FreeRepublic , LLC
PO BOX 9771
FRESNO, CA 93794
STOP BY A BUMP THE FUNDRAISER THREAD (It's in the Breaking News sidebar!)
Posted on 10/06/2003 8:31:20 AM PDT by ShadowAce
To mess up a Linux box, you need to work at it; to mess up your Windows box, you just need to work on it.
We've all heard it many times when a new Microsoft virus comes out. In fact, I've heard it a couple of times this week already. Someone on a mailing list or discussion forum complains about the latest in a long line of Microsoft email viruses or worms and recommends others consider Mac OS X or Linux as a somewhat safer computing platform. In response, another person named, oh, let's call him "Bill," says, basically, "How ridiculous! The only reason Microsoft software is the target of so many viruses is because it is so widely used! Why, if Linux or Mac OS X was as popular as Windows, there would be just as many viruses written for those platforms!"
Of course, it's not just "regular folks" on mailing lists who share this opinion. Businesspeople have expressed similar attitudes ... including ones who work for anti-virus companies. Jack Clarke, European product manager at McAfee, said, "So we will be seeing more Linux viruses as the OS becomes more common and popular."
Mr. Clarke is wrong.
Sure, there are Linux viruses. But let's compare the numbers. According to Dr. Nic Peeling and Dr Julian Satchell's Analysis of the Impact of Open Source Software (note: the link is to a 135 kb PDF file):
"There are about 60,000 viruses known for Windows, 40 or so for the Macintosh, about 5 for commercial Unix versions, and perhaps 40 for Linux. Most of the Windows viruses are not important, but many hundreds have caused widespread damage. Two or three of the Macintosh viruses were widespread enough to be of importance. None of the Unix or Linux viruses became widespread - most were confined to the laboratory."
Microsoft's email software is able to infect a user's computer when they do something as innocuous as read an email!
So there are far fewer viruses for Mac OS X and Linux. It's true that those two operating systems do not have monopoly numbers, though in some industries they have substantial numbers of users. But even if Linux becomes the dominant desktop computing platform, and Mac OS X continues its growth in businesses and homes, these Unix-based OS's will never experience all of the problems we're seeing now with email-borne viruses and worms in the Microsoft world. Why?
Why are Linux and Mac OS X safer?
First, look at the two factors that cause email viruses and worms to propagate: social engineering, and poorly designed software. Social engineering is the art of conning someone into doing something they shouldn't do, or revealing something that should be kept secret. Virus writers use social engineering to convince people to do stupid things, like open attachments that carry viruses and worms. Poorly designed software makes it easier for social engineering to take place, but such software can also subvert the efforts of a knowledgable, security-minded individual or organization. Together, the two factors can turn a single virus incident into a widespread disaster.
Let's look further at social engineering. Windows software is either executable or not, depending on the file extension. So if a file ends with ".exe" or ".scr", it can be run as a program (yes, of course, if you change a text file's extension from ".txt" to ".exe", nothing will happen, because it's not magically an executable; I'm talking about real executable programs). It's easy to run executables in the Windows world, and users who get an email with a subject line like "Check out this wicked screensaver!" and an attachment, too often click on it without thinking first, and bang! we're off to the races and a new worm has taken over their systems.
Even worse, Microsoft's email software is able to infect a user's computer when they do something as innocuous as read an email! Don't believe me? Take a look at Microsoft Security Bulletins MS99-032, MS00-043, MS01-015, MS01-020, MS02-068, or MS03-023, for instance. Notice that's at least one for the last five years. And though Microsoft's latest versions of Outlook block most executable attachments by default, it's still possible to override those protections.
This sort of social engineering, so easy to accomplish in Windows, requires far more steps and far greater effort on the part of the Linux user. Instead of just reading an email (... just reading an email?!?), a Linux user would have to read the email, save the attachment, give the attachment executable permissions, and then run the executable. Even as less sophisticated users begin to migrate to Linux, they may not understand exactly why they can't just execute attachments, but they will still have to go through the steps. As Martha Stewart would say, this is a good thing. Further, due to the strong community around Linux, new users will receive education and encouragement in areas such as email security that are currently lacking in the Windows world, which should help to alleviate any concerns on the part of newbies.
Further, due to the strong separation between normal users and the privileged root user, our Linux user would have to be running as root to really do any damage to the system. He could damage his /home directory, but that's about it. So the above steps now become the following: read, save, become root, give executable permissions, run. The more steps, the less likely a virus infection becomes, and certainly the less likely a catastrophically spreading virus becomes. And since Linux users are taught from the get-go to never run as root, and since Mac OS X doesn't even allow users to use the root account unless they first enable the option, it's obvious the likelihood of email-driven viruses and worms lessens on those platforms.
Unfortunately, running as root (or Administrator) is common in the Windows world. In fact, Microsoft is still engaging in this risky behavior. Windows XP, supposed Microsoft's most secure desktop operating system, automatically makes the first named user of the system an Administrator, with the power to do anything he wants to the computer. The reasons for this decision boggle the mind. With all the lost money and productivity over the last decade caused by countless Microsoft-borne viruses and worms, you'd think the company could have changed its procedures in this area, but no.
Even if the OS has been set up correctly, with an Administrator account and a non-privileged user account, things are still not copasetic. On a Windows system, programs installed by a non-Administrative user can still add DLLs and other system files that can be run at a level of permission that damages the system itself. Even worse, the collection of files on a Windows system - the operating system, the applications, and the user data - can't be kept apart from each other. Things are intermingled to a degree that makes it unlikely that they will ever be satisfactorily sorted out in any sensibly secure fashion.
The final reason why social engineering is easier in the Windows world is also an illustration of the dangers inherent in any monoculture, whether biological or technological. In the same way that genetic diversity in a population of living creatures is desirable because it reduces the likelihood that an illness - like a virus - will utterly wipe out every animal or plant, diversity in computing environments helps to protect the users of those devices.
Linux runs on many architectures, not just Intel, and there are many versions of Linux, many packaging systems, and many shells. But most obvious to the end user, Linux mail clients and address books are far from standardized. KMail, Mozilla Mail, Evolution, pine, mutt, emacs ... the list goes on. It's simply not like the Windows world, in which Microsoft's email programs - Outlook and Outlook Express - dominate. In the Windows world, a virus writer knows how the monoculture operates, so he can target his virus, secure in the knowledge that millions of systems have the same vulnerability. A virus targeted to a specific vulnerability in Evolution, on the other hand, might affect some people, but not everyone using Linux. The growth of the Microsoft monoculture in computing is a dangerous thing for users of Microsoft products, but also for all computing users, who suffer the consequences of disasters in that environment, such as wasted network resources, dangers to national security, and lost productivity (note: the link is to a 880 kb PDF file).
Now that we've looked at the social engineering side of things, let's examine software design for reasons why Linux (and Mac OS X) is better designed than Microsoft when it comes to email security. Microsoft continually links together its software, often not for technical reasons, but instead for marketing or business development reasons (see the previous link for corroboration). For instance, Outlook Express and Outlook both use the consistently-buggy Internet Explorer to view HTML-based emails. As a result, a hole in IE affects OE. Linux email readers don't indulge in such behavior, with two exceptions: Mozilla Mail uses the Gecko engine that powers Mozilla to view HTML-based email, while KMail relies on the KHTML engine that the Konqueror browser uses. Fortunately, both Mozilla and the KDE Project have excellent records when it comes to security.
Further, the email programs themselves are designed to act in a more secure manner. The default behavior of the email program I prefer - KMail - is to not load external references in messages, such as pictures and Web bugs, and to not display HTML. When an HTML-based email shows up in my Inbox, I see only the HTML code, and a message appears at the top of the email: "This is an HTML message. For security reasons, only the raw HTML code is shown. If you trust the sender of this message then you can activate formatted HTML display for this message by clicking here." But even after I activate the HTML, certain dynamic elements that can be introduced in an HTML-based email - like Java, Javascript, plugins and even the "refresh" META tag - do not display, and cannot even be enabled in KMail.
Finally, if there is an attachment, it does not automatically run ... ever. Instead, I have to click it, and when I do, I get a dialog box offering me three options: "Save As ..." (the default), "Open With ...", and "Cancel". If I have mapped a file type to a specific program - for instance, I have associated PDFs with the PS/PDF Viewer, then "Open With ..." instead says "Open", and if I choose "Open", then the file opens in the PS/PDF Viewer. However, in either case, the dialog box always contains a warning advising the user that attachments can compromise security. This is all good, very good.
For all these reasons, even if a few individuals got infected with a virus due to extremely foolish behavior, it's unlikely the virus would spread to other machines. Unlike Sobig.F, which is the fastest spreading virus ever, a Linux-based Virus would fizzle out quickly. Windows is an inviting petri dish for viruses and worms, while Linux is a hostile environment for such nasties.
Some caveats
There is one Linux distribution that is ignoring many years of common sense, good design, and an awareness of secure operating environments in favor of a Microsoft-like deprecation of security before the nebulous term "ease of use": Lindows. By default, Lindows runs the user of the system as root (and it even encourages the user to forgo setting up a root password during installation by labeling it as "optional"!), an unbelievably shortsighted decision that results in a Linux box with the same security as a Windows 9.x machine.
If you go to the Lindows Web site, they state that it is possible to add other, non-privileged users, but nowhere in the operating system do they advocate adding these other users. Yet they claim their distribution of Linux is secure! In an effort to emulate Microsoft and make things "easy", they have compromised the security of their users, an unforgivable action. No one in the field of security, or even IT, can recommend Lindows while such a blatant disregard for security is the norm for the OS.
Yet some Linux machines definitely need anti-virus software. Samba or NFS servers, for instance, may store documents in undocumented, vulnerable Microsoft formats, such as Word and Excel, that contain and propagate viruses. Linux mail servers should run AV software in order to neutralize viruses before they show up in the mailboxes of Outlook and Outlook Express users.
Security is, as we all know, a process, not a product. So when you use Linux, you're not using a perfectly safe OS. There is no such thing. But Linux and Mac OS X establish a more secure footing than Microsoft Windows, one that makes it far harder for viruses to take hold in the first place, but if one does take hold, harder to damage the system, but if one succeeds in damaging the system, harder to spread to other machines and repeat the process. When it comes to email-borne viruses and worms, Linux may not be completely immune - after all, nothing is immune to human gullibility and stupidity - but it is much more resistant. To mess up a Linux box, you need to work at it; to mess up your Windows box, you just need to work on it. I know which one I'll trust. How about you?
Wanna be Penguified? Just holla!
Got root?
And therein lies the rub...
For common users, an effective OS must balance security, ease-of-use, and cost-effectiveness. These all have trade-offs against one another.
You can make a fair argument that Microsoft has not struck the right balance, because of their desktop, pre-Internet tendencies. But just layering on more security is not the answer either. Software is going to be distributed over the Internet, and many common users are never going to learn how to manipulate executable settings.
So who's going to finally strike the right balance on security vs. usability vs. cost? Linux, which is aimed at geeks for the most part? Apple, which has always had premium prices? Or Microsoft, which has billions to spend and a huge installed base to protect, and has shown itself to be successful at producing what the common user wants to buy?
Well, I know Microsoft is doing something for the long term. They are transitioning their operating system API towards "managed code" in which, for example, buffer overruns (and the vulnerabilities they present) are impossible.
Perhaps Linux and the Mac are also addressing their limitations - with usability enhancements for Linux and more cost-effective alternatives for the Mac. Great. In that case, we'll have a competitive market, and it will be good for everybody.
But just slamming Microsoft as the villian in this drama is not helpful. Every currently available OS has strengths and weaknesses, and focusing on security while ignoring usability and cost-effectiveness means you can't do a very good job of analyzing those strengths and weaknesses.
How dare you impugn the honor and integrity of Might Microsoft with mere logic! You're just jealous because Windows sells so much! And it sells because it's a superior product.
Too late.
No, no, no, it's the other way around -- it's a superior product because it sells so much!
MS is the 'Brittney Spears' or 'McDonalds' of software, selling low-quality mass-market goods. The only problem is the folks who use MS in their real work. It's the same thing as if a professional caterer were to serve McDonalds food at a wedding. The IT world is just a brand-new market where consumers are largely completely ignorant. And there's no shortage of IT folks out there willing to sell them McDonalds, just to make a buck.
I always imagine the people around Brittney telling her the same things you hear from the MS-only folks. "Don't listen to the critics, Britt, you *do* have talent! You sell the most albums, that means you're the best singer in the world!"
No I'm not, doing just fine, thank you very much.
Right on, brother!
Wouldn't this theory ignore the differences in security of the operating system?
Okay, computer experts, can you answer this question for me? I'm on Mac OSX, and it insists that I have an administrator. Since I own the computer and am the only user, I have to be the admin. Does that mean that I am "using as root"?
No, root is disabled by default. You'd have to enable it a password it.
This is an example of the more secure out-of-the-box advantages over Windows for example.
Which gets to my pet peeve with MS.
Wouldn't it therefore make more sense to have the default install be more secure instead of leaving the windows (and doors) open on grandma's 'puter?
The Mac is not a "premium priced" computer. In fact, as an operational tool, as are many others in "high tech," the Mac, as do all computers, requires maintenance; and, the Mac is the lowest-priced computer, when the maintenance costs are taken into account.
Now, regarding your Mac running Mac OS X.
When fresh out of the box, a new Mac running Mac OS X, at some point during the initial setup process of displays presented on the screen, will request a username, a shortname, and a password.
Once these initial processes are completed and the desktop presents, it's a good idea to restart the Mac. Then restart it again.
Now, once that is all completed, you are most likely looking at the desktop for the user whom you entered in that initial username field. If you then double-click on the Users folder, you'll see in it, a folder that has for its icon, a small home (instead of the typical folder rendition). Note that the "home" folder has the shortname that you entered in the initial, out of the box processes.
Be default, this user has Administrative rights.
However, this user is NOT the root user.
After the initial startup(s), the initial user is logged on to the Mac automatically. Log on's can be set to happen manually or automatically.
By default, the Mac running Mac OS X, is not set up for a root user to log on --- there is a procedure for "enabling root user" that you must follow. Indeed, there are a few ways to enable the root user, and the best way to go about that, is by getting O'Reilly's book, Mac OS X; The Missing Manual, 2nd Edition. Therein, you'll find a reliable way to enable root, and also, what precautions you probably should follow.
The reason that I am not going to tell you how to do that, here, is because the book is invaluable for its many good tips. Get it; you'll see why; you'll be very glad you did.
Your user account is set to allow administrative priviliges, but it is not quite the same thing as running with the root account.
The administrative account allows you to enter a password to temporarily enable you to do the sort of things the root user can do - e.g. installing a system update. Then your priviliges are reduced back to the normal user level. This greatly reduces the chance of damaging a system file or files belonging to another user.
No, it's about who has the best system engineering. Linux and Mac OS X are superior by design.
Why not (I'm asking honestly)? How is being "one of the most" used server OS relevant to my (admittedly a guess) assumption? The vast majority of people out there are running Windows on their desktops. That creates an incentive for hackers to write crap that will affect those people.
If someone created a Linux virus that would essentially cripple it, how would it affect me? I am not familiar with any indirect contact with Linux I may have.
I believe you, but I also think that efforts to challenge those systems are dampened because they are not as widely used as Windows. If Linux was the only game in town, I would assume we'd see more attempts to screw with it.
I would think that Microsoft would improve its odds by establishing as part of its OS, a STEADFAST multi-boot feature for using both Windows and Linux on the same machine. The idea being that at any time, should the user choose to create a new Linux partition on their Windows box, or add a hard drive with Linux partitions only, or with Linux and Windows partitions ... then the Windows OS's multi-boot feature --- WITHOUT FUSS --- easily lets the user select between OS's at startup.
That scenario is something that Microsoft has tried to resist. I suspect that resistance is a mistake, much like saying that rail tracks on streets will never go away, based upon experience with early rubber tires on cars.
I suspect that there will be more multi-booting to come, and if Microsoft expects to sell "ease of use," then they'd better get with it.
W'd'ya think?
In the words of Homer J. Simpson: "They have the internet on computers now?"
Seriously, thanks for the info. So in your estimation, Linux is a bigger target but is just too tough to bring down? Is that a result of open-source?
Linux has a really nice IPTables implimentation that allows blocking of all ports you desire (on windows you need thrid party software.
If only the Windows users would create rescue disks (that includes backing up the Master Boot Record) and also back up their data, much of the cost of computer maintenance would decline dramatically.
A lot of "lost drives" are only suffering from corrupted MBR's; yet, it seems that "corrupted MBR's" are often because of hard disk drives in some kind of trouble (the problem repeats sometime within the week).
We use Norton Ghost to back up the Windows partition. We also use Norton Utilities to maintain its IMAGE.DAT file (which includes the MBR backup). We use Partition Magic also, to create rescue disks (which also include an MBR backup). Of course, we also back up the data.
On Mac OS X machines, we back up the data.
On Linux machines, we backup the data to Windows partitions, thence, to the routine Windows backup volumes; or, to Mac OS X partitions, thence, to the routine Mac backup volumes.
In general, we back up the data.
Last week, two friends with Windows boxes, all with hard drives that quit --- no data backed up. A third friend lost the video on her PC, which I fixed with a simple graphics card added to an available PCI slot ... and then I backed up the data.
"Be default, this user has Administrative rights."
May also be written as:
Be default, this user has Administrative privileges and capabilities.
Therefore, the answer as to why there are so many attacks on MS platforms is so obvious.
Microsoft OS's experience more virus attacks because it is the operating system of the ignorant computer user, which at this point in time in the world is the vast, vast majority of computer users out there.
Microsoft always has and always will provide an operating system for the LCD user. That is why they will always be exposed. That's proably why they will also always make the most bucks in the forseeable future. The definition of better for the techie is different than that of the consumer. I don't know why folks don't see this, except that for some, their operating system is their religion.
I think the point of the article was that it is not all about numbers.
| an effective OS must balance security, ease-of-use, and cost-effectiveness. These all have trade-offs against one another. You can make a fair argument that Microsoft has not struck the right balance...
But now we are learning the hard way that if we make it simple for people to run executable code without being "bothered with the details," the bad guys will take advantage of that to commit acts of vandalism and worse. There's another "social engineering" issue here, and it's that most people blow off the risk. We all know that a hard drive could fail at random at any moment, but how many people actually have a current backup? Same thing with viruses: there are several products out there that catch these things on their way in, but the vast majority of people can't be bothered with them. That's human nature, and it is never going to change. The "uninsured motorist" will always be with us, and when such people have their accidents, we will get stuck paying for their sins. If Microsoft ever made all the choices on this continuum default to the "secure" side instead of the "ease of use" side, there would be (a) weeping and gnashing of teeth from the customers, and (b) a brisk business for geeks in flipping all the switches back, even though the user would be told that this would open him up to virus attacks. What people are asking for here is a car that they can drive around safely in, in a country where lots of people run red lights. Sorry, but the car cannot protect you if you can't be bothered to watch for the people running the red lights. |
I have asked some questions, and some nice people have answered them. What's the problem?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.
I agree. With today's technology, ease-of-use and bulletproof security are at opposite ends of a continuum. Microsoft continually made those tradeoffs in favor of ease-of-use, and in a more pleasant world that would have been safe and sensible.