The GNU/Linux Desktop: Nine Myths

The vast majority of malware on desktops today didn't get there through an errant message or a malformed packet or a buffer overflow. It got there because the user clicked on something they didn't know they weren't supposed to click on.

Actually, that's only part one. Part two is when there are exploitable holes in the operating system that said malware takes advantage of.

Holes which Microsoft software is full of and Unixy systems are not.

I'm happy to grant you the premise, for purposes of this discussion, that Linux systems are less buggy and less vulnerable to 0day remote exploits than Windows. It's irrelevant, because that's not how attacks come.

Not irrelevant because that's exactly how attacks come. Like this one: 0-day exploit for Internet Explorer in the wild

My Debian box at home is not vulnerable to attacks by the Downadup worm. It is also not vulnerable to attacks by velociraptors. But at the end of the day, when I go install some shareware game on my Debian box, I put myself at just as much risk as I would on Windows.

It is true that the most dangerous initial threat to any machine is the authorized user. But if that were the only threat then the few existing Linux-attacking worms would run rampant across Linux systems. But they don't. Because while a user downloading something dangerous is a problem on any machine, a user downloading something dangerous on a Windows machine goes to the next level with privilege escalations and further tomfoolery that Microsoft has not been able to fix.

And will never fix unless they abandon their current buggy codebase.

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.