Hello all,
I’ve been seeing a rise in linux in business lately and wondered what everyone’s thoughts were on Security. If Linux were to eventually topple the MS giant would it become the focus of internet attacks and viruses? I’m sure once that happened companies like Symantic and AVG would direct their full attention on Linux.
What are your thoughts?
On Sun, 14 Nov 2010 20:36:01 +0530, danrche
<danrche@no-mx.forums.opensuse.org> wrote:
> I’ve been seeing a rise in linux in business lately and wondered what
> everyone’s thoughts were on Security. If Linux were to eventually topple
> the MS giant would it become the focus of internet attacks and viruses?
> I’m sure once that happened companies like Symantic and AVG would direct
> their full attention on Linux.
> What are your thoughts?
depends which happens first: linux toppling MS, or the universal economic
/ resource collapse. i think we don’t have to worry too much about the
first possibility…
–
phani.
Hello all,
I’ve been seeing a rise in linux in business lately and wondered what everyone’s thoughts were on Security. If Linux were to eventually topple the MS giant would it become the focus of internet attacks and viruses? I’m sure once that happened companies like Symantic and AVG would direct their full attention on Linux.
What are your thoughts?
Hello danrche. You know that this is pure speculation, but if Linux where to get a major share of the desktop business, say equal to the Apple MAC, then attention would increase for those into creating Viruses and Malware to attack Linux. Due to the nature of Linux, it would be harder to do, but nothing is impossible if the rewards are good enough. Once infections or even the perception of infections are on the rise, just as the number of users goes up, then antivirus companies would surely develop products to fill that need.
If there was a sudden need for soft toilet seats because the vast majority of the public have warts on their butt, we would also see lots of soft toilet seats as well. Luckily, this is not very likely (Butt warts), just like Linux taking over the desktop, but it could happen. lol!
Thank You,
Luckily, this is not very likely (Butt warts)
…how do you know…
I am sure about anything any more LOL. Will go and look inside a “do it your self market”. If more then two cosy seats show up…
On 2010-11-14, danrche <danrche@no-mx.forums.opensuse.org> wrote:
> I’ve been seeing a rise in linux in business lately and wondered what
> everyone’s thoughts were on Security. If Linux were to eventually topple
> the MS giant would it become the focus of internet attacks and viruses?
It would attrack attention, of course. But attention is not infection.
> I’m sure once that happened companies like Symantic and AVG would direct
> their full attention on Linux.
Unless we go down some paths that Windows has followed, I doubt we will ever
be poluted enough for them to make a profit out of it.
> What are your thoughts?
The highest risk comes with tools not limited to their original - usefull -
purpose. Too many formats and tools had an original, safe, definition but
blew up to become bug-ridden, bloaded monsters in which nobody knows their
way anymore. Perfect vectors for introducing rogue code.
Look at PDF, for instance.
From a definition of a standard portable format, it has now evolved to
become a gadget-ridden, code-executing mess.
Adobe reached a level of “perfection” with their PDF format in the days of
release 5. Both documents and their reader where light, reliable, high
quality and had a clear purpose: print not to paper, but to a standard,
platform independant format. An end-product, not a data storage format, not
a ‘smart’ one, not for editing.
Same for Java. If I understand correctly the first releases could not start
other programs or write to the local FS. How could that infect a system? Now
look at it…
–
When in doubt, use brute force.
– Ken Thompson
Agreed. A lot of the vulnerabilities are in third party software such as Adobe Reader, Flash, and Java. And we are starting to see cross-platform Java attacks. A lot of attacks focus on Internet browser and plug-ins. vulnerabilities.
A lot of exploits depend on social engineering. At the end of the day it doesn’t matter how secure the operating system is if you get tricked into trusting something you shouldn’t.
And if you run as root and don’t patch don’t expect any security suite (Norton or whatever) to save you as these suites at best have a 20% detection rate for some of the nastiest Trojans out there.
Linux does have a significant advantage in that most Linux users don’t run as root and there are good updating systems for both the operating system and software. Application patching in Windows is a nightmare and a lot of users run with admin privileges or as pseudo standard user (which is almost as bad).
Some times you see people claiming their operating system is designed or engineered to be secure which is nonsense. Secure operating systems don’t exist. There’s a craft quality in software that isn’t susceptible to being reduced to engineering. Some operating systems focus on security more than others. Security has tended to be a focus in Linux, BSD etc. --some variants more than others. Microsoft, after a lot of really bad publicity some years ago, has been focused on making Windows more secure. They don’t really have a choice to do otherwise–the choice comes with the market share. Apple mostly seems to ride along on reputation. OS X is always the first operating system to fall at hacking contests like CanSecWest as it doesn’t have the same level of memory protection technologies that exist in Windows 7. Microsoft uses a Secure Development Lifecycle process, an attempt to build security into the coding process. Apple doesn’t have a similar process in place. However, while OS X may be more vulnerable it is still safer. As Charlie Miller explains: "“Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town.” Beware urban sprawl!
On 2010-11-15 16:36, saahne wrote:
> Agreed. A lot of the vulnerabilities are in third party software such
> as Adobe Reader, Flash, and Java. And we are starting to see
> cross-platform Java attacks. A lot of attacks focus on Internet browser
> and plug-ins. vulnerabilities.
That reminds me. Scripting can be disabled in acroread; I wonder if a
security script could check (daily run, there is one such script in
openSUSE) if it is disabled and warn. I just had a quick look at
“.acrobat/prefs” but didn’t see which one might be it.
–
Cheers / Saludos,
Carlos E. R.
(from 11.2 x86_64 “Emerald” at Telcontar)
You can turn-off Javascript in Reader. But some people claim updates to Reader sometimes turn Javascript back on. Another good thing to do is tuning off the option that allows Reader to open up non-PDF content within PDF files using external applications.
Adobe is supposed to release Reader X shortly which is supposed to use some type of sand-boxing technology and implement memory protection technologies like ASLR.
It is in the nature of things, or to precise, in the nature of hackers to go with what is popular and has its widest spread around the world.
So in that sense, if Linux would have a marketshare of 20%, it would be a target. Right now, things are still more settled.
Android on the other hand does already have issues with leaks, virus etc…
In some sense, if Linux would be having a marketshare of 80% it would be the new MS Windows of the world.
Security rule nbr. 101. There is no secure system and there never will be.
Linux has an advantage from design, but is not secure of any holes or viruses per se.
yester64: hacker != cracker. 
Beside that, yester64s example of Android systems becoming a very popular object for malware and the like shows that Linux indeed would have a harder time surviving attacks. Another good example is Linux servers, which are successfully attacked every day. However, the latter example shows that the key for a safe system is the configuration, not the fact that it is running a Linux Kernel.
