This is a read-only archive. Find the latest Linux articles, documentation, and answers at the new Linux.com!

Linux.com

Feature: Security

Can the malware industry be trusted?

By Joe Barr on June 07, 2006 (8:00:00 AM)

Share    Print    Comments   

Commentary: Internet security is big business. Microsoft Windows and Office vulnerabilities have made major contributions to making it -- and keeping it -- that way. Today, players like McAfee, Symantec, and dozens of other firms fight for a share of a market worth tens-of-billions of dollars a year. I would like to think that this industry displays the same high degree of ethical standards and integrity shown by other first-responders: our police forces, firefighters, and paramedics. Sure, there are bad apples in the bunch now and then, but on the whole they are a admirably honest and trustworthy group. I don't think nearly as highly of the computer security industry.

Here's why.

Put a stake in its heart

Remember Dan Geer, the widely respected security guru who used to be CTO at @Stake? He's been in the news again recently. The last time I saw that much news about Geer, it was when he was fired by @Stake after presenting an assessment critical of Microsoft and "monoculture."

@Stake, I presume, is proud of having maintained a good relationship with Microsoft by firing Geer for daring to speak the truth. The irony comes from the fact that the recent headlines concerning Geer -- about the MS Word vulnerability -- proved him to be dead-on in the report he was fired for delivering. Obviously, @Stake valued their relationship with Microsoft more than they did the security of their clients. Word up, as they say.

It's that very trait -- the need to lick Microsoft's boots to play in their ecosystem -- which accounts for a lot of the corruption, lies, deceit, false claims, false viruses, and false alarms which emanate regularly from this false security industry. But no need to dwell on @Stake being cherry red with embarrassment over being shown up as idiots and servile buffoons. There are plenty of other examples to talk about.

US-Cert: Count this way

Every year, US-Cert produces huge fireworks in the security trade press with their annual summary of misinformation about security flaws. The idiots in the press repeat the lie verbatim and the lie becomes real. What is the lie? That Unix/Linux is less secure than Windows. Granted, only the stupidest dolts in the universe -- and the trade press -- are going to buy that crap, but they put it out there anyway.

Here's the problem. The summary gives a total for flaws found in Windows and another total for flaws found in Unix and Linux. Last year, those totals were 812 for Windows and 2,312 for Unix/Linux. As usual, those two misleading numbers once again got trumpeted and cited as evidence that Windows is more secure than Unix or Linux on every Windows-leaning news site in the known universe.

Why is it misleading? Well, say that a vulnerability occurs in the Linux kernel. There are dozens Linux distributions, and when the vulnerability is found, eventually it will get patched in each and every one of them. Now, guess how many times it gets counted. That's right, not just once, but once for each distribution.

US-Cert knows about the problem of the super-inflated malware numbers in their summary, but they refuse to correct it or to comment on it. They also know that it misleads consumers and encourages them to stay on an inferior platform -- one which is infamous for its chronic malware infestations -- rather than switching to Mac OS X or Linux, both of which are more secure by design. Since they refuse to comment on the issue, the reason why they don't correct it is something probably known only to Homeland Security and their private sector partners in the US-Cert combine.

Apple OS X: Mea culpa

The SANS Institute, -- a name which sounds all officious and possibly not profit oriented, but which is owned by the mysterious but definitely for-profit Escal Institute of Technology -- recently did an unusual update to its Top 20 list of vulnerabilities.

They issued their "update" in order to trumpet the assertion that Apple OS X is now just as exposed and vulnerable to malware as Windows. The timing of the release of this unusual "update" is suspicious, coming as it did on the eve of the new advertising campaign by Apple which plays up the fact that Apple is pretty much immune to the types of malware infestations that plague Windows. Previous updates to this list have usually come in the fall: November, 2005; October, 2004; October, 2003; and October, 2002.

The SANS Institute announcement seemed to be designed to destroy -- or at least bring into question -- the idea that Apple OS X is more secure than Windows. In a document sent to members of the press prior to the teleconference, the SANS Institute wrote:

During the past few months, Apple Safari browser users faced their first zero-day attack. A zero-day attack is one that causes damage to users even before the vendor makes a patch available. In this case, Safari users who just browsed a malicious web site found their computers automatically downloading and executing a malicious file. The user made no error other than to visit the web site. Apple patched Safari to fix this flaw, but almost immediately had to issue a second patch to stop another attack involving email attachments. The experts involved in the 2006 Top 20 Spring update agree that OS/X still remains safer than Windows; but its reputation for offering a bullet-proof alternative to Windows is in tatters. As attackers are increasingly turning their attention to the platform, OS/X vulnerabilities are being discovered at a rapid pace, which could erode this safety in the future.

I covered the SANS teleconference event for NewsForge. Because of my recent experiences with a Kaspersky Lab disinformation campaign against Linux, my ears were tuned for false claims being made against Linux. But I didn't pay much attention to the fact that SANS was launching a similar attack against Apple. I am ashamed to say it, but just like all the other idiots in trade press, I simply reported what had been said. My apologies to all Apple users, and Apple. It won't happen again.

Imagine my surprise in the days that followed the teleconference as I read story after story by Mac-aware journalists and analysts which questioned or challenged the SANS Institute and similar findings by others in the malware business.

On May 9, The Mac Observer reported that Yankee Group analyst Andrew Jaquith accused McAfee of engaging in "scaremongering" in a report entitled "The New Apple of Malware's Eye: Is Mac OS X the Next Windows?" In Jaquith's view, McAfee was attempting to frighten Mac users into buying malware protection they just happen to sell.

Other Apple-related news sites picked up the theme as well, as one might expect. But what's this, a defense of Apple by BusinessWeek's Arik Hesseldahl? In response to The SANS Institute claim that Apple's security rep was now in tatters, he wrote on May 4:

Tatters? Well, let's look at the record. As you may remember from a few months ago, there were indeed not one but two Mac security teapot tempests. Astute readers of this column and its accompanying blog will remember that in March, there was the "hacked Mac Mini" contest (see BW Online, 3/08/06, "Apple Finding the Root of the Problem"). Entrants were challenged to find a way to upgrade limited-access privileges to those of someone with so-called root status, a position that would let them wreak pretty much untrammeled havoc on a computer. Someone pulled it off. Though the contest proved little, the misguided press still went a little nuts.

That observation about the "misguided press" points out the reason that malware vendors beat their drums so loudly and so often: the trade press blindly accepts whatever the security firms utter as being the gospel. I know, I know. Mea culpa, too.

Hesseldahl went on to write about an AP story which seems to have been the precipitating factor in The SANS Institute's decision to push its "Apple fatally flawed" rhetoric. He said: "The story coincided with the disclosure that six newly discovered so-called zero-day bugs targeting Mac OS X were found by Tom Ferris, a security researcher who publishes a blog concerning vulnerabilities he has found. Zero-days are exploits or vulnerabilities that cause damage in the wild before being disclosed to the vendors of the targeted software. While they were directed at the Mac operating system, there's no evidence these vulnerabilities have actually done any damage."

From Russia with malice

Kaspersky Lab, a Russian Internet security company which operates around the globe, including here in the USA, has been spreading FUD about malware targeting Linux for years. I've cited this example from 2001 before, but here it is again, and it still appears on their Web site. Hey, maybe the SANS Institute used it as a template for their anti-Apple effort. I quote:

Predictions regarding a world epidemic of Linux-viruses have come true in the first quarter of 2001. The latest incidents caused by the Ramen Internet-worm and its numerous modifications, as well as the multi-platform virus Pelf (Lindose) and other Linux-targeted malicious code, have proved that this operating system, (previously considered as the most protected software), has fallen victim to computer viruses.

After finding that page on the Web, and after watching Torvalds patch the Linux kernel so that some very old code that Kaspersky Lab was trying to pass off as a "new cross-platform virus" would run on the latest versions of the Linux kernel, I decided to keep an eye on other claims Kaspersky Lab was making about malware on Linux.

Figure 1
Figure 1: Alleged Linux viruses - 2005
Checking their Web site, I found a new report entitled 2005: *nix Malware Evolution and decided to take a look. A graph (see Figure 1) purporting to illustrate a dramatic increase in all types of malware for Linux between 2004 and 2005 showed an incredible -- literally -- jump from 4 to 91 Linux viruses.

I found that intriguing because I've been using Linux exclusively on the desktop since 1999, and reading and writing about it for longer than that, and I was completely unaware of _any_ Linux viruses beyond a few lame "proof of concept" samples, similar to the one previously mentioned that caused Torvalds to patch the kernel so that it could run correctly on the most recent versions of the kernel, which don't really do anything remarkable other than demonstrate the ability to run on both Windows and Linux. Yet Kaspersky was claiming that 87 new Linux viruses were discovered last year.

I asked Kaspersky Lab if they had any documentation to back up that claim. Jennifer Jewett, a public relations person representing Kaspersky, told me "the documentation sighting the viruses is included in the Encyclopedia on Kaspersky's Viruslist site: http://www.viruslist.com/en/viruses/encyclopedia."

I searched the encyclopedia for Linux viruses and came up with an astounding 972 hits. But just the barest hint of an analysis of those hits reveal that the number would break an industrial-strength bogusity-meter. A few low-lights of my analysis:

  • The first 256 items are completely undocumented.
  • Only 21 --less than 3% -- are described at all.
  • Of the 21 that are described, 2 are duplicates.
  • One of the 21 is a Windows virus, not Linux.
  • Almost all of the 21 are programs modifying files in accordance with standard *nix permissions.

I went back to Kaspersky and told them my results. Jewett then put me in touch with Kaspersky's Senior Technical Consultant, Shane Coursen. I repeated my request to Coursen for documentation on the 91 claimed viruses. He told me he would have to check with the report's author, Konstantin Sapronov, in Russia. A few days later I received a list containing the 91 alleged Linux viruses. The list contained nothing but the names, no documentation.

I checked the first one on the list. Naturally, there was no information about it in the Kaspersky encyclopedia, but it did suggest searching for it under other names from other vendors, so I did. That led me to this page on the McAfee site, where I learned that it had been discovered in 2003. Since McAfee didn't provide any further information on the virus, I kept looking. That's how I came across the Virus Pool Project. One thing there really caught my eye.

The site's reason for being is explained like this: "I always found virus names rather confusing. Mainly because there are so many of them for one and the same virus. By indexing them and making it possible to search them I hope people will be able to help others."

Perhaps confusion is why, of the 972 hits found in Kaspersky's encyclopedia, only 21 are documented. Out of curiosity, I decided to check the list of 91 names against the list of the 21 documented viruses in the encyclopedia.

I found a total of 10 matches from the list of 91. Remember, Kaspersky claims 87 of the viruses were found in 2005. Of the 10 that matched, two were found in 2000, four were discovered in 2001, three in 2002, and one in 2003. None of 87 alleged new Linux viruses are documented or substantiated by Kaspersky in any way whatsoever.

Coursen responded via email to my initial analysis of the list by saying:

1st) Other vendors' names are going to be different than Kaspersky names in most cases. The industry does its best to coordinate names, but as you can imagine, with the speed at which new viruses appear, it is a very difficult thing for us to accomplish in all cases. And unfortunately, even if you can find the same name between two different vendors it does not mean the description is discussing the same variant; sometimes the description doesn't even discuss a virus from the same family!

2nd) When McAfee adds a description on their site, it doesn't always match the date they added actual detection. As for Kaspersky, McAfee and others, descriptions usually appear well-after detection is added, if at all. (Which is why Kaspersky adds both dates to its descriptions -- when then detection is added and when the description is published.)

3rd) In the case you mention above, where McAfee added detection for something that looks to be the same virus back in 2003 -- well, that's a bit of an odd one, but very explainable: If #2 reason above doesn't explain it, then we can try this....(since it is more likely the case)

AV companies may add a record to detect a virus, but then receive a new variant of the same family some time later. In such a case it may be necessary to modify the existing detection signature. So, what you end up with is a signature that was added some time ago (could be years, even), but that was modified just recently. It is my guess that recently-updated signatures would probably show up in Konstanstin's stats.

After this story was submitted, and the week following another black-eye for Microsoft security in the form of malevolent macros in MS Word, Kaspersky Lab issued another headline-grabbing but bogus alert for a proof-of-concept of the same type of attack on MS Word's largest competitor, OpenOffice.org. Was the timing once more just a coincidence? I don't think so.

But all I am sure of is this: Kaspersky Lab is making claims about malware and Linux which they cannot substantiate. Period. They did it in 2001 and they are doing it again now. They were asked for documentation on the alleged viruses and they delivered nothing at all. Another thing I am sure of is that they aren't the only ones doing it, and Linux is not the only victim of their crimes.

Why they do it

The answer, of course, is money. Security firms look on more secure alternatives to Windows as a threat to their bottom line. It is in their best interest to slow down the migration of users from Windows to any alternative platform, simply because any alternative platform is going to a better job of providing security than Microsoft has done, or seems capable of doing.

If they can't stop the attrition, and the growth of the Apple and Linux markets are showing that they can't, they can also try to position themselves to be in the new markets, even if they are not as lucrative for them as the Windows culture. So by inventing and/or exaggerating threats to the alternatives, they can slow down their growth and try to establish some cred in them at the same time.

Conclusion

The Windows economy is a tough arena to play in. You have to keep Mister Gates happy to survive, and even then, there isn't any guarantee that your niche in the market won't be gobbled up by the next release of Windows. Of course, sometimes the little fish try to bite back. That is what Symantec is trying to do now to prevent Vista swallowing them whole.

It may be that if you do business with Microsoft on a regular basis, you get used to working in an ethics-free environment, and you begin to practice the same black business arts as the master. Whatever the cause, what I see happening in the malware business today reflects Microsoft's own ethics-free practices. I'm not convinced there is an honest firm in the whole mess. So in my humble opinion, the answer to the question, "can the malware industry be trusted?" is a resounding "No!" What do you think?

Share    Print    Comments   

Comments

on Can the malware industry be trusted?

Note: Comments are owned by the poster. We are not responsible for their content.

well ...

Posted by: Anonymous Coward on June 08, 2006 04:31 AM
A PC with its electricity bill paid and its Internet bill paid is a 'resource'. It will be used; either by the bill payer or by someone else.
Our ability to write software is far in advance of our ability to understand what it does; so it's not really surprising that we sometimes get 'emergent' behaviour.
Currently Windows is worst affected; but other kinds of PCs can in principle be affected too.

#

Re:well ...

Posted by: Anonymous Coward on June 08, 2006 04:35 AM
Say what? Do you have a point beyond "all operating systems are vulnerable"? Which is an imprecise and useless thing to say, as it implies all are equally weak, when they're not.

#

shoo, we already knew all this

Posted by: Anonymous Coward on June 08, 2006 04:40 AM
Thank you for documenting it. It's always good to have actual evidence.

Now for the bigger question that's been bugging me since Sony's rootkit shenanigans- can we trust the security vendors to protect use from their corporate buddies? Remember, F-Prot sat on the information for 30 days while they "negotiated" with Sony. Hey, that's cool, negotiate with a malware distributor! Thanks F-Prot!

And don't forget it was Mark Russinovich who broke the story, not F-Prot, even though F-Prot congratulated themselves loudly for their boldness and fearless defense of truth and justice.

As far as I'm concerned they're all suspect.

--
Carla Schroder

#

Re:shoo, we already knew all this

Posted by: Anonymous Coward on June 08, 2006 05:55 AM
Agreed.

The fact is, we can't trust ANY of those security companies. Their objective is "money for security".

When you threaten their income, they will lie and cheat in an attempt to stop you. This is what they call "business".

I call it "self denial".

#

aargg it's F-Secure!!

Posted by: Anonymous Coward on June 08, 2006 07:40 AM
Not F-Prot. Sorry F-Prot.

--
Carla Schroder

#

is this rhetorical?

Posted by: Anonymous Coward on June 08, 2006 06:48 AM
you honestly didn't ask if the malware vendors could be trusted? By definition no..
Who can be trusted? People who don't have a financial stake in it. Obviously these security companies, or at least some of them can't be trusted. Perhaps you should be reporting your findings to a place interested in doing real news and getting them to expose this.

#

Re:is this rhetorical?

Posted by: sakshale on June 09, 2006 03:24 AM
I am definately disappointed with the comments about the SANS Institute. The original founders were people of integrity, attempting to setup something that reflected their integrity. When did things change?

#

Cyberstorm...

Posted by: Anonymous Coward on June 08, 2006 08:16 AM
It is when these companies work with the Department of Homeland Security that you have to wonder. Earlier this year during the Cyberstorm exercise the BlackMale virus was doing the rounds - complete with 'sky falling in' psychological payload. The virus did not infect<nobr> <wbr></nobr>.mil and<nobr> <wbr></nobr>.gov, and all the virus majors were in on the 'exercise'.
Now where did that 2.5Tb ramdisk go?

#

Not for long...

Posted by: Anonymous Coward on June 08, 2006 11:40 AM
If they keep fighting over slices of the Windows pie, these vendors <a href="http://www.theregister.co.uk/2006/05/31/onecare_microsoft_launch/" title="theregister.co.uk">aren't going to have a business</a theregister.co.uk> pretty soon.

Vance

#

only fools

Posted by: Hillbilly on June 08, 2006 06:17 PM
the wintel system of computing with all the malware and anti-malware, viruses & anti-viruses && etc is a racket and anyone that does not see it that way deserves to be suckered by the crooks that pander to such a crowd...

#

Uh...

Posted by: Anonymous Coward on June 08, 2006 10:31 PM
Norton is not a separate company, it's a Symantec brand...

#

Re:Uh...

Posted by: Joe Barr on June 08, 2006 10:53 PM

My mistake, sorry.

#

Right on, brother!

Posted by: Anonymous Coward on June 08, 2006 10:49 PM
There was a day, way back in the *early* 1990's, when McAfee was what I would've called "trustworthy". That day is long, long gone, and that goes for all of the "protection" sellers. "Gee, nice computer you've got there, it'd be a shame if we rooted it^H^H^H^H^H^H^H^H^H^H^H^Hit somehow got compromised...."

I've been using Free Software platforms, specifically GNU/Linux, since 1999 and OpenBSD since 2000. I've been rooted exactly once in that time (July 2000), and it was my own damned fault for not updating my SSH version (1.2.26). I have not repeated that stupid mistake since. Actually, that episode was my motivation to start also using OpenBSD.

My logs show attack after attack against my email and DNS servers. It tends to range between 50,000 and 100,000 attacks of various types every single day. All are repelled.

I have been "Windows Free Since 2003", and I intend to stay that way. Windows--any version--is insecure by design. Security through obscurity does not work.

Thank you, RMS. Thank you, Linus. Thank you, Theo.

#

This isn't just an OSX and *Nix problem...

Posted by: Anonymous Coward on June 09, 2006 01:09 AM
I think it's important to note that the corruption you point out isn't just affecting OSX and *nix users, it also affects Windows users as well, and has been for years. Granted, there are WAY more actual security flaws in Windows than should be, but the same FUD applies. These businesses make the bulk of their money on the subscription service. They churn out updates on an almost daily basis, and threaten you with vulnerability if you don't renew the suscription. They embed with almost any system you can buy, and immediately subscription notices start poking up. Then, if you uninstall their app and choose to go with a free one, Windows will likely not recognize it as an anti-whatever app, and continually flag you for it. So, what is my 74 yo father-in-law going to do? He's going to continue to shell out for the subscription, providing himself with a false sense of security and providing the security companies the reason for their business model.

#

Re:This isn't just an OSX and *Nix problem...

Posted by: Anonymous Coward on June 09, 2006 02:52 AM
If this were slashdot, I might say 'mod parent up'. Mr. Barr, I am a Linux (and somewhat FreeBSD) user and intensely dislike Microsoft. However, there is a polarity - a factional fighting - between OSS and MS. Since you are talking about the (actually rather obvious but usually unstated) conflict of interest in for-profit 'security' firms that *require* insecurity to exist, MS is not even really relevant to this. If MS was a bunch of incompetent angels, who allowed this culture to take root due to their crappy products, but were doing everything in their power to fix it and never abusing their monopoly and certainly not coercing folks - well, I feel confident these 'security' firms would be engaging in virtually the exact same practices they are now, anyway. Try and retain some credibility with both the MS and OSS camps by not putting such florid rhetoric as

"It may be that if you do business with Microsoft on a regular basis, you get used to working in an ethics-free environment, and you begin to practice the same black business arts as the master."

in your insecurity articles, please, because this is an issue that *far* transcends choice of OS. (I don't deny MS makes it worse; I'm just saying it's not useful in this case to dwell on it.)

#

Did you ask SANS?

Posted by: Anonymous Coward on June 09, 2006 02:25 AM
I see no indication that you contacted SANS to find out their reasoning for the release. I also don't see any indication that you're familiar with the quality security training they provide (yes, sell). Among security administrators, SANS is famous for providing excellent hands-on, technical training that people can actually use to secure networks - without FUD.

Many of their instructors use OS X laptops. If anything, their bias is towards free Unix/Linux options rather than in favor of or against any vendor (though, to be honest, they do sometimes have a Microsoft-bashing problem).

I would encourage you to subscribe to SANS NewsBytes, a bi-weekly security news journal in which they summarize current news items. They have a panel of experts who provide comments, and in some cases have printed conflicting comments from two experts. I think it's an excellent example of the fair and informative resource that SANS can be.

In the interests of full disclosure, I'm in a position to be biased: I'm a past SANS student and holder of 4 GIAC (the SANS certification arm) certs, member of the student Advisory Board, and have done work in various part-time odd-job roles for SANS over the last 5 years. Having worked with them in so many capacities, though, I have to disagree with your view of them as fear-mongering Microsoft tools. It just isn't so.

Greg Owen
GCFA, GCIA, GCIH, GCWN

#

linux malware

Posted by: Frank Grimes on June 09, 2006 02:27 AM
I got a linux malware infestation once.

Back in 2000. It was a worm that attacked my unpatched copy of ftpd.

Now linux distrobutions are a lot more secure. And I don't use ftpd any more. I havn't had a problem since then.

#

Great job

Posted by: tsstahl on June 09, 2006 02:29 AM
Nice investigative work and well presented.

#

Biased

Posted by: Anonymous Coward on June 09, 2006 03:41 AM
Disclaimer: I am a microsoft MVP (security)
I hope that I am neutral, but that is for you to judge.

With that said, I cannot put faith in your article simply for the fanboyish tone that you use.

"What is the lie? That Unix/Linux is less secure than Windows. Granted, only the stupidest dolts in the universe -- and the trade press -- are going to buy that crap, but they put it out there anyway."

I will admit right now: I have no idea which os is "better" and I would suspect that each deos different things better. Regardless, you have already set the tone for your entire slanted article that linux is better. Which it may be, but you insist on slamming everyone without proof.

"Because of my recent experiences with a Kaspersky Lab disinformation campaign against Linux, my ears were tuned for false claims being made against Linux."

Perhaps you should read up on the <a href="http://en.wikipedia.org/wiki/Confirmation_bias" title="wikipedia.org">http://en.wikipedia.org/wiki/Confirmation_bias</a wikipedia.org> confirmation bias.

"The SANS Institute announcement seemed to be designed to destroy -- or at least bring into question -- the idea that Apple OS X is more secure than Windows"

I agree that mac is not fatally flawed. However, you have to agree that the recent exploits were definately a change in the status quo, and thus generated a lot of attention. After reading the article:
Rapid growth in critical vulnerabilities being discovered in Mac OS/X including a zero-day vulnerability (OS/X still remains safer than Windows, but its reputation for offering a bullet-proof alternative to Windows is in tatters.)
Tatters is quite the strong language, however, it is in reference to "bulletproof". Now, I don't know about you, but bullet prrof has the connotation of being invincible to me. The recent ekploits show this is not true for macs. That is to be expected. There is no such thing as a 100% safe application/OS.

That same article states:
Continuing discovery of multiple zero-day vulnerabilities in Internet Explorer.

And yet you fail to mention that part. Looks like everyone is getting their fair share in that release.

Where does that article ever claim, or even hint that osX is less secure than windows?

On the other hand, I fully agree that the mcaffe article is crap. That is certainly biased.

By the way, you mentioned "fatally flawed" That is not mentioned in the sans article anywhere. Please explain.

As per kasparsky, have you noticed that a LOT of orticles have no description, not just linux ones?

Looking at sophos (which I personally trust)
<a href="http://www.sophos.com/security/analyses/search-results/?search=linux&search_type=virus_search&action=search&submit.x=49&submit.y=9" title="sophos.com">http://www.sophos.com/security/analyses/search-re<nobr>s<wbr></nobr> ults/?search=linux&search_type=virus_search&actio<nobr>n<wbr></nobr> =search&submit.x=49&submit.y=9</a sophos.com>

There are definately linux virii out there.

"Kaspersky Lab issued another headline-grabbing but bogus alert for a proof-of-concept of the same type of attack on MS Word's largest competitor, OpenOffice.org. Was the timing once more just a coincidence? I don't think so. "

You are honestly serious? That is quite a claim. Do you have any more proof than just one coincidence?

"The answer, of course, is money. Security firms look on more secure alternatives to Windows as a threat to their bottom line. It is in their best interest to slow down the migration of users from Windows to any alternative platform, simply because any alternative platform is going to a better job of providing security than Microsoft has done, or seems capable of doing."

Do you remember the virus trends in the 80's when *nix was popular?
Windows is simply the most pre-eminent, and thus the most targeted.

I am not trying to defend windows. It may appear so because you have only given part of the information.

wng

#

speaking of fanboys...

Posted by: Anonymous Coward on June 09, 2006 03:54 AM
...nice try, but your fact-less troll is hardly even entertaining, let alone persuasive.

#

Re:Biased

Posted by: WarPengi on June 09, 2006 06:05 PM
"There are definately linux virii out there."

I keep hearing this assertion and have yet to hear of any infections in the wild. Keep the faith, though and one day maybe your dreams will come true.

"Windows is simply the most pre-eminent, and thus the most targeted."

I don't suppose that could have anything to do with the ease which MS can be infected. Naw, couldn't be. If ignorance is bliss you must be one happy dude.

#

Re:Biased

Posted by: Anonymous Coward on June 09, 2006 08:46 PM
"Looking at sophos (which I personally trust)
<a href="http://www.sophos.com/security/analyses/search-res" title="sophos.com">http://www.sophos.com/security/analyses/search-re<nobr>s<wbr></nobr> </a sophos.com> ults/?search=linux&search_type=virus_search&actio<nobr>n<wbr></nobr> =search&submit.x=49&submit.y=9 [sophos.com]

There are definately linux virii out there."

I have looked at sophos. I was found 2 real exploits used by viruses for Linux. One in the openSSL layer and the other in XML-RPC for PHP. The first was found in 2002, the second at the and of 2005. Both in external, not "linux only", programs... In any way their rights on the system are limited to apache user. So I don't think that they can be named "Linux viruses", but rather Apache server or PHP viruses.

#

Re:Biased

Posted by: Anonymous Coward on June 10, 2006 04:19 AM
To be fair, if you're going to separate Apache and PHP from Linux, then you should also separate Office and IIS (IE itself is debateable) from Windows itself.

Either the virus attacks the OS, or major applications running on the OS, keep the comparisons equal<nobr> <wbr></nobr>;-)

#

Re:Biased

Posted by: Anonymous Coward on June 16, 2006 05:31 PM
Almost true, but when a virus attacks an application on Linux, he can harm only this application (or user in case of Office). While on Windows he usally have total system control.

#

Re:Biased

Posted by: Anonymous Coward on June 10, 2006 04:15 AM
"Do you remember the virus trends in the 80's when *nix was popular?"

Oh yeah! I remember. Those were the glorious times, at the end of the decade we got our fist taste of DOS viruses. There were no *nix viruses during the 80-s because it was, and still is, very difficult to write one for all the different hardware *nix runs on and few people actually had access to such hardware to test their stuff in the first place. There were other threats though. All it took to give *nix developers a wake up call to think more seriously about security was "one little lousy worm". How many worms does it take until Microsoft finally gets it?
So please, spare me the lectures about "great *nix viruses that roared the world in the 80-s when *nix was popular". Those things belong into the fantasy world along with the santa claus and cinderella.

#

It's not Area51

Posted by: Anonymous Coward on June 09, 2006 10:45 PM
At the root of AV company cultures is not the desire to have so much money that you have to hire someone to count it for you (alright, no more than in most software companies:), it's a real desire to make sure that people are protected from viruses. AV companies are full of people working above and beyond the call of duty to try and make sure that their customers are protected.
It would be lovely to think that free Av software comes up to the same standard as subscription based AV software but that simply isn't the case. Maybe it will be someday but not at the moment.
Unless you've actually seen a virus analyst spend 20 hours straight decoding the mother of all new viruses or a tech support person man the phones for 30 hours straight in the middle of a virus outbreak then I can understand that it's easy to view AV companies as simply being money making machines.

The root of your argument seems to be that all AV software companies cosy up to Microsoft since this is where the money is.
To be honest AV companies are perfectly happy for people to start using other OSes. From a financial point of view it makes very little difference to them, the reason being that if you run a corporate network you really aren't going to leave computers unprotected anymore. You simply can't take the risk.
Too many sysadmins over the years have been burnt by taking security lightly and it's now an accepted norm for all desktops and servers, regardless of OS, to run AV software if they possibly can. From a rather cynical point of view at the very least it's so that if the worst does happen the sysadmin/network admin (or whoever) can turn around and say "Look, I took all reasonable measures to protect the company, Now let's stop pointing fingers and figure out how to patch this hole".
Rather like OS vendors now I come to think of it...
If you were in charge of a company network, running *nix desktops throughout, would you really not have the desktops running AV software? And even if you were happy with this would your management be happy with that situation?

The real difference in the MS/OSS argument is more to do with the users than the OSes. Get more people using a *nix platform running as Root without patching for vulnerabilities, clicking on every program that pops up and says 'Run Me' just because it says so, and you'll end up with the same situation as MS Windows - a vast, ill-educated base of users that are ripe for exploitation by teenage vandals and fiscally-driven 'businessmen' alike.

#

Re:It's not Area51

Posted by: Joe Barr on June 10, 2006 01:19 AM
At the root of AV company cultures is not the desire to have so much money that you have to hire someone to count it for you (alright, no more than in most software companies:), it's a real desire to make sure that people are protected from viruses. AV companies are full of people working above and beyond the call of duty to try and make sure that their customers are protected.
It would be lovely to think that free Av software comes up to the same standard as subscription based AV software but that simply isn't the case. Maybe it will be someday but not at the moment.
Unless you've actually seen a virus analyst spend 20 hours straight decoding the mother of all new viruses or a tech support person man the phones for 30 hours straight in the middle of a virus outbreak then I can understand that it's easy to view AV companies as simply being money making machines.


You are describing a chronic, Windows only -- with the rarest of exceptions -- situation. My complaints about the AV industry are the lies they propagate about the same things happening to Apple and Linux users.


There are security concerns in all operating systems, no doubt about it. But it's a far cry from the pathetic design and implementation of Windows, which invites infestation as is demonstrated day in and day out, for long, long years, to Unix.

#

Re:It's not Area51

Posted by: Anonymous Coward on June 10, 2006 04:37 AM
"Too many sysadmins over the years have been burnt by taking security lightly and it's now an accepted norm for all desktops and servers, regardless of OS, to run AV software if they possibly can."

Bite me! I have a friend that runs a school network. They have a few classrooms of Windoze workstations along with others and guess what?
None of those machines run any AV software whatsoever. And he never needs to clean any of them. Why? Dead simple: When the operators turn on the machines in the morning, all of them will reload their entire OS over ther network from a ghost image. With multicast it takes about 5 minutes for the entire classroom. Huge cost savings!

"Get more people using a *nix platform running as Root without patching for vulnerabilities, clicking on every program that pops up and says 'Run Me' just because it says so, and you'll end up with the same situation as MS Windows - a vast, ill-educated base of users that are ripe for exploitation by teenage vandals and fiscally-driven 'businessmen' alike."

Yeah, sure! Only Lindows folks will ever seriously consider giving regular users root access. Ignorance of the principle of the least privilege is one of the root causes Windows is so insecure.

#

To contribute less toward noise about security ...

Posted by: Anonymous Coward on June 14, 2006 02:22 PM
you-all could try AVG, which is free for home use.

#

This story has been archived. Comments can no longer be posted.



 
Tableless layout Validate XHTML 1.0 Strict Validate CSS Powered by Xaraya