| View previous topic :: View next topic |
| Author |
Message |
Bazza
LXF regular
Joined: Sat Mar 21, 2009 11:16 am
Posts: 1392
Location: Loughborough
|
|
| Back to top |
|
 |
johnhudson
LXF regular
Joined: Wed Aug 03, 2005 2:37 pm
Posts: 777
|
 Posted: Tue Jun 21, 2011 7:01 pm Post subject: |
 |
|
| As they say, 'Don't let facts get in the way of a good story.' |
|
| Back to top |
|
|
Rhakios
Moderator
Joined: Thu Apr 07, 2005 12:18 am
Posts: 7484
Location: Midlands, UK
|
| Posted: Tue Jun 21, 2011 7:18 pm Post subject: |
|
|
One thing about the original article, it claims that one of Linux's strengths is diversity, and yet we are often told that "under the hood" all Linuxes are very similar and our favourite magazine tels us it uses the command line in so many tutorials because that is the common factor between distros. So, if Linux became wildly popular, how long would it take malware writers to learn to exploit the underlying unity of Linux?
The main advantage is that "script-kiddies" aren't going to have much luck, but enterprising and clever malware writers might well be able to create kits from which others can create exploits.
In any event, social engineering will leave Linux, as well as any other OS open to interference.
_________________
Bye, Rhakios |
|
| Back to top |
|
|
guy
LXF regular
Joined: Thu Apr 07, 2005 1:07 pm
Posts: 861
Location: Worcestershire
|
| Posted: Tue Jun 21, 2011 8:34 pm Post subject: |
|
|
Social engineering is certainly the easiest route in for any malware (since IE6 anyway). Linux is only safer as long as the malware expects Windows or maybe MacOS underneath.
Once in, a standardised platform is bad news. Android malware is growing, and current attempts to standardise the code - merging all those crayzee forks - will make things worse.
People generally don't pick up food lying in the highway and eat it. Yet they pick up shiny stuff lying in the information highway and click it, then wonder why they get the virtual runs.
BTW Bazza said, "Make sure you read the comments too!" I don't see any, but then NoScript tells me there are seven script servers itching for me to let them rip. I do wonder if there is a (socially engineered) connection. 
_________________
Cheers,
Guy
The eternal help vampire |
|
| Back to top |
|
|
nelz
Moderator
Joined: Mon Apr 04, 2005 12:52 pm
Posts: 8036
Location: Warrington, UK
|
| Posted: Tue Jun 21, 2011 9:16 pm Post subject: |
|
|
Hardly an impartial piece. He complains about the use of security by obscurity by other platforms, then praises the diversity of Linux distros for providing exactly that. In ignoring the real security advantages of Linux he does more harm than good.
_________________
"Insanity: doing the same thing over and over again and expecting different results." (Albert Einstein) |
|
| Back to top |
|
|
guy
LXF regular
Joined: Thu Apr 07, 2005 1:07 pm
Posts: 861
Location: Worcestershire
|
| Posted: Tue Jun 21, 2011 10:00 pm Post subject: |
|
|
| nelz wrote: | | Hardly an impartial piece. He complains about the use of security by obscurity by other platforms, then praises the diversity of Linux distros for providing exactly that. In ignoring the real security advantages of Linux he does more harm than good. |
Eh? I think he praises the diversity of distros for being incompatible at the exploit level, making it hard for a black hat to reach a wide population. That's not the same thing.
Meanwhile aren't the user privilege model and openness of code genuine advantages over certain other OS?
_________________
Cheers,
Guy
The eternal help vampire |
|
| Back to top |
|
|
nelz
Moderator
Joined: Mon Apr 04, 2005 12:52 pm
Posts: 8036
Location: Warrington, UK
|
| Posted: Wed Jun 22, 2011 12:10 am Post subject: |
|
|
Not exactly the same but similar. Neither approach actually blocks any form of attack, just makes the entry point a little harder to find. Yes, he does mention the real advantages, but gives them less credence. Had he concentrated on those advantages the piece would have been far better, but instead he detracted from them.
Having said that, I don't believe the user privilege model provides significant protection. It may prevent malware from modifying your root partition (if you don't fall for the social engineering aspect and give a password) but it in no way stops your computer being used as a spambot for example.
_________________
"Insanity: doing the same thing over and over again and expecting different results." (Albert Einstein) |
|
| Back to top |
|
|
johnhudson
LXF regular
Joined: Wed Aug 03, 2005 2:37 pm
Posts: 777
|
| Posted: Wed Jun 22, 2011 9:38 am Post subject: |
|
|
| nelz wrote: | | Hardly an impartial piece. He complains about the use of security by obscurity by other platforms, then praises the diversity of Linux distros for providing exactly that. In ignoring the real security advantages of Linux he does more harm than good. |
I'd assumed Katherine Noyes was a woman. |
|
| Back to top |
|
|
Marrea
LXF regular
Joined: Fri Apr 08, 2005 10:32 pm
Posts: 1846
Location: Chilterns, West Hertfordshire
|
| Posted: Wed Jun 22, 2011 9:56 am Post subject: |
|
|
| johnhudson wrote: | | I'd assumed Katherine Noyes was a woman. |
I was just wondering how long it was going to take for someone to mention that!  |
|
| Back to top |
|
|
| View previous topic :: View next topic |
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
