Not really,
If that were true the incidence of viruses and worms would reflect
the actual usage of machines ... and it definitely doesn't by a long
shot. The stats show an overwhelming kerning toward MS and its
products.
For example, Nortons Antivirus protects me from 50,000 odd viruses
and worms on my WIntel machine. Of those viruses and worms 40000 are
binaries (or Windows specific) and 8000 relate to macro viruses which
only affect MS Office users. Others protection relates to worms
(about 300 protected against) and other little nasties.
On the Mac ... there are 37 odd binary viruses, about 4 worm like
viruses and 7000 odd MS Office viruses (which only affect users who
use MS Office) in existence.
Under different flavors of UNIX and LINUX there are less in the way
of binary viruses (the different kernel structures and the like don't
support a 'one virus catch all' strategy, and to make something like
that work you'd have to upload the virus as source code with a polite
request for any user who wants to be infected to 'please compile this
virus for your platform/kernel') and MS Macro viruses are pretty much
a non issue. There are the odd worms and the like.
If you look at those figures it doesn't support the 'more viruses
because there are more users' theory at all. In fact quite the
contrary ... other platforms should have a heap more viruses and
attacks than they currently experience ... especially given the
relative demographics of their respective user bases with respect to
programming skills and talents.
My take on it is as follows:
1. Windows has almost no file protection inside critical directories
(like Windows/System, Windows and the like), files in those
directories are wide open to being over written (and routinely are by
software installers), and virus kits (which create software
installers for viruses) have little or no problem in creating ever
new binary viruses for it.
2. The ActiveX control architecture effectively has no controls. It's
purpose is to allow the free flow of data and instructions between
applications, and it does that with a vengeance. OLE and the like are
a recipe for network/security disaster, and the VBScript and macro
functionality allows pretty well any script bunny (ie. anyone who can
write a macro or VB Script) to develop a virus.
3. The default installs for Windows and MS applications are wide open
and most users don't realise this. This is compounded by the fact
that the various macro and VB Script security controls can be
switched off using commands in the macro/VB engine ... as witnessed
by Melisssa and a host of e-mail viruses. What a brilliant idea ...
providing security that can be switched off by anyone who wants to
attack you.
4. Intel hardware design hasn't helped. In the good old days (three
years back) writing to the BIOS was restricted by password control
and the like ... but Intel, despite warnings by a large number of
security experts, developed motherboard a few years back that enabled
BIOS overwriting by default. Indeed there was no way you could switch
this BIOS overwriting facility off. Hence the damage CIH and other
BIOS viruses did ... and hundreds of thousands of motherboards were
destroyed in virus attacks.
5. The MS networking architecture is pretty average ... especially IP
at which MS is still in a learning curve. Little numbers like 'Back
Orifice', 'Code Red' and the like are only possible because of these
deficiencies. (The Mac's current networking architecture is similarly
average, but an unintentional safeguard exists because the Mac
converts received packets from IP to AppleTalk/Appleshare on receipt
....which means hackers have a much harder time of 'taking control'
of a Mac. UNIX/LINUX IP architectures are much more sophisticated and
have many many more access, network and user controls to circumvent.)
6. MS Server software is designed with providing
installation/administration capabilities to the lowest common
denominator ... essentially the devalue the network administrator.
You gets what you pays for in such a case. Sure anyone can install
MSIIS for example, but only a very few people can do it right.
7. MS Server (and other software) tends to be a consumer item ...
released and patched as required. The problem is that there is a lot
of code and interaction of code (12 million lines of Win 2000, a
couple of million lines of MSIIS and support server, a couple of
million lines of MTS etc) much of which was not testable when the
different products were rleased in a staggered fashion. Many of the
updates and bug fixes (Service Packs!) introduce new bugs and
incompatibilities and overwrite many files and libraries (all those
DLL's) in different directories which were critical to other
applications and products.
8. Keeping up with MS updates and bug-fixes is thus a huge effort ...
and adds significantly to your server administration costs in
enterprise. 150 bug fixes for MSIIS over the last two years. Hundreds
or thousands of bug fixes (only irregularly and periodically
consolidated in to single issued Service Packs) for different
applications, suites and OS variants. I can't see how the average
user could remain current.
9. The damage is done with e-mail and many network viruses before the
fix becomes available ... because MS and the virus protection
companies only become aware of it AFTER it has done 90% of its
damage. (My solution to this is to break the MS application chain,
and use a non-MS mail client and/or browser and/or server software
which does not have the necessary macro/VBS engine capability to be
attacked by e-mail and network borne viruses .... but MS wants us to
use EVERYTHING MS.)
Anyway, I hope that wasn't a prion bombardment. I do use some MS
software, and so do many on this list. There are others who won't
touch it with a 12 foot pole. To me, MS's problem seems to be that it
wants to be pervasive .. but that it hasn't put the necessary
security and control infrastructure in place to be considered for
'mission critical' applications. They're more focused on getting
product out the door, than fixing/rectifying the rather serious
security problems inherent in their OS and application infrastructure
... and as such I can't consider them 'network ready' in the true
sense of the word.
Regards,
At 2:54 PM +1000 13/8/01, david higgins wrote:
>I know I'm inviting you all to bombard me with prions, but surely the main
>reason there aren't more Linux and MacOS viruses is because most people
>*only* use Windows? Why write a virus that is *only* limited to a small
>audience?
>DH
>
>----- Original Message -----
>From: "Rick Welykochy" <rick@praxis.com.au>
>To: <link@www.anu.edu.au>
>Sent: Monday, 13 August 2001 13:15 PM
>Subject: [LINK] Computer prions
>
>
>Once again, one big problem: the learned professor failed to clearly
>establish the following:
>
>(a) that these so-called prions affect *only* Microsoft Windows systems
-- ************************ Apathy is a great cause for concern ... but who cares? ************************
This archive was generated by hypermail 2.1.1 : Fri Aug 31 2001 - 03:10:04 EST