|wa desert rat|
| 2:31 am on Mar 20, 2014 (gmt 0)|
And finally, the old saw that Windows is targeted because there are so many of them is only partly right. They are targeted because it is ridiculously easy to exploit them AND there are a lot of them
The only known operating system that could be owned by simply mousing over a single pixel on a web site. Good grief!
| 8:31 am on Mar 20, 2014 (gmt 0)|
|Android does dispel some myths about Linux not getting viruses, there are plenty of instances of exploits out there. |
Are the bits of Android that are exploited parts it shares with conventional Linux? What proportion are social engineering attacks? Without answers to those questions it proves nothing.
Also, how come Windows servers have a worse track record than *nix servers? There are fewer of them.
| 9:42 pm on Mar 20, 2014 (gmt 0)|
> And then there are the botnets of infected Windows boxes
And linux boxes, as I noted. There are a lot of linux servers being used as botnets. And Android, which is NOT always infected by users installing junk apps. Some apps appear to be doing a useful job but have hidden expolit functions. The fault, of course, lies with the appstore having such lax rules. I wonder who administers it? :)
Whether or not the IP of a virus implanter is static does not matter, except in so far as your mail servers implement DSL range blocks. And Windows would only fall for such attacks if the adminstrator/user were careless or stupid. My local windows machines are virus-free and I've had only one expolit on my online web server and that was through an exploitable FTP srver, still not fully explained but I believe was via a password stolen from one of my clients.
It all comes down to the implementation and implementer/maintainer. If they know what they are doing Windows is almost as safe as linux: the difference is. With linux you do not have to work quite so hard at protecting it.
Sorry, guys. We seem to have strayed from the original topic.
I'm about to find out about Hyper-V "VPS" on a Windows box. I've rented the windows 2012 server and expect access in a day or so. I will, during the next week, try installing postscript. I'm also hoping to use linux FTP services to give users (and me!) safer access to their web sites: we'll have to see about that one. :)
|wa desert rat|
| 11:45 pm on Mar 20, 2014 (gmt 0)|
|And Android, which is NOT always infected by users installing junk apps. Some apps appear to be doing a useful job but have hidden expolit functions. The fault, of course, lies with the appstore having such lax rules. I wonder who administers it? :) |
Android, which is based on Linux but developed by Google, has been highly altered to make it easy to work with on a phone or tablet. Even so, your first sentence is contradicted by your second sentence. I'm not sure what you're driving at.
And Windows is exploitable because of a decision made when they designed Win98. Gates thought that the Internet was a fad and that his market would be businesses using file sharing (SMB) and home users playing games. To that end he ignored tcp/ip (added later by stealing it from BSD Unix - it even had the copyright for years) and tying the graphics closely to the core of the OS (ring zero). Changing that now would require a major change in the APIs but it is at the heart of why Windows OSes are all exploitable; and mostly in the same ways.
Linux can be cracked but it is much mroe difficult to exploit and turn it into a botnet. Even the few "botnets" based on Linux are Java-based (an exploit through Java). That fix, btw, has been out for some time.
The conventional wisdom that Linux is just as insecure as Windows has been pushed by Microsoft and its allies because if the business world ever discovered that the insane amounts of money they spend to keep their MS networks safe could have been avoided, I suspect they'd revolt.
| 11:57 pm on Mar 20, 2014 (gmt 0)|
There has been no successful exploit of Linux since 2002 so, no, Linux does not get viruses. And, even then, that virus was squashed the same day.
|As to "linux does not get viruses" - that is not stricly true. |
Which is the biggest difference with Windows where such things get installed by smart users. It's that inability to be installed on their own that is Linux/Unix/BSD's biggest protection.
|Viruses are targetted at linux, though less often, and can be installed on the machine by an inattentive or dumb "user". |
Please don't blame Linux servers for PHP and the admin's fault. Linux had nothing to do with that problem.
|As well as this, there was a bulletin today concerning linux web servers which are vulnerable because they haven't upgraded PHP (for example). |
Let's also not get into the latest fad "threat".
|Some (probably not all) has been designed and installed by NSA aided no doubt by GCHQ. |
| 2:14 pm on Mar 21, 2014 (gmt 0)|
|The same could be said about most environments, in many cases users open an email attachment or knowingly install software that has a hidden payload. |
Has there been even a single Linux exploit that requires only opening an email?
Linux software is almost always installed from a repository and signed. There is little temptation even for naive users to download stuff of the internet and install it because it is difficult to do that, whereas installing from a repo (the Linux equivalent of an app store) is the easier.
In fact, that style of software installation is probably the best single thing about Linux and open source BSD. Windows and Mac now have app stores that are sort of similar, but they STILL do not have dependency management.
| 2:15 pm on Mar 21, 2014 (gmt 0)|
@dstiles, you are right we have wondered off the thread topic. Perhaps a moderator can cut some of this to a separate thread?
| 9:37 pm on Mar 21, 2014 (gmt 0)|
drhowarddrfine - and today there is evidence of unpatched linux being infected. Admittedly some are over 7 years old. Again, I accept this is user problems.
graeme_p - As we've noted, usually it requires someone to accept the payload. I have several linux apps that I had to install outside of the repository but I do tread with care. :)
Again, I accept that linux viruses come into the hens' teeth and rocking-horse droppings category.
On topic: I got control of the windows 2012 box today and am gradually working through various security settings, setting up disk paritions etc. Hopefully installing linux into a partition over the weekend.
| This 38 message thread spans 2 pages: < < 38 ( 1  ) |