advertisement

Weblog:   Linux Users: Welcome to the World of Malware
Subject:   Not Quite
Date:   2004-10-27 15:16:03
From:   bairdcarr1
I'm sorry, but attacks like this are just not going to work very well. Most Linux users are not going to be installing software like this at all. I feel like I am already spoiled by the ease with which I can install software or updates. So if I am the average Linux user, I wait for my distro to release updates, and with one click or one command all software updates or security releases are downloaded and installed automatically. This is the future of Linux, and the one reason why no other OS can compete. There is just more available for Linux, and it's easier to install. Your thinking just has to change from what you could purchase or pirate under windows to what you can apt-get under Linux.



Now... The vulnerability inherent in this whole thing is the update sites and mirrors. With any apt or urpmi system you can add your own sources, without any verification that the files on the source have not been tampered with. At least none that the average user is going to bother with.





This is also part of the reason why there will NEVER be the security problems under Linux that there ARE under Windows. There are almost 400 distros of Linux, each doing things either slightly different or drastically different. There are hundreds and thousands of mirror sites for downloads of software or distros. I have 3 different Linux distros running at home. The systems that DO have the same distros are not the same, even if they have the same software installed. The versions are different among other things.





Microsoft is a huge, single, nearly stationary target. Linux will be a huge, fast-moving herd, with thousands of targets in all shapes and sizes. One shot will not take down the whole herd. It will barely register in the whole scheme of things.
Main Topics Oldest First

Showing messages 1 through 1 of 1.

  • Not Quite
    2004-10-28 01:47:18  jwenting [Reply | View]

    Completely bogus arguments as usual from the linux priests :)

    The 400 (I think it's closer to 4000, but say 400 major ones (right...)) distributions is in fact a major weakness as they divide the codebase and make fixing holes (and there are aplenty) almost impossible.
    You'd have to fix the hole in 400 separate copies of the codebase, something version control was designed to prevent the need for but which linux groups seem to have abandoned...

    And while you might be relatively safe from this type of malware attack (I don't think you are, most of you think you're so safe that you implicitly trust anything coming from someone claiming to be an authority...) you're still wide open to fishing scams which you by proxy claim to be invulnerable to.

    As to waiting for updates to be released, this email claimed to be an update from Redhat and therefore exactly the stuff you claim to be waiting for :)
    Most Windows users will not trust such messages, instead relying on Windows Update (a mechanism still unheard of for many linux distros).
Showing messages 1 through 1 of 1.