dslreports logo
    All Forums Hot Topics Gallery


how-to block ads

Search Topic:
share rss forum feed


1 recommendation

reply to dave

Re: Why do you hate Microsoft

said by dave:

said by itguy05:

How many viruses and malware hide out in the registry?

Probably none. Putting a virus 'in' the registry would achieve nothing. What you want is to arrange that your virus gets automatically executed unknowingly. You can achieve this equally well by putting your virus-startup command in the 'automatic startup' part of a Windows registry, or in the /etc/init/rc structure of a Linux system, or whatever. It's simply the case that (a) you want to put the startup command somewhere, and (b) all useful operating systems provide such a place.

Good luck getting a virus in /etc/init since that directory is root owned. It would require the user to manually install a malicious file as root. (The root user could just as easily run rm -rf /). Tricking a user into installing a malicious file is unlikely since Linux has something known as package managers (a concept unknown to Windows where Microsoft leaves users on their own). Sure it's possible to bypass the package manager by downloading some random .deb or .rpm from somewhere, but an inexperienced user will likely have a hard time getting it to install properly in the first place (and experienced users would never do it to start with).

Another option is malware that runs in userspace. This is possible with something like a Java exploit in the browser. However, what this malware can do will be severely limited and it will never own the whole box.

If you find a tree-structured key-value database difficult, I can't really help.

I find it difficult to understand (though I haven't dealt with Windows in many years, so my memory is fuzzy). Much simpler is a mere config file a la Unix.
Getting people to stop using windows is more or less the same as trying to get people to stop smoking tobacco products. They dont want to change; they are happy with slowly dying inside. -- munky99999

not in ohio
·Verizon FiOS
Gook luck getting a virus in HKLM, the 'run' key (etc) are admin-owned. It would require the user to be tricked into running the installer as admin.

(I think here we're back into the perennial debate over OS security versus a vast untrained user base that clicks before reading).

Windows has a 'package manager' too, it's called the MS Installer.

Re a 'mere config file' -- I'm not sure the maze of /etc/rc.N can be referred to as 'simple' any more. Sure, foobar.rc is simple in itself, but then again so is the HKLM/Software/FooBarCo/foobar subtree.