Re: What protects Unices from Virus like attacks ??

From: Gianni Mariani (gi2nospam_at_mariani.ws)
Date: 08/24/03 

Date: 24 Aug 2003 20:07:17 GMT

qazmlp wrote:
> Windows machines very often have virus/worm attacks. I am wondering
> what protects all Unix machines from such similar problems.
>
> Thanks!

If a vulnerability is found for Unixen, the same problems could happen
(and they have in the past).

Microsoft, ignored (I think with extreme negligence) many of those
lessons. I met security engineers that were aghast at some of the
"features" (read vulnerabilities) that Microsoft was placing in their
products with arrogance when it started coming out with them. Many
predicted this scenario and Microsoft completly ignored it.

Unfortunately, Microsoft is learning the hard way about security and
their customers are paying the cost. I'm surprised that a class action
over this has yet to happen.

I'm not an MS basher. I don't think that they're all evil. Some of my
bestest friends are *softies and even they shake their heads on this one.

However, unicies have some protections which Windows systems do not.

a) Root privledges are unusual - a virus can't usually go messing with
system libraries when a user loads malicious code.

b) Unicies have been around longer. Unix developers are just more
mature as to dealing with vulnerabilities.

c) Listening on ports (1-1023) requires root provledges. Any user can
open up a web server on port 80.

d) Attachments to emails don't "just run" native code.

e) The Unix protocols used are simple and it is difficult to do things
like the blaster worm (not necessarily impossible).

The reason why MS products are hit so hard is that they are both
prolific and low hanging fruit. Many MS customers don't know what to do
to keep their equipment safe. I've been hacked twice, both times I
figured it out within minutes of the attack and immediatly removed the
machine from the net. First time was due to ignorance ( and I had
plenty of warning ) and the second time was an error I made (laziness)
when I patched the vulnerability. Both of these exploits could have
been used to create a nasty worm.

The other thing that makes it more difficult for exploits against
unicies is that each setup can vary widely. For example, the last hack
I described, the hacker attempted to change my web page only he changed
the wrong file altogether. So pissed he was that he deleted all the
email on the server ... very annoying but he inadvertently left his
tools behind which showd me just how they operate. Nasty stuff.

So, unicies are not immune, it's just that MS has been so dumb on the
security issue at huge risk of burden to their customers. I have no
doubt that the MS engineers knew all along that this could happen but
the ability to market a whiz bang product and capture market share was
much more important than the potential costs to their customers.

... And they ain't seen nothin yet.

On the positive, Microsoft is trying hard to close the barn door, even
though the herd has already bolted.

See:
http://www.crn.com/sections/BreakingNews/dailyarchives.asp?ArticleID=43944

The company has put in some security experts as gate-keepers to projects
and priorities have been set.

Many MS customers are just so annoyed that I think they are in desperate
search of alternatives.

... I have no idea what I wrote such a rant. I must be bored.

Relevant Pages

  • Re: What protects Unices from Virus like attacks ??
    ... > what protects all Unix machines from such similar problems. ... Microsoft, ignored many of those ... Many MS customers don't know what to do ...
    (comp.unix.programmer)
  • Re: VFP 9 on Windows 98 SE
    ... And even those customers are wising up. ... that Microsoft still burns, ships, and sells all of its OSes except, I ... market is getting more conservative. ... The number of machines with 7-8 year old Windows versions gets ...
    (microsoft.public.fox.programmer.exchange)
  • Re: 1and1.com Host discontinuing FPSEs 3 day notice
    ... UNIX servers. ... The FrontPage Server Extensions for UNIX were discontinued ... for either company or their customers. ... Microsoft to get more information. ...
    (microsoft.public.frontpage.extensions.windowsnt)
  • Re: What is the maximal length of usernames on Solaris?
    ... As I said I was trying to preach the merits of UNIX ... Sounds like Microsoft was giving customer what they wanted. ... Microsoft gave customers what they want. ... >But I promised myself that I wouldn't add to this debate anymore, ...
    (comp.sys.sun.admin)
  • Microsoft Hatred FAQ
    ... Microsoft have remote effect on your personal well-being, ... Netscape can give away Operating ... popularity, ... The unix idiots cannot see that their fantastically stupid ...
    (comp.os.linux.misc)