|
|
Warp wrote:
> Didn't seem to be such a problem in the unix world.
No, because most people running UNIX software knew the basics of how
computers work. They'd recognise this as a scam, rather than just another
series of opaque rules you have to follow to get something done on this damn
machine.
> And even if that
> kind of social engineering caused someone to execute a program they
> received by email, it would still be limited to that user's account.
Except that's why they took "." out of the path, and why setuid files aren't
allowed to be writable and why writing to them turns off setuid, neither of
which were security features even as late as V7. Exactly because enough
people fell for it that they made it inconvenient for developers to keep
those not paying attention from running a trojan.
> The system itself and other users would be safe.
Except if there's only one user on the system, like there often is with
Windows desktop machines, you're still screwed if your web browser starts
sending your bank passwords to russian mafia guys.
> It's a whole different
> mentality. It's hard to spread viruses like that.
It only takes one hole. How widely do you think the Morris worm could have
spread if he was being paid a million dollars to make it hibernate on the
computer? He'd write an executable somewhere, call it something benign,
start it up as root, then let it sit and listen for a particular string to
show up in a spam mail to DDOS some network computer.
I think what you're seeing is more that by the time it was *profitable* to
write a virus, Windows was already the best vector both in popularity and
user-naivety. Granted, it was pretty common back in the early days of
Windows to have a virus or whatever spread, but it was also much more common
to hear of break-ins of commercial servers to be stealing credit cards and such.
--
Darren New, San Diego CA, USA (PST)
Serving Suggestion:
"Don't serve this any more. It's awful."
Post a reply to this message
|
|