An average article about Worms and Viruses...

From: Dave Hall <linux_at_no.spam.please>
Date: Tue Sep 16 2003 - 00:33:02 CST

On Mon, Sep 15, 2003 at 11:33:09PM -0600, Chris Fazekas wrote:
> > > That's great! Although I think that if we migrate away from MS
> > > products, people will just try that much harder to find security
> > > problems in other software, and we will have a similar, yet less brutal,
> > > situation.
> >
> > The problem, as I see it, is the fact we have a near homogenous network.
> > If every machine is vulnerable to the same exploit, a carefully deployed
> > exploit can take down every machine. It doesn't matter if the
> > network is 100% Linux, 100% MacOS, or 100% Microsoft... the problem
> > is too many of one OS. If we had a world of 16% MS, 16% Linux, 16%
> > MacOS, 16% FreeBSD, 16% BeOS, and 20% OpenBSD, a single exploit
> > could take down, at most, 16% of the network -- not the 80 or 90%
> > situation we have now.
> >
> > I'm not looking for world domination by Linux. That would give us
> > the same problem we have now, except I would be part of it rather
> > than watching from the sidelines. We need a bigger variety of OSes.
> >
> > I am reminded of the great potato famine, of which I know very
> > little. Apparently, nearly the entire potato crop of Ireland was
> > wiped out by a virus. The first problem was the single strain of
> > potato planted by everyone meant that a virus which that strain had
> > no resistance to could wipe out nearly 100% of the year's crop. If
> > there had been 4 strains, equally planted, a virus which attacked a
> > particular strain would have left 75% of the year's crop. The
> > second problems was the people's near 100% reliance on potatos for
> > food. They literally starved because they didn't have potatos. If
> > people had a more varied diet, they could have survived. It's
> > really the same story in a different time.
> I agree with most of your summary. A group of 16% share-holders will
> obviously never happen. I also agree that either 100% of Windows, or 100% of
> Linux, or 100% Mac will all lead to the same outcome no matter how you look
> at it... the mass of Spams & Viruses will always be directed towards the
> greater (market) percentage.
> So, why is Microsoft targeted now? Mainly because it is the 'big gun', and
> it has numerous ongoing security issues (sigh). So why isn't Mac nor Linux
> targeted more heavily? Well, they are not used in large by the 'common' user,
> (common - being one who doesn't know how to update their O/S with security
> patches*, run a virus scanner, nor firewall, or type with more than one
> finger, toe, etc).

I agree with Scott that diveristy of platforms and applications will dilute
the risk. I don't think it's the solution, It just means the malicious
coders will have no attack multiple vulnerabilities to have the same effect.

MS is targets not simply because it is the most common OS but because it is
and easy target. The system, much like a number of Linux distos focuses on
building a single system for all applications. This proliferation of
unneeded and typically unattended applications leaves a lot more possible
points to attack.

A system sitting on a network running no services is much more difficult
to attack that one with multiple services, particularly services the
operator is unaware of. I believe that if more systems shipped with all
the unnecessary crud turned off by default the scale of these recent
exploits would be reduced substantially.

Of course, good design and coding practices could practically eliminate the
problems but for existing problem software, particularly commercially
successful software, there is little motivation to go back to the drawing
board and rewrite it.

I like how Scott pegged OpenBSD at 20%. I really like the approach they
have taken. They regularly audit their code for potential vulnerabilities
and use of functions that could lead to an exploit. They ship with a
minimal set of applications installed and almost nothing turned on. They
are now implementing techniques that make it hard to make use of a
buffer overflow if one were to exist. I like these principles. If more
OS distributions followed these principles, I think attacks would be
way more difficult and much less common.

As for e-mail viruses, that's just social engineering assistend by a
braindead MUA.

Spam is another beast,

| <- You must be smarter than this stick to ride
     the Internet		-Mike Handler
Received on Tue Sep 16 00:33:02 2003

This archive was generated by hypermail 2.1.8 : Mon Mar 06 2006 - 18:35:12 CST