[Wolves] Smart phones and Viruses

Andy Smith andy at lug.org.uk
Sat Aug 9 04:59:26 BST 2008 

Hi Kris,

On Thu, Aug 07, 2008 at 04:50:30PM +0100, Kris Douglas wrote:
> Still, the massive variations on Linux platforms means that the virus
> has to be designed for your system, meaning they aren't always the
> best at being hacked.

That is a very radical claim which I'm not sure there is any
justification for.  I think the average desktop install of a Linux
distribution is very similar to every other Linux distribution in
terms of what processes it has running, and what kernel (and
versions of that kernel) it uses.

A virus does not need to be designed for your system, merely for
your crond, init daemon, libc, web browser, ...  If you look at how
a typical Windows virus works, once run it exploits some bug in the
Windows kernel or else in processes that are "always" running.
Linux has a kernel and many processes that are "always" running.
Are you really claiming that there is much diversity amongst the
current crop of distributions where this is concerned?

Even the configurations of common software tends to be very similar
across different distributions.  All that tends to change is
packaging and skinning.

The obvious answer to why viruses are not a major issue on Linux is
simply because there are hardly any Linux users in comparison to
Windows users.

I think if anyone sat down and audited the kernel source or that of
common Linux daemons they would find about as many security bugs as
in typical Windows programs, on a bugs-per-line-of-code basis.  The
main difference is that anyone really can do this with open source /
free software.

And before anyone says, "well Windows users often run as
Administrator all the time, but Linux users do not, so they are
safe(r)." there is still plenty of badness that can be done as a
regular user, including reading all your user files, or relaying
spam.

As for the initial vector of infection for Windows viruses, it is
usually user error plus Internet Explorer or Outlook.  The sort of
people who get infected via IE or Outlook just do not run Firefox,
or Thunderbird, or Linux, or any other alternative to IE and
Outlook.  It's actually quite hard to execute arbitrary code through
IE or Outlook these days, yet these users somehow manage it on a
regular basis.  If those users suddenly switched to Linux en masse,
is the story going to be any different?

I don't think that the fundamental issues of computer security go
away if Windows goes away.  The weakest link in the chain is the
human!

Cheers,
Andy

-- 
http://bitfolk.com/ -- No-nonsense VPS hosting
Encrypted mail welcome - keyid 0x604DE5DB
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://mailman.lug.org.uk/pipermail/wolves/attachments/20080809/3889d325/attachment.bin

More information about the Wolves mailing list