Re: What protects Unices from Virus like attacks ??

From: Al Dykes (adykes_at_panix.com)
Date: 08/24/03 

Date: 24 Aug 2003 15:01:53 -0400

In article <bib0e3$j2u$1@newsmaster.cc.columbia.edu>,
Oleg Trott <oleg_trott@columbia.edu> wrote:
>qazmlp wrote:
>
>> Windows machines very often have virus/worm attacks. I am wondering
>> what protects all Unix machines from such similar problems.
>
>1. Binary heterogeneity (x86 Linux, OS X, BSD, IRIX, Solaris, etc.)
>2. System modularity (few run mail clients as root)
>3. Kernel quality
>4. Lower popularity (especially among careless users)
>5. Higher focus on security by individual programs (compare Kmail & OE)
>
>--
>Oleg Trott <oleg_trott@columbia.edu>

As a gross generalization,

Many of the things hackers attack in MS systems are architectural (ie
a "feature") like activeX, hidden filetypes, and the ability to run
arbitrary programs from with a browser context. These can be turned
off but that prevents something else from working the way Billy wants
it to. These openings are either difficult or impossible to fix.

In Unix most of the amateur attacks exploit coding bugs (like buffer
overruns) or files/directories that should be read-only that are
writable. Non of these are architectural. Code can be fixed and
protections can be corrected. it's just a small matter of getting
someone to do it. There are are more sophisticated attacks
but we don't hear about them as much.

The fact that in the MS world just about everyone runs as root is a
problem, but I'm afraid that more home Linux users are doing the same,
making themselves very vulnurable to exploits.

Getting users to apply patches and updates is a real problem, to
both user communities.

Hacks of large commercial systems (like Credit card systems) are generally
not-technical like finding passwords in the trash and are inside jobs.

(ducking and putting asbestos longjohns on ) 

-- 
Al Dykes
-----------
adykes@panix.com