|
|
Warp wrote:
> I don't know. I haven't been reading such reports lately.
Same here.
> One would think,
> though, that new OS = new bugs (unless Vista isn't really "new").
Well, it's not really new. It's built on NT, 2000, 2003, etc. And it has a
whole bunch of new security stuff added (Defender, UAC, secure desktops (or
whatever they call the thing that prevents the shatter attack), etc)
I'd have to start taking the SANS stuff out of the junk folder, but my
memory is that most of the attacks are against web-based services, with very
rare root-access on either OS, most of which are privilege escalation. Maybe
one every week or two even attacks on either kernel from outside.
> But I still think it's fair to say that Linux is safer than Windows. Why?
I agree. It used to be Windows had about 2x the code and 2x the attacks found.
> For the simple reason that Linux is not such a popular *target* for attacks
> and malware as Windows is.
Yeah. UNIX had way, way more exploits back before Windows was a popular
internet presence. Every week there would be reports of credit card lists
being stolen from ISPs, viruses attacking sendmail, etc. Then it was
Netscape's servers. *Then* it was Windows, around the '98 timeframe.
And before that, floppy boot-sector viruses ran rampant amongst
microcomputer OSes, but I never heard of any of those being done for money.
> email virii
I saw a great rant from someone who actually knows Latin about "virii".
"Virii" is apparently the plural of some completely unrelated latin word,
like "voice" or "people" or something. "Virus" is apparently already a mass
noun not unlike "stuff".
> I bet it's well over half of them for the simple reason that
> Windows is way more widespread than Linux.
I think it's three things. 1 - There's more Windows desktops. 2 - People
with Linux desktops tend to be more clued and/or have someone administering
them that is clued. 3 - I suspect that most Linux machines are actually
servers that are quite locked down and rarely doing anything not
specifically planned.
I've run Windows servers whose only job was running the database, or answers
calls from credit card terminals, or etc, and it was trivial to lock them
down enough that you didn't have to worry much about exploits. It's when you
actually put someone in front of the keyboard who will surf web pages, run
stuff people email to them, and so on, that you get lots of infections.
Of course there are some break-ins, but I understand that most of them are
patched before they're actually exploited, and it's the people who didn't
patch that are the problem.
> (The only place where other
> systems might rival Windows as a target of crackers is in the web servers
> and other such servers, because there other systems are more popular than
> in desktop computers.)
That, and web servers have value in and of themselves. You can either
disrupt a rival, steal credit cards, etc. Hacking an individual desktop
machine only gives you what's on that machine (i.e., one person's financial
data) or one node of a bot-net.
> However, usually these cases are direct
> attacks by individual hackers, rather than being a massive attack by a
> self-spreading program.
Now, yes. It used to be way more common for even proprietary UNIXes to get
hit by viruses and worms than it is now for Windows, methinks.
--
Darren New, San Diego CA, USA (PST)
"We'd like you to back-port all the changes in 2.0
back to version 1.0."
"We've done that already. We call it 2.0."
Post a reply to this message
|
|