enough to say that "I only compile from source because that is safer!" unless you actually read, analyse and understand the source.
It is not enough to say that "I analyse all the coming and going of my Linux system therefore Linus is safer" unless nobody does the same for Windows.
I'm apologise, I fear I am not making myself clear.
that is quite true, unless you analyze every line of code yourself, then you can't say that it's secure, however there are several levels that a computer can be infected, including the firmware, and boot sector, so ultimately you are going to have to trust someone.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Can I trust linux? JonJAN Linux - Security 13 08-15-2011 02:24 PM
Software signature is required..Do you trust the source of the packages ? TheIndependentAquarius General 18 09-29-2010 09:36 PM
How much do you trust Linux? JROCK1980 Linux - Security 0 02-22-2004 03:27 AM
Connecting a Trust cam. to linux box bwyatt Linux - Hardware 3 07-02-2003 08:50 AM


All times are GMT -5. The time now is 07:42 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration