
Linux and the Smile.D Virus keeps us Smiling 386
pstreck writes "News Forge is running a humor filled satire on the the recent Smile.D cross platform virus. It's a good read and just another reminder of why that other operating system needs to figure out a new security policy."
Newer Windows *does* have a newer security policy (Score:3, Informative)
Re:Newer Windows *does* have a newer security poli (Score:2, Insightful)
Re:Newer Windows *does* have a newer security poli (Score:2)
Re:Newer Windows *does* have a newer security poli (Score:3, Interesting)
Re:Newer Windows *does* have a newer security poli (Score:2)
first off, it's the engineers that draw up the blue prints, the developers just carry it out.
second, i can't see how it's the software's problem that the OS has a uneasily understood security model. i'm thinking, either you have privledge, or you don't, end of story.
Re:Newer Windows *does* have a newer security poli (Score:2)
It's the software's problem, then it's the user's problem, then it's the company's problem, then it's everybody's problem. Attributing blame to the front end does not stop the effects.
either you have privledge, or you don't, end of story
A bit is on or off, end of story.
Re:Newer Windows *does* have a newer security poli (Score:2, Informative)
root to do certain operations), access control
lists for all objects, more than 32 groups for a
user, impersonation (so a server can take on the
identity of a connecting user and do operations
on their behalf).
Re:Newer Windows *does* have a newer security poli (Score:4, Insightful)
"Access the computer from the network"
"Allow logon through Terminal Services"
"Change the system time"
"Create a pagefile"
"Deny access from the network"
"Deny local logons"
"Deny logon through Terminal Services"
"Force shutdown from a remote system"
"Load/unload device drivers"
"Logon as a service"
"Logon locally"
"Perform disk volume maintenance"
"Shut down the system (locally)"
"Take ownership of files and other objects"
Wow, if those aren't in plain English I don't know who can't figure them out. NT's security model is very complex, yes, but very capable as well. It just so happens that the crack dealer under the Longfellow Bridge is selling MCSE certifications for $5 a pop as well, so MCSE's are a dime a dozen. If you're looking for a good NT admin, you need to look hard. Just the same reason you won't hire that 17 year old who "has 12 years UNIX experience."
Re:Newer Windows *does* have a newer security poli (Score:2)
Another user right that is sometimes modified is the right to access a computer from the network. On some networks, the security policy dictates that administrators must work from the console of the server. Consequently, the Administrators group is removed from the right to access the computer from the network on all servers. Because administrators cannot access the server remotely, potential hackers are forced to gain physical access to the system or compromise security using an ordinary user account.
Kind of how you can't FTP, etc. as root by default on a Linux box. But it's system-wide, and applies to all groups/users the policy is applied to.
Re:Newer Windows *does* have a newer security poli (Score:2)
Re:Newer Windows *does* have a newer security poli (Score:2)
It all depends on if the daemon you're authenticating against is authenticating you against the SAM database (i.e. your NT username/password). Then the NT security policies apply. IOW, programs that would be covered by this would include network shares, ftp, iis, etc. - they all authenticate against the NT users and groups. (I think they call it 'integrated authentication' now.)
Does that answer your question, or am I still misunderstanding?
No need to be left out (Score:4, Funny)
This virus works on the honor system:
If you're running a variant of unix or linux, please forward
this message to everyone you know and delete a bunch of your
files at random.
Damn, I tried it (Score:4, Funny)
rm:
I can't even get the unix virus! I'm such a luser.
Re:Damn, I tried it (Score:2, Insightful)
$cd ~
$rm -f -r *
(and, obviously, your home directory and all it's contents disappear)
And that's the real paradox of Unix security
Your home directory, and all it's contents are quite vulnerable. Obviously they have to be writable or you couldn't use the contents. But many Unix advocates forget that for ordinary people, the home directory contains the only part of the system they can't easily stream back off a CDROM if everything fails.
Believe me, when things heat up after people's home directories start disappearing due to a Linux trojan (and they WILL start showing up as more 'click and make neat things happen' people transition to the Linux desktop), your 'Unix virus' funnies will seem less amusing.
Re:Damn, I tried it (Score:2)
Phillip.
Re:Damn, I tried it (Score:4, Insightful)
rm -rf ~
The above can be just as fatal if not more to most people.
It's easy to reinstall the system, it's tough to re-create all of those projects you were working on.
Re:Damn, I tried it (Score:2)
Re:No need to be left out (Score:2)
If they have no computers (and presumably, therefore, no windows, no outlook, no address book) how did they send the e-mail?
Re:No need to be left out (Score:2)
http://www.thislife.org/ra/213.ram [thislife.org]
Re:No need to be left out (Score:2, Funny)
(sound of hand covering the tin can phone, talking in background.)
[Malachi! Pedal harder! I'm trying to read fucking Slashdot. If you stop, I will smite you upside your head.]
OK, I'm back. As I said, Amish jokes aren't funny. Why don't you ever pick on the Mennonites?
Smile.D? (Score:5, Informative)
That pun would work better if it was actually called the Smile.D Virus.
Symantec [symantec.com] and ZDNet [com.com] appear to call it Simile.D.
I Agree With This Post (Score:2, Insightful)
Linux needs a clipboard.
The funny thing is, a clipboard seems simple by comparision.
Which will appear first?
Re:I Agree With This Post (Score:2)
Re:I Agree With This Post (Score:2)
Well, if you are getting that abstract, I'm going to say windows is nothing more than win.com, and in that case, it has no clipboard.
A clipboard is useless unless you have something to use it in (explorer or X).
Re:I Agree With This Post (Score:2)
Please note that I am not claiming that XFree86 is a part of the Linux operating system. It is not. But it is a common adjunct to that operating system. Ditto for the GNU tools. They aren't the operating system either.
Advice To Roblimo From The Bible (Score:5, Insightful)
I personally felt the article was childish. Windows has a lot of malware that take advantage of gullible users by sending them deceptive emails with enticing attachments. Linux on the other hand typically has more savvy users. However pointing and giggling is what I'd expect from teenage high schoolers flush from teh rush of their first kernel compilation and not a supposed journalist like Roblimo.
PS: Yes, I work for MSFT. Yes, I run both Windows and Linux at home. Yes, I've been hit by a Windows virus once (CodeRed off of a web page) and had my RedHat box r00ted twice before I learned the hard way.
Re:Advice To Roblimo From The Bible (Score:2, Interesting)
Re:Advice To Roblimo From The Bible (Score:2)
Re:Advice To Roblimo From The Bible (Score:4, Insightful)
Neener, neener, neener.
And had about as much insight. I'm a Windows user and developer with more experience than 95% of the folks on
If this is what passes for insightful, or even funny, than the Linux community is never going to get past the childish l337 h4x0R pimply-faced nerd image that I imagine the average person (or at least those few who actually know what Linux is) thinks of Linux users.
I think Linux has a lot going for it and wish it the best of success, and hope it takes Microsoft down a few pegs, but with this attitude, no one (new) will ever take it seriously.
Re:Advice To Roblimo From The Bible (Score:4, Insightful)
Easier to install?? Windows may be easier to install than Debian, but not than any of the other Linuxes that I've tried in the last year or so. Even Prodigy was easier than windows, though I will admit that the ppp connection was broken. And Prodigy was version 1.0 (I suspect that it should have been called version 0.9.8, but nevermind).
Now I admit that I have consistently refused to agree to the license, and will only install it if someone else agrees to the license instead of me, but Windows has caused me considerable grief at installation time. Occasionally I've even given up and reverted versions. Even Debian has never caused me so many problems. The trouble with Debian is that it doesn't auto-detect hardware very well, and even when you get the basic install finished you still need to configure X Window. None of the other installers make this mistake (and perhaps Debian will also soon be correcting this). Windows, however, intends to coerce you to use the most recent version, and NEVER to go back. (Once I ended up reformatting a hard drive just to revert a version.) If you only intend to do what Windows wants you to do, then perhaps it's easy. Maybe. This, however, has rarely been my experience.
Now it you want ease of installation, you could look at DOS. That was an OS that was easy to install. Of course, there were a few problems with it, but installation was easy.
Re:Advice To Roblimo From The Bible (Score:4, Insightful)
This is a common mistake made by site visitors and regulars alike. Here's the reality:
Stories posted to Slashdot come in one of three varieties:
Do not expect the Slashdot editors to fact check the first two . Although the Slashdot staff have given themselves the title editor, they do not play the traditional role of editor. Be glad for that: News is biased enough when written by trained journalists/editors. I, for one, am happy to have the links to news items and access to the collective opinions of other readers. Whatever the submitters and editors wrap around the link is just one person's opinion.
Try to think of Slashdot as a club and the editors as activity coordinators. They post/approve stories they believe club members will be interested in. Often, they add their insights to the paragraph linking to the stories, as do the submitters. These insights should always be taken with a grain (or lump) of salt; if the insights were subject to moderation, probably half would score "-1, Troll."
To appreciate the service provided by Slashdot, learn to ignore the words around the links provided. Read the links you find interesting and participate in the associated discussion.
Re:Advice To Roblimo From The Bible (Score:2)
Re:Advice To Roblimo From The Bible (Score:2)
Advice from the christian bible from a Microsoft employee? How much significance does religion play in BOTH sides of your reply? Religion is meaningless, come the debate with rationality and data, or stay home.
Any OS that keeps their users stupid should be rediculed. Figure out if this applied to Windows, then ponder if this is true. Linux, by your own description, deserves recognition for encouraging a savvy userbase. Microsoft, on the otherhand, deserves redicule if they do, in fact, encourage a gullible userbase. Of course, this doesn't imply that all users of either OS are savvy or gullible, respectively. I know plenty of cognitively challenged Linux users. There are, of course, plenty of clueful Windows users. Exceptions to the rule?
Computers should empower, not stupify.
When you live in a glass house... (Score:4, Insightful)
But that doesn't mean that the Linux security model is perfect - it just means that the Smile.D virus writer was too lazy to actually try to get root on the Linux boxes the virus gets exposed to. Consider the following facts:
/fug
Re:When you live in a glass house... (Score:2)
ssh -n is a BEAUTIFUL command. That alone has caused amazement for many a windows user.
Re:When was the last time you ran Linux? (Score:2)
Check your facts.
-Jayde
What? People other than Katz can write? (Score:3, Insightful)
Just wondering.
Re:What? People other than Katz can write? (Score:2)
Re:What? People other than Katz can write? (Score:2)
Amusing, but wrong (Score:5, Insightful)
2) That comment about a Linux virus being easier to clean up is a bunch of crap. I've seen plenty of novice Windows users try to remove viruses from thier system using instructions and fail, and it's not because "there are no hidden files." It's because manual removal of viruses on Windows usually involves using system utilities and commands that most Windows computer users have never used before (regedit, command prompt.) Sure, the instructions are easy to follow for Linux... it's because you're a Linux user, and have to use the equivalents of these Windows utilities in every day tasks anyway.
3) "So it looks like the old dream of Linux eventually overtaking Windows and becoming the world's most popular operating system will never come to pass..." Well, if Linux was to become easier to use for the users who suffer from attachment-clicking syndrome, and who don't have the skills/balls to follow clean-up instructions, suddenly Linux will be alot more popular, will see alot more viruses, and virus scan software will still be business as usual.
Re:Attachments (Score:2)
Re:Attachments (Score:2)
Whereas under unix, simply renaming any old file with a ".exe" at the end does not cause the OS to try to load and run it -- "execute" is a specific flag and permission that must be set and granted.
So "just clicking on attachments" will never work under Unix (barring an exceptionally retarded mail client -- and please don't bring up the old, and fixed, Pine buffer overflow; it's not the same thing), and will always work under Windows.
Until MSFT changes this (and how about killing those retarded drive letters while you're at it?), virus, worm, etc. problems will be common on Windows.
Re:Attachments (Score:2)
The body of the email can always provide instructions on how to run the file. *IF* Linux becomes more popular on the desktop, converted Windows users will probably find them working around restrictions and differences between Linux and Windows to do alot of things.
There's nothing stopping anyone from writing a Linux email client similar to Outlook that allows one click opening of executable attachments. And there's nothing stopping software that's easier to use from becoming the most popular... and then say hello to viruses and worms.
Poor example of humor. (Score:5, Insightful)
This whole article takes the disgusting tone of insulting people who obviously aren't as "smart" as the article's author. I find this elitism disgusting, and frankly, embarrassing to the greater geek community.
How many of us are quick to insult people who don't know the difference between root and another user? How many of us call the repair guy because we don't know how to repair the air conditioner, refrigerator, or our car? Would you like it if your mechanic said, "I can't believe you don't know the difference between 10W30 and 10W40. You're obviously a moron."?
Face it, folks, not everyone wants to be a computer expert. Not everyone wants to get involved in flamewars like vi vs. emacs or Linux vs. Windows. They just want to turn on their computer and have it work. And with any operating system, those same people will have to learn how to maintain it by applying patches (just like you have to maintain your car by taking it in for maintenance every so often.)
The fact that this article is categorized as "humor" doesn't make the elitism any less inherent. We should be educating people about the importance of software maintenance, not bashing them for being "morons" because they don't want to know the technical stuff. To most people, computers are a tool to get a job done, not a religion. Windows makes it easy to do most jobs. Therefore, most people are pretty happy with Windows.
Mod me down if you wish. I have 50 karma and I don't care much about karma ratings anyway. But I think this is important for a lot of geeks to understand -- just becuase we may have more technical knowledge does not give us the right to call people with less technical knowledge "morons" -- humor category or not.
Re:Poor example of humor. (Score:4, Insightful)
First of all, this particular article was a response to that press release by Symantec. Sometimes sarcasm is a good way to put the overly serious in their place. "NEW LINUX VIRUS!!! LINUX VULNERABLE LIKE WINDOWS!!!!" yeah, right, whatever. Please don't ignore the legitimate aspects of the humor in this article.
Second, I bet that every group of people who are "in the know" about anything have their own bodies of humor. Ever insulted Britney Spears or her fans because you have much better taste in music than that? Yeah, I though so. Even if you didn't, I bet about half the population of the U.S. has
On a related note, I'd also like to point out that the whole "Linux is a religion to most of its users" thing is not only a myth, but it's actually gotten in the way at my job. I've had problems with people refusing to use the Linux machines at work even when there are good reasons to use them, then accusing me of just being a "Linux fanatic" when I push the issue, even when I'm ultimately proven right. I do not doubt that the small vocal minority you see on newsgroups and SlashDot is probably not representative. On SlashDot you see a lot of arguments about controversial topics, which is probably the real reason why so everyone seems so angry. Still, there are plenty of reasonable people in the Linux community. Spend some time reading comp.os.linux.hardware (and not comp.os.linux.advocacy!) and you'll see what I mean. So please, give the "Linux users are fanatical jerks" thing a break already! The stereotype is making it hard on those of us who generally are nice guys
Re:Poor example of humor. (Score:3, Insightful)
Re:Poor example of humor. (Score:3, Insightful)
And yet the Britney Spears fans make fun of Christina Aguilera fans ("How can you like her? She sucks!") That so-called "elitist" humor may keep groups of people apart, but it also brings people within groups closer together.
Let's take this a bit further. Here's an idea: Let's ban black comedians! Too many of them tell jokes that only blacks get, often at the expense of whites! This elitism must stop now!
Obviously, I'm being sarcastic. But my point remains. Groups of different people (e.g. Windows and Linux users) are different. There are plenty of Linux users who make fun of Windows users, and vice-versa. There's not "elitism" involved, just regular old inter-group competition. It's natural and normal.
There are plenty of other ways to joke about Linux and viruses than to stereotype a group (Windows' users) as having a low IQ. Perhaps the reason people claim Linux is a religion or for fanatics is because they are alienated by crap like this.
Sure, and there's absolutely nothing like this coming from the Windows or Mac communities, or anywhere else (linuxsucks [linuxsucks.com], *cough*, *cough*.) So why aren't "people" aliented by all the Linux-bashing Windows users? Oh yeah, I forgot, only Linux users are jerks who alienate people, while the linuxsucks people and the like are... ?
I'm not claiming that the article isn't rude, by the way. Although some of it is not (the "cool viruses" bit for example), other parts obviously are (though the article does not accuse Windows users of having low IQs! It says that Simile.D will only infect your Linux box if you have a sub-100 IQ -- please read the story more carefully!)
What I want to know is, why is this article considered to be an example of Linux fanaticism when some Windows users are throwing the same crap back at Linux? Why are "Linux users" in general accused of being fanatics, rather than "some Linux users" or "some Linux, Mac and Windows users"? Why do some people assume that every Linux user is trying to draw people into the emacs vs. vi "war" (like the poster I originally replied to)? I could care less about the emacs/vi thing -- although I have traded some light barbs about this with a co-worker (very tongue-in-cheek), and I'm pretty sure it actually made us better friends.
Anyway, my point is that some people complain about how Linux users stereotype Windows users, while simultaneously arguing the "Linux fanatics" stereotype. The poster I originally replied to, for one. It's really irritating.
Re:Poor example of humor. (Score:2)
The article has a serious tone: Note the author uses "Windows _apologists_" and then turns around and trys to claim (with humor) that Windows is superior. It's not entirely satire. "I know beyond a shadow of a doubt that [insert country, favorite baseball team, etc.] people love viruses, because they spread so many of them." This just isn't funny at all. The nature of viruses is they travel undetected. You don't knowingly pass viruses (willingly or not). Would you willingly pass viruses, if you could? No, because that would be _stupid_. There is an implied stupidity on the Windows' users going on here. It is not the literal words, but the tone of the author that makes it most elitist. Perhaps that is part of the problem. You and others think it is normal behavior.. and it is because you believe it to be. That doesn't mean it _should_ be that way, or that it is normal to other people. I don't find this article amusing in the least bit. If I moved to the Windows/Mac communities, would I constantly be reminded of Linux stereotypes? I seriously doubt it. The impression I get from other OS communities is they are concerned with themselves and aren't worried about what others are doing.
Re:Poor example of humor. (Score:2)
Re:Poor example of humor. (Score:2)
That's called elitism, and it actually alienates people. If you want to make a joke about something then you don't talk down at others.
Sorry but I agree with the original follow-up. You need to lighten up and let people have a little fun. Linux users are more knowledgable about their systems, as you say, and that took each user time and patience. You also say that many users don't want to bother learning about their computer, in which case why begrudge those that do their little reward when that hard work paid dividends?
You call it 'elitism' and 'alienating' as opposed to it being an in-chuckle in the Linux crowd, but you are clearly proved wrong imho by all the comments that follow the news story. In-jokes can help bond communities, but it can also relieve a lot of frustration when you can see people repeatedly running into the same brick wall but cannot persuade them to change. You don't even need to switch to Linux to avoid these viruses, just use a professional email client instead of Outlook (I recommend The Bat!).
Phillip.
Re:Poor example of humor. (Score:2)
This article was not funny at all to me. I've been a Linux user for years and this is plain boring and trite. It might have been funny 5 years ago, but today it sounds like a broken record.
Re:Poor example of humor. (Score:2)
Re:Poor example of humor. (Score:2)
Yup, it does alienate people. That's the point. If you have a group of people who are all at a minimum skill level who are not interested in working alongside people of a lower, or non-existant skill level its a very effective way of keeping them out.
For example, telling these jokes in the server room keeps button pushing morons (yup, I said the word) out. Good thing, too.
As far as it being elitism, you're totally correct. Just as the Cable Guy will get the cable installed extra fast for someone who knows enough not to do certain things that would ruin the cable, he'll take longer (and, due to time constraints) do a poorer job for someone he expects to break it anyways.
Its human nature, and in this case its not a particularly bad thing either. It gives people an incentive to improve upon their skillsets and broaden their horizons.
>There are plenty of other ways to joke about Linux and viruses than to stereotype a group (Windows' users) as having a low IQ.
Sure, but they aren't as effective in ensuring those people you don't want to associate with stay away, are they?
>Perhaps the reason people claim Linux is a religion or for fanatics is because they are alienated by crap like this.
And this a bad thing... why?
If you can't have an open mind to a community then you'll find you'll be eaten alive in it.
Elitism is only wrong when its done maliciously against attributes people cannot, or should not change (such as [but not limited to] race or disability).
An OS is something you can change, and if one has such a thin skin they can't take a jibe or two from someone on the opposite side of the fence on such a light issue perhaps they have some personal issues to deal with first?
>I've been in whatever this "Linux community" is for a number of years now and I'm feeling increasingly alienated. There is too much negativity towards Microsoft and too much seriousness about Linux for the masses.
Well, I would humbly suggest you're just looking in the wrong places. If you want to use windows and Linux equally, why not join in with people making Linux-Windows compatibility software, like Win4Lin, Wine, Codeweavers, Bochs and VmWare?
Re:Poor example of humor. (Score:2)
Elitism is only ONE of the faults of this so-called humor piece. But it does offer a chance to hash out this issue.
I'm willing to bet there ARE mechanics who scoff at those who don't know the difference. After all, its a basic bit of maintenance knowledge - hardly arcane knowledge. Heck, its even included in your vehicle operators manual. If you're going to do basic maintenance of your car yourself, you are going to have to tackle the difference in motor oil.But you don't have to do the maintenance yourself. There are plenty of places that do nothing BUT simple tuneups and oil changes. And judging from the number, it seems to be a fairly popular service. Of course, you DO have to be aware that the maintenance needs to be done.
Computers are similar to motor vehicles. Both are complex systems that, over the years, have become simpler to operate. However, they both occasionally break and need unscheduled maintenance. And they both need regular maintenance. One can gain the knowledge, skills, and tools to maintain these systems oneself. Or one can find a knowledgeable friend or hire a professional.
Unfortunately, these concepts are lost on the average computer user. They are faced with two opposing concepts that cloud this simple idea.
First, our popular culture constantly pushes the concept of "computers are so complex and difficult that only especially gifted individuals will know anything about them." You find it in news headlines that gush "Local Computer Wizkid does [relatively simple malicious hack] Against [national agency] Computers!" National news figures professing computer illiteracy - imagine Ted Koppel lamenting that his son (or grandson) knew more about cars. And then there's an entire industry that promises to make computers "simple".
And that's our opposing concept. The IT industry is full of products that promise to simplify the computing experience (witness the popularity of Microsoft products and AOL). Its a worthy cause. Computer systems have now become fairly easy for daily tasks. But unfortunately the message seems to be that computer systems have gained the characteristics of a toaster or VCR (Twelve O'Clock Flashers [mp3s.com] aside) rather than a motorized vehicle. This impression is entirely false.
Today's automobile is fairly easy to use. However, there is still a rather complex system of traffic rules one has to learn to use one. And the underlying technology of the automobile is more and more complex. One must learn enough to perform basic maintenance or have it performed by another. Even then, these systems will occasionally fail and require an expert to repair. And we even have products from the automobile industry that have serious engineering flaws.
Computer systems are very similar. However, we have the popular misconception of complexity that seems to cause many otherwise intelligent people to disengage their thought process when they get behind a keyboard/mouse. And we have an industry that profits from convincing the public that they don't need to bother to learn the basics of operating a computer to use one.
It is little wonder enthusiasts and professionals become jaded when these two concepts create irate users demanding quick fixes to problems. Especially when some of these problems are their own doing or could have been solved themselves with the most basic knowledge and patience.
Re:Poor example of humor. (Score:2)
I respect Windows users and their wishes. Although I won't use it much myself, if others would like to use Windows, I've no problem with that.
Another bad attitude among the open source community is to assume that everyone has enough time for everything. "Normal" users are used to "click, click, click, it's installed".. not "./configure; make.. oh wait, something stuffed, hold on.. vi file.c.. darn, wget http://new-version, etc etc".
And even as a Linux user, I do get "pushed" by other Linux users to use a certain app too. Once I was trying to draw a diagram in a hurry, and because I wasn't familiar with Linux diagramming tools, I used Smartdraw for Windows. A fellow Linux user came by, scoffed at the fact I was using some Windows software, and pushed me to use xfig. Of all things! xfig is so bloody primitive and totally not the right tool for the job. He then recommended Dia which was not up to the job too. I could've produced the same diagram, but it would take probably 2 to 3 times the time I would've taken using Smartdraw. So I can imagine how those Windows users would've felt.
No one wants to hear "Ewww!! You're using Windows?! That piece of junk??" anymore than we want to hear "Eww! You're using Linux?! That piece of junk??" So, please. Respect the wishes of other users. If they wanna use Windows, let them. If they wanna use a Mac, let them. If you like to drive with a manual transmission, you don't want to be forced to drive an auto, right?
Re:Poor example of humor. (Score:2)
Yeah, good read (Score:5, Insightful)
Blah blah blah Linux good.
Blah blah blah idiots use Windows.
CmdrTaco posted this? I'm so shocked!
This article is not satire, is not it original, nor is it well written.
I wish I could moderate CmdrTaco down for being a troll just once.
SetupWeasel
Longing for more like this! (Score:2)
Howz about some of yous guys start a fake news site (preferably not sponsored by our dear friends from Redmond).
Am I the only one here not laughing? (Score:5, Insightful)
Am I the only one not laughing? Am I the only one watching with, not fear, but interest and attention, the great innovations being done in the field of the Linux viruses?
We have a virus that can infect both Linux and Windows binaries. A virus that can try to infect a Linux box from a Windows box. A virus that is extremely hard to detect and destroy on Windows. Sure, it doesn't work well enough, yet. It's, after all, only the third generation virus. But it is nevertheless a great technical achievement, a new milestone release, a step towards havoc.
When these viruses will be able to infect a Linux partition from a Windows partition, or a Windows partition from a Linux partition, each time bypassing the security and anti-virus of the operating system it is infecting - hey, the OS is not even running! - will you laugh that much? Nobody can root you? And what about a virus that has ext2-level access to your root partition? Yes, from Windows? Who is 100% Windows-free? Who never has two OSes on the same machine?
Virus authors are showing are growing interest to Linux, and as more and more viruses are able to spread on Linux, more and more anti-viruses Linux will need. You might not like it, but it seems unavoidable to me. And if you really hate the anti-virus companies, start an open-source project. Now.
Let's come back to this discussion in a couple of years. And we'll see if you were right to laugh. I hope so. I don't believe it.
Re:Am I the only one here not laughing? (Score:2, Redundant)
Then again I dont dual boot. I have 2 machines, 1 for windows and 1 for Linux and so far neither have been infected.
dvNuLL
Why Linux doesn't have viruses (Score:2)
Fortunately, this probably will never happen. Not because it's technically impossible, but because all the programmers with that kind of skill are mature and ethical. If you look at the biggest viruses we've had, almost all of them are dysfunctional and poorly written, and obviously the product of an immature kiddie.
Now, my point: IMHO, there's only one thing protecting Windows from highly destructive viruses, and the Unices from any viruses at all. It has nothing to do with the technical merits of the system, or the tech-savviness of its users, neither of which can stop a well-written virus (there will always be a hole somewhere). The key factor is the honor of the programmers.
Different communities aggregate to different OSes, and warez kiddies and hax0rs seem to me to exist almost entirely in the Windows world. The reason Linux doesn't have any viruses is because nobody is trying to write any. Until this changes, I don't expect anti-virus software for Linux to become necessary anytime soon.
Re:Why Linux doesn't have viruses (Score:2)
Considering how widespread some malicious code gets, its surprising that more damage isn't done. This is not because the code is not successful in replication. It is because they tend to contain very benign payloads (with some notable exceptions).
It wouldn't take too much imagination to create a destructive payload that does not interfere with replication of the code. But for the most part, malicious code found in the wild tends to do little to harm the systems they attack or data housed therein. One can only assume that this is intentional. So if the widespread virus does not destroy data or host systems but does manage to become widespread - obviously replication, and not destruction, is the common goal.
Why focus on replication? Perhaps it is the sole goal of an academic exercise. Perhaps it is politically motivated to expose security vulnerabilities within the target platform. There have been writings and comments within sample code that support these two possibilities.
That doesn't mean malicious code is not dangerous. The code for a successful virus simply provides a platform for those with a more destructive intent to include a more destructive payload. Plus, malicious code does tend to impact available resources (bandwidth, drive space, etc).
Although much of the available applications available on Linux is available for the cost of time and a download, there is a selection of proprietary applications. These applications can be found within the "Warez Community". Also, there are plenty of examples that show Linux is known within script kiddie / "hax0r" communities and somewhat commonly used.
I would suggest that there are few examples of malicious code that targets Linux because Linux does not present a favorable environment. Windows is full of insecure architectural decisions that provide a rich environment for malicious code. This feeds our two motivations for writing malicious code. It provides an environment where one can write code that will successfully replicate. And the insecure architecture itself is being exploited by those who's political motivation is to expose the vulnerability of that architecture.
Surely, some will decide to apply the same motivations towards Linux. Although those who have a political motivation may not be as many. Linux development methods tend to listen to security criticisms and its open source nature allows those with that kind of interest to focus on providing patches rather than expend the effort to force the issue publicly. Those who find developing malicious code an academic challenge will write such code. And thus, we occasionally see a new "Linux virus".
Re:Am I the only one here not laughing? (Score:2)
I think that you're entirely right about returning to the discussion in a few years. Yet it's quotes like this that make me wonder why so many people are calling this article FUD. The reality right now is that there are thousands of Windows viruses, and about a dozen Linux ones (none of which spread very well on Linux). Making fun of how Windows users suffer from viruses may be short-sighted, but it's not FUD -- Windows users do suffer from viruses far more than Linux users, and anti-virus software is a necessity on a Windows machine (but not on a Linux one). That's just reality (assuming we're all in the year 2002, anyway). As you said, in a few years Linux may have a virus problem, but that implies that it doesn't right now, which is basically correct.
Re:Am I the only one here not laughing? (Score:2)
The word of the day is FUD. (Score:4, Interesting)
We've seen a lot of it over the years from Microsoft and other major companies, but the people who once used to rally it no longer carry it on their news sites, but they actually have become a source of FUD as well.
OK. So this was posted as humor. But somehow it didn't read as humor. It read as an article that claims you need to spend money to prevent viruses on Windows while you could run a virus free linux system by just pumping an 80 IQ.
On Windows you're likely to get a virus from one of two places, either installing software or running software that allows scripts in it's data files.
Both of these are easy enough to defend against, however, it's seems like it's not in the best interest of the Linux community to let that be known. A little Fear, a little Uncertainty, a little Doubt is a much better weapon.
And when it's over, the truth is that had this been presented as a factual article on how simple it is to remain Virus Free on a Linux system, it wouldn't have even been read by many, nevermind submitted to Slashdot.
After all, FUD sells. It just doesn't make me proud to belong to the community selling it.
Re:The word of the day is FUD. (Score:3, Insightful)
Symantec trying to break into the Linux market? (Score:2, Insightful)
Two Things Will Undo Linux Security (Score:5, Insightful)
1. The steady transition of Linux from a "geeks only" OS to a corporate mainstay. This will make Linux a more appealing target.
2. The arrogance of those who think that Linux isn't vulnerable.
uhhh. (Score:2, Funny)
Buh??? Why would you need to write a virus to do this, most linux boxes out there have lots of stuff you can exploit to get root yourself.
"Humour filled"? (Score:2, Insightful)
This guy actually writes articles? (Score:2, Interesting)
Where does he come from? I paid $300 for my monitor, does it mean that oh I shouldn't pay them, I better keep the money to myself?
As usual, when you can't beat MS, troll away
This article sucked. (Score:2, Funny)
CmdrTaco, don't post sucky articles for your sucky friends just because they ask you to. Read the sucky article yourself first. It sucks.
Now do you see how non-constructive criticism feels?
Interesting quote from the article... (Score:3, Insightful)
In my case, the answer is 'zero.'
So that's the end of that."
Woah, not so fast there, buddy.
Lots of the newer "user friendly" Linux distributions like Mandrake and Lycoris allow Linux newbies to install the operating system without creating a separate user account. Worse yet, some of them allow the root user to have NO password at all! As these Linux distributions get more popular and easier to use, you can expect more and more computer newbies who don't understand computer security to leave their systems logged in with administrative accounts with no passwords to protect them.
One of the main reasons that Windows is venerable to virus attacks is that it's users often aren't as security savvy as *NIX users are. All it would take is a few thousand home users running Linux logged on as root without any passwords or security patches for a Linux virus outbreak to become a reality.
Re:Interesting quote from the article... (Score:2)
Running as Root (Score:2, Interesting)
Overall the article was good. I agree that now with StarOffice, Mozilla, Ximian, the nearly 2 click install from SuSE 8, etc. There really is no good reason to deal with all the Windows BS. Anyways, the one problem I had was that Roblimo was talking about the average Windows user. And I believe that the average Windows user would be a lot more likely to run things as root than learn how to use sudo. How many install instructions say:
Become root, then run: make install
Without people knowing what that means and why it can be bad, their systems are just as easy a target for viruses as Windows computers. Either way, it's an education thing.
Not the OS.. the users (Score:2)
Yes, there are plenty of people who just want to "turn it on" and have it work, but you boot up and DHCP a public addy via a cable modem/xDSL line, you ought to at least be *aware* of the potential for abuse. And that goes for both Linux and Windows. We won't discuss this fact with dial-up users but they don't get it either.
At least my grandmother (85 year old grandmother) has an excuse. As long as she can e-mail and browse she really doesn't want to know anything else, so I'll take care of that for her. But that's a different situation. Most of them time we're talking about people who have at least a limited knowledge of computers and should be able to understand these things. The least the Cable/DSL providers could do is include a picture and a little description of what the hell they're getting into.
I run a switched network at home with a firewall that's solved most of my problems. But my father's hooked straight to a cable modem and until a month ago when I told him he was vulnerable he had no clue.
And that is the real problem. Because users in general (1) don't patch and/or (2) don't even realize they're "on" the Internet.
As far as a few comments here about Linux being too difficult for most users, tell that to my 8 year old daughter. She doesn't have a problem at all running SuSE.
Re:I knew there was a good reason... (Score:2, Insightful)
Safety of Linux (Score:2)
In all fairness, saying that there are Linux viruses is like saying that the Concept virus was a Windows virus. I am not aware of any Linux virus (that attacks the system using vulnerabilities presented by the Linux kernel). Usually other programs are the source of the risk.
The issue of security from viruses is similar to the issue of security from hackers. It is a never-ending battle, and network services are points of attack. Some pieces of software are better than others at controllign the degree of compromise resulting from their failures. That is all.
Re:Linux is still safe, but... (Score:2)
Do not run untrusted code.
Do not run any program as root that is not either a part of your original distribution or an install script for a program you know has not been tampered with (check the md5 on the tarball), and whose author you trust.
Never run any mail program that runs code that is mailed to you (good luck finding one for *nix that does that anyway).
Follow this program, and you should remain virus free on any reasonably designed operating system.
Re:Linux is still safe, but... (Score:2)
And, if that was the case, I could, as a semi advanced user (hell I use vi and berkely mail, but I've played with enough elisp to do this) make my emacs mail mode invulnerable to the virus after about 10 minutes of coding, and without having to recompile anything. And I seriously doubt your claim. All email viruses rely on "conviently" auto-executed code. There is little if any of that in emacs outside of hooks that only change the mode or state of emacs in some way (ie. turn syntax coloring on if the file ends in .c). Emacs has been around since the '70s, it has survived long periods of time as *the* predominant text editor without any significant viruses that I have heard of. Security can't rely on your code being on fewer computers. Security must be designed into the kernal, the APIs and each and every program used. This has been done to varying degrees of success on every unix and unix clone, and is just now, 30 something years later, being proposed on the Windows platform.
%s/kernal/kernel/g (Score:2)
Re:Is Linux a machination of Satan? (Score:2)
Re:Good god get over yourself and get busy! (Score:2)
1. Most of the hundreds of millions of windows users are windows users because that's what came with their PC. It was bundled with their PCs because of the heavy handed licensing methods that Microsoft applied to the OEMs. That's not the same as saying that the customers prefer windows.
2. It occurs to me that it's very hard for a virus to propagate in an environment where the user (by default) does not have write permission to the directories - and I'm not talking a "read-only" bit that essentially relies on the honor system. In usermode, I can't infect/damage
3. Saying Linux has made great strides in a short time is misleading and somewhat deprecating. I've been using it since 1992 (10 years). That predates all win32 platforms (including Winnt and Win9x, to say nothing about XP, etc.). It's a minor bone to pick, but it's made great strides over the entire course of its existence. Even in the beginning, it was purposely built to take advantage of "great strides" that predated it.
4. Users don't have to patch code. Linux package management excels. I know debian best, and apt-get keeps my system secure with nary a recompile. Patching? I could if I wanted to, but I'm too busy being productive on my system.
5. I agree about not calling people who don't use linux morons.
6. You don't even have to run linux, as far as I'm concerned. I have to draw a line at telling the people in the community to get busy and fix the bugs and do a little usablity testing. Where have you been? Did you know that all that happens. How else can you explain this feature-rich reliable, and usable system that I'm typing this on? Independent estimates have estimated that there is over 1 billion dollars of time invested in a typical linux system and it is all given away for free. Be grateful, not pissy.
Re:Good god get over yourself and get busy! (Score:2)
point 2: window has been around since 1984. It is an extension of MSDOS which was from 1980. Anyway, I think most of the real progress in bringing linux to the masses has been done in the past 5 years. My opinion only.
point 6: I run mandrake and windows, mainly for xplatform coding. The UI for KDE3 just isnt there yet, nor GNOME or what-have-you. I rate the usability (for naive users) of Linux below Windows 3.0. And thats pretty sucky. In fact, usability and polish is the main weakness of Linux. Only honest usability testing with naive so-called-morons will get the OS past this hurdle.
Re:Good god get over yourself and get busy! (Score:2)
********
This is complete baloney. Most users have never tried anything else. Microsoft has taken control of the distribution channels, so there is no place for consumers to have a choice. If they go into best buy they get a choice between Windows and Windows. How would they manage to choose Linux in that scenario? Or Mac? They would have to have known about it before hand, AND know where to find it, AND know what it's capabilities are.
That's like saying the Chinese people prefer communism. The fact is the system doesn't give them a choice. Hopefully in the future the grassroots Linux movement will enable more choice and knowledge for users, but that takes time. Don't pretend like it's a choice today because it isn't.
As to your other point, preferences differ, but most people like KDE or GNOME as much or better than Windows, although less than Macintosh. GNOME, I know has gone through such usability testing as you mention. I don't know about KDE. What, specifically, do you find sucky about them?
Re:Good god get over yourself and get busy! (Score:2)
Re: (Score:2)
Re:Good god get over yourself and get busy! (Score:2)
********
No. It doesn't. It would count for something if
a) all those users knew what Linux was.
b) all those users knew the advantages and disadvantages of both systems
c) all those users knew how easy it is to switch
The fact is, 99% of those users don't know any of the above, and thus cannot make that choice. Add into that the amount of disinformation there is on Linux, and the possibility of this user knowing about this valid choice, and that it is valid, drops to near 0.
As for using Linux without editing config files, my wife and I do so every day. Installed and use regularly, and had to do a whole lot less configuration than with Windows. Even changing the video card was handled automatically, and the system detected and installed the appropriate 3D drivers for my new card automatically.
Re:Good god get over yourself and get busy! (Score:2)
Re:Slashdot favors Linux (Score:2)
Point (1), the majority of
If the above is true then is it safe to say that these same people have made up their minds that Linux and Open Source is superior in many ways than Windows and closed source?
Are there not numerous examples of grandmothers and small children (there's an 11 y/o girl in my house that can install Suse w/ no problems. She is of average intellingence) who use linux? If and adult cannot perform a task so simple a child can do it then is there a problem with labeling that person a moron/lame?
The entire purpose of the post is to point out that
1)Slashdot is biased and said bias is based on facts and experience. Whenever someone makes a statement that
2)To counter the assertion that Linux is more difficult to use than Windows. It is not.
Re:Slashdot favors Linux (Score:2)
Re:Windows isn't less secure (Score:2)
For those who can't remember the word pine, you can even make a shell script menu:
Welcome to SUnOS.
Type pine for mail
slrn for news
logout to logout
wp for WordPerfect
Agreed. (Score:2)
The other week, I decided to give it a go. I put a Redhat 7.0 (the latest Linux I had in the house at the time) CD in and got on with it. Very very easy setup! Less hassle than Windows, and certainly quicker. Copying files seemed to take longer, but, you've gotta remember that Windows spends at least 20 minutes restarting itself and setting up all sorts of crap after the files are copied.
So, yeah, I'm no Linux zealot, but they've come along in leaps and bounds on the interface front. Although.. I had to edit a few config files to get my network card working, so it's not for a typical user either JUST yet..
Re:Agreed. (Score:2)
I had similar problems with RH 7.0 about 3 months ago when I installed it to a Compaq Deskpro EN PIII 1.0GHz with a plain vanilla 3Com 3C905C network card. It took me some time to get eth0 up and running.
So, when 7.3 came out, I decided to give that a shot and see if it would work any better with my NIC. Sure enough, Anaconda found it and auto-configured for DHCP. So the moral of the story? Get 7.3, I guess. I mean, it's not like you have to pay for it.
Of course, I still haven't figured out how to get the Deskpro's on-board audio working, 7.3 or no. Compaq's website wasn't much help, and I couldn't find anything about it on Red Hat Network. Anybody else out there with nudges in the right direction?
Re:Windows isn't less secure (Score:2)
After logging in, I can get my mail!
Re:"That other operating system" (Score:2, Interesting)
I for one would prefer if people would instead refer to it as 'the thing that shall not be named' as the title makes no assumptions, does not encroach on any several thousand year old technologies (I think that before the Romans put glass in them, windows were more of a hole in the wall than the true window experience they are now) and is dark and gloomy enough to reflect all those works forever lost by those forgetting to save every 10 minutes.
As to the virii, I wish Linux was as secure as all that, but as others have pointed out there are a fair number of exploitable suid-root programs with the average large distribution.
I had a read about HURD's security system a few months back and it looks a lot more promising than the traditional UNIX model (something about starting with no permisions and working your way up, rather than starting with all permisions and dropping them for your typical root service). It should be interesting to see if the new ideas work out in the long run, or whether the 30 year old security model will once again show that it got that old for a reason.
Re:Main differnece is philosphy (Score:5, Insightful)
What does it mean to "be secure?" It is easy to spew common *ix security logic when that is all you know and think about when security is the topic. You have to take a step back to understand the nature of security.
I'm rusty on *ix history, but I'm fairly certain security was never a top priority of the original Unix, until later. If you check up I'm sure you will find that security actually _was_ added to *ix on a as-needed basis.
As an example consider this: until fairly recently (mid to late '90s) denial-of-service was not a threat. *ix admins everywhere had to rush to turn off common "safe" services such as ping, finger, etc. as a result of what they believed was security.
The _biggest_ threat will always come unannounced and from a never suspected "location." What *ix has for security is simply barriers for the patterned attacks. Security has been a buzzword of sorts long before Microsoft--and will continue to be a "buzzword" as long as people foolishly believe that security is an absolute.
Re:Main differnece is philosphy (Score:2)
Re:MS the tool of a lost generation :) (Score:2)
Re:"that other operating system" (Score:2)