[NTLUG:Discuss] Anti-linux bias in the media

Steve Baker sjbaker1 at airmail.net
Fri Feb 13 01:01:46 CST 2004 

I agree that Linux isn't inherently bullet-proof against viruses,
but there are many more reasons we are not likely to be hit:

1) Fewer Linux users - therefore fewer potential virus writers.

2) No Linux virus writers kits circulating amongst the bad guys, so
    whoever started one would have to write it from scratch.  I'm told
    that Windows viruses can be created with a few mouse clicks if you
    know where to download the tools.

3) No universal scripting language that can be attached to a common
    document format - so no 'Script Kiddies'.

4) Variety.  Whilst it might be possible two write a virus that would
    infect (say) a 2.4 kernel in a x86 Debian system, that virus might not
    also be able to infect (say) a RedHat system with a 2.2 kernel and certainly
    wouldn't infect a Linux system running on a PPC computer.  So whilst
    you might infect your first victim, the odds of that person having a
    friend with the same exact Linux configuration in their address book is slim.

5) Frequency.  If you fire off an email to someone at random in your address
    book, the odds that you'll hit a Win98/ME/NT/2000/XP machine are VERY high.
    The odds that you'll hit another Linux machine is smaller.  So even a
    virus that could spread would do so extremely slowly giving people plenty
    of time to react.

6) Newsworthyness.  News of a new Windows virus elicits a big yawn from everyone
    until it has spread far enough to be a real danger.   If/when a Linux virus
    ever appears 'in the wild', it would be all over the presses and a very large
    percentage of Linux users would find out about it (and presumably fix the
    underlying problem) before the virus could reach global pandemic proportions.

7) Wide variety of mailer clients.  Most Windows users use Outlook for their
    email.  Within the Linux community there has to be a dozen or more mailers
    in common use.  This just adds to the problems a virus has in doing something
    as simple as finding your address book.

8) Lack of root access.  As has been mentioned - very few Linux users read their
    mail whilst logged in as root.

9) The execute bit.   In Windows, all that distinguishes an executable from a
    photo, movie or document is it's filename extension....in fact since some
    photo's, movies, etc come as 'self-extracting-binaries' - even that flimsy
    level of protection is gone.   In Linux, the execute bit has to be set - and
    it would take a very deliberate (and very stupid) act for an application writer
    to make that happen.

10) Ease of use versus security is a trade-off.   In the Windows world, there is now
    almost an expectation of problems with security - it's not really seen as a totally
    taboo matter for an application to gaily take "data" and treat it as "code".  Since
    the system leaks like a sieve anyway - what difference does it make if some really
    useful thing causes another chink in the armor.   In the Linux world, I think we all
    value our prized immunity from pesky virii - and I'm pretty sure we're all happy
    NOT to have the slight convenience of auto-running scripts attached to every document
    in exchange for the safety we currently enjoy.

11) Swiftness of action.  When a security exploit is found in some part of Linux, it's
    typically fixed within hours or at most a day or so.  We just heard of another major
    Windows security issue that Microsoft found out about SIX MONTHS AGO - and only just
    released a patch.

12) Scale of patching.  One big problem with the Microsoft approach is that in order for
    John Q Public to fix a security hole, he has to load a new 'kit' - comprising hundreds
    of changes - some of which may be destructive to an otherwise working system.  This can
    make people reluctant to install the latest bug fix.  OTOH, Linux allows you to take
    the literal 10 line change it may take to fix a loophole and install just exactly that
    with essentially zero chance of wrecking your system in the process.

13) Integration of Kernel and Utilities.  Microsoft have said on several occasions during
    the anti-trust lawsuits that it isn't easy for them to unbundle things like Internet
    Explorer from the kernel.  It's pretty much true to say that the kernel, the windowing
    system and the browser are all part and parcel of one massive monolithic binary.  Hence,
    if you break the security of the browser, the kernel is ripe for plucking.  In Linux, the
    kernel is completely and utterly separate from the X-server - which is separate from the
    applications.  Breaking into an application doesn't mean you can delve into the kernel.

14) Skill level of Users.  The advice given to almost all computer-illiterates when starting
    to use a computer is: "Don't use Linux - you have to be good with computers to understand it".
    Whilst that is decreasingly true, it's a common mantra. Hence all the uneducated users
    (who might be prone to click on attachments and engage in other potentially dangerous
    behaviours) are Windows users - and almost all Linux users are reasonably expert.  This
    behavioral aspect of our demographic would sharply limit the ability of a virus to spread.

15) If a virus ever did get loose and cause big trouble, the odds are that it would only
    affect one particular mail client.   This wouldn't be a "Linux" virus - it would be a
    "Mozilla" virus or a "Pine" virus.   Whilst it's hard to switch from one operating system
    to another just because the one you are using tends to be infected easily, the existance
    of a family of virii that hit a particular mail client would simply cause people to switch
    to a different mailer - it's not that big of a deal.


There is no one of these things that would prevent virii from becoming a problem - but taken
together, it's really hard to see how we could be in trouble even if Linux's market share
were ever to exceed that of Windows.

---------------------------- Steve Baker -------------------------
HomeEmail: <sjbaker1 at airmail.net>    WorkEmail: <sjbaker at link.com>
HomePage : http://www.sjbaker.org
Projects : http://plib.sf.net    http://tuxaqfh.sf.net
            http://tuxkart.sf.net http://prettypoly.sf.net
-----BEGIN GEEK CODE BLOCK-----
GCS d-- s:+ a+ C++++$ UL+++$ P--- L++++$ E--- W+++ N o+ K? w--- !O M-
V-- PS++ PE- Y-- PGP-- t+ 5 X R+++ tv b++ DI++ D G+ e++ h--(-) r+++ y++++
-----END GEEK CODE BLOCK-----

More information about the Discuss mailing list