dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
11
Nanaki (banned)
aka novaflare. pull punches? Na
join:2002-01-24
Akron, OH

Nanaki (banned) to Trihexagonal5

Member

to Trihexagonal5

Re: Governments disrupt botnet Gameover ZeuS and ransomware Cryptolocker

From the article quote. Ill say this it is because fewer people use it. I have had linux boxes on and off through the years (20 or more years) And many if not the majority of the updates were for security flaws. Many of those not all were for privilege escalation vulnerabilities. Sure ok most of those ones are applicable only to local users. But isn't a user logged in to a shell account in essence a local user? If so then those vulnerabilities can be used by said user if they have something more than a bare min access level. Even if this is not the case. There are plenty that could be exploited to allow root access to a linux box. The only reason why malware authors etc do not do so is a lack of market share. This is nothing more than security by obscurity. I ean seriously windows 3.11 hooked up to the net is likely as secure if not more secure than linux. After all who uses windows 3.1x? Point is only real protection linux or for that matter even apple has is it having to little market share. If when ither os hits a high enough market share the users of that os are going to get royally hosed with malware. To a huge degree. Added effect they will not have any way to get rid of the junk. Actually lets go further they will not even know it is on there.

There was a example a few years back of just such a case. IK always mix up the 2 worms now but there was code red and nimda. One effected apache servers regardless of os they ran on. I was working on a indie game with some friends one friend ran a web server and ftp server for us on his linux box. One day i was browsing the ftp and found some odd files in a directory. It turned out he was infected with the worm. Further snooping on his part showed his server was activly trying to infect other servers. Amount of user interaction for him to be infected was zero.

Yeh ms has had their own worms such as sasser and ms blaster. I was cleaning those nasties off manually before any tool existed to remove them. To keep the comp from auto rebooting i canceled the administrative shut down using a looping bat file then proceded to remove and replace the infected files. Was so freaking simple it wasn't even funny. Less than a hour to figure out how to fix and less than 5 minutes to fix. For my friend to clean up his linux box get the patches etc took hours. How long he was infected is any ones guess. It is impossible to know how many other servers were compromised by his server.

So go ahead and talk about how secure linux is and quote articles till the cows come home and leave again if you like. Fact is it is human made software and is just as flawed as the humans who made it. Just like windows just like ios ,mac os, bsd, dos and every single server or 200kb app in existence.

I have literally billions of programs for windows i can just download or buy and install and run with out any chasing of dependencies. You will always have to chase down such things on linux on a daily basis. There are just to many flavors of linux each missing files needed to run program x. And no reason to rehash the fact that many high end graphics programs just have no viable linux or even mac os counterpart. 3d max can run on a mac under boot camp with windows 7 but oops it is running on windows 7 on mac hardware. Good luck ever getting max or the like to run on linux with any form of emulation. 3d studio max is still the most widely used 3d program in games movies and tv shows and likely always will be. It is cheap compared to some others with its 3500 or under price point. Its power can not be matched for fine work or ruff in work.

The trade off moving to linux is far from worth it or moving to any other os for that matter. Android has some potential to make huge inroads in to the pc and laptop market and companies like autodesk already have apps that are mind boggling that run on it.With better input devices (touch screens keyboards mice etc) there's no reason why android in some form could not be used just like a pc. And guess what it will get its own serious malware infections just like windows when it does. Hell it already has its fair share. Android has the market share to be attractive to spyware vendors as does ios candy crush spyware any one? or any king game all candy crush with different graphics. On a funny note about candy crush etc. I have a beater obama phone that was given to me. I use its minutes up pretty quick. One day a friend calls me from his iphone with candy crush installed and running and next thing i know i get a txt wanting me to install candy crush saga.If that isn't malware i don't know what is.

But hey those oses are all super secure go figure. Rooted kindle fire hd 8.9 any one? how about a jail broken iphone with ios 7.11 don't want tethered ok then 7.04 or 7.06. Can even do them remotely. I think we can all see the point here. No os is secure by default. It is only secure as the person/s who made it. If they have flaws their program has flaws and sense we as humans are all flawed every thing we make is also flawed.

A genius friend of mine (he is certified genius) says this "as a genius im better in one way only. I know i screwed something up faster than a non genius" In other words him with his crazy high iq still makes just as many mistakes as any one else. Some times he just gets lucky and fixes them before he gets to actually making them.

Trihexagonal5
join:2004-08-29
US

1 edit

Trihexagonal5

Member

Did I say Linux or BSD didn't have vulnerabilities or had never been exploited? There are rootkits and FreeBSD was vulnerable to the Li0n worm. I don't use Linux so I'm not that familiar with exploits for it.

I won't post another link or story, I'll just refer you to the OP:
quote:
WASHINGTON, DC—The Justice Department announced Monday that over the weekend an international law enforcement operation had effectively disrupted a sprawling botnet that delivered “Gameover ZeuS”—a trojan that siphoned passwords to online banking sites from Microsoft Windows computers—as well as the malicious ransomware “Cryptolocker,” which locks individuals out of their own files until they agree to pay ransom to the criminals
ZeuS and Cryptolocker both target Windows computers, not Linux or BSD, as I assume do most if not all all the 100,000-200,000 daily malware submissions to AV vendors mentioned in the article I already provided.

If you choose to stay with Windows, for whatever reason, that's your decision. I just hope you don't feel like you have to "take out" anyone who writes malware for it.