I’ve received the following comments on two of my posts and they look like this:
7:25 pm – February 1st, 2009
But it exploits vulnerabilities in Windows systems, so if you install a Linux system like Ubuntu Intrepid Ibex you won’t suffer malware problems again!
2:19 pm – February 1st, 2009Ubuntu is quite wonderful. Please reply to all news articles mentioning the Conficker virus saying that if users installed Ubuntu, they’d never have to patch their computers again.
Get the message out. We all benefit by persuading people to move to Linux!
Now i originally wanted to reply with another comment but since the comment ended up a little bigger than i intended and because it expresses a lot of my views on this issue i made a post out of it, so here it goes:
I have to disagree with you, because persuading people into using Linux just because it is a less prone to malware platform then Windows, is not the solution for the current security issues that exist nowadays. Malware does exist for Linux but it is not that abundant as for security bugs if we take only Windows in discussion and no other third party application then i really can’t say which one is more buggy, a Linux distro or Windows?Because i’ve seen all sorts of bugs in all kinds of places in both operating systems. And i say a Linux distro because it’s not fair to compare Windows with just the Linux kernel, because Linux is only the kernel after all, a Linux distro is what you can call an OS. Plus that the Linux kernel had and it currently has lots of bugs all over the places and new ones are discovered all the time. Moreover if we make a comparison of security bugs that were discovered both in only the Linux kernel and the Windows kernel i can assure you that the Linux kernel had way more flaws then the Windows kernel afaik. To sum it up let’s say that a vast amount of the masses start shifting over night to Linux, just as you want, and then Linux becomes the leader in the OS market share, what happens then?All of the guys writing malware will shift their attention to Linux and then you will see the same flow and abundance of malware for Linux. Because it’s the same security unaware target audience, the same buggy code, the same people writing new code with the same security flaws, the same security mistakes made in software logic and design, etc…
Linux for the moment, in my opinion, has these advantages when it comes to being a primary target for malware:
- low desktop market share
- vast amount of distributions
- a big percentage of Linux users are tech savvy
Now let’s dissect those 3 advantages:
1.The market share that Windows currently has means only one thing: Way more people are working, banking, e-mailing, chatting and doing stuff on Windows thus a bigger profit is to be gained from targeting Windows users…it’s all business. And if it’s not business than it’s fun and let me tell you that it’s not fun to spend one week writing a piece of malware for Linux that works on at least 5 most used distros. What is fun, in the script kiddie mentality that flourished out there, is to use a lame .vbs *All in one – Virus Maker* and then share it on file sharing networks and watch people getting pwned. What about binding something like Turkojan on a stupid “Undress me” poker game and sharing it too?!? That is fun nowadays. Oh and if it’s not about fun than it is about 5th grade pride and proving that you are the best l33t haxxor out there. Which only lead to this defacement explosion in the past few years. If you can deface a website than you are a haxor. If you can deface a bunch of websites that your are a leet haxxor. But if you can deface Microsoft’s website while defacing 50 others in the other 50 browser tabs you have opened then you really are the most l333tzoor h@xx out there. Well let me tell you one thing, people who deface in those reasons are just plain stupid. They don’t realise or know how many things can be done with a boxen after pwning it(especially a high profile target ) with a lame public for months exploit ,so they just resume at replacing index.html/.php/.asp with their own “I am teh skillzor and admin sucks! L33t Haxor skeelz pwned your boxen. Secure you website. Gritz to acid_piss, no_life and toilet_face!!!” .html defacement page.
2.The vast amount of Linux distributions out there make it hard to write a portable piece of malware that *works on linux* and that’s about it. Different kernel versions and modules, different library and program versions and choices, design and architectural differences all contribute with a certain level of skill required to write a good portable malware piece.
3.You probably guessed yourself, a big % of Linux users being tech savvy makes it not so easy to target them.
In conclusion “Use Linux and you’re malware and pwn free” is not the solution nor entirely true. I hate it when people push this kind of things to the public and it’s the same with the recently flowing bullshit that “Linux just works now!” or “Ubunt jost works!”. Bullshit. It doesn’t, unless you are a hacker(in the good sense) and like to get down with stuff. For the average human beeing that doesn’t know or want to know about computers or how they work and they just want things like chatting and browsing and file sharing then Linux might actually stay in their way and make them unhappy and uncomfortable and thinking they’re stupid. If we take Ubuntu’s case then “Ubuntu is just working” is only bandwagon fantasia bullshit and not even Mark Shuttleworth has the courage to say that relating to the desktop market. So just leave it at that…Linux is Linux and Windows is Windows each one with it’s ups and downs.
ESET SysInspector is a free diagnostic tool for Windows which takes a snapshot of your core Windows system components and then applies some analysis and heuristics on the data gathered, assigns a risk level of each object in every component and then presents you with the results. It’s good both for security and general system analysis.
I use it plenty and i admit it is a very useful tool to have.
Every sound you will heard comes from windows,no really it coming from windows,watch:
WTF? Anyway it seems that the text from the beginning has been checked with only Microsoft’s Spell Checker too. (btw,i think the guy was really bored when he did that song)