Feeds

back to article Internet security suites fail to block exploits

Internet security suites do little to protect users against exploits, according to security notification firm Secunia. The Danish security notification firm is urging a root and branch rethink on how security suites are designed, moving away from "ineffective signature-based detection" to a smarter form of defence. However, an …

COMMENTS

This topic is closed for new posts.
Paris Hilton

Internet Security Suites

Always said that the internet secuirty suites were cr@p.

Tended to engender faith by making life for the end user so bloody difficult that we OBVIOUSLY were secure.

Much like Vista.

Paris? - cos even Paris wouldn't be stupid enough (or even clever enough) to install on of these pieces of software.

0
0
Dead Vulture

I can predict the direction of this

I can predict that infections will rise so fast that no antivirus or spware malware scanners will keep up as fast and will become worthless as they are as they have to be installed first in order to work.

I predict that one day soon that spyware,maleware,trojan,antivirus soloutuions will be made

at the hardware level. These devices will be in read only mode and will either plug into a pcs extra CAT 5 port or USB slot or PCI slot. These devices, if they can't protect then the best thing is to keep a ghost image of the OS handy. I just recently had one pc infection at work and tried Enterprise class soloution ---- failed

Spybot ----- failed

Adaware ----failed

Mcafee and Norton both failed.

PC was finally cleand wth f-secure/super antispyware combo soloution.

Even then a bandaided pc is not the best and reinstall of OS is always best.

0
0

Simple solution is ...

Run a UNIX based OS, like Linux or OS X and the need for an anti-virus is gone.

Cue clueless M$ fanboys and their "marketshare means viruses" myths :-D

0
0
Anonymous Coward

Dunno

I can't tell if I'm in before or after a stupid post saying "DURHUR, THEY ARENT ENTIRELY EFFECTIVE, SO YOU SHOULDN'T USE THEM EVER".

Possibly both.

0
0
Stop

A fool and his money....

They are using SP2 of XP and IE as the browser that is targeted.

I have my firewall block IE as a matter of course. Also, XP SP2 minus some patches. They don't specify which patches are omitted from their test setup.

This is a poorly implemented study, leaving the reader to guess what test configuration was used.

I have to assume that only on esingle security "suite" was installed at any one time. This leaves no scope for supplemental protection.

Trying to attack a PC running AVG, Spybot S&D, and Outpost Firewall through a Firefox with no-script and adblock would make for a more realistic test platform to see if these all free defenses could successfully keep a computer secure.

Spybot S&D is especially relevant as it has "immunisation" to patch known vulns. Also it's teatimer and resident shield keep any harmful chanes from occuring without explicit permission.

Face it. There is no way to keep a non-technical (read that idiot) person secure online. And those that have even a semblance of a clue about keeping their PC's secure wouldn't trust a single program or suite to keep them secure. The USER keeps themselves secure.

0
0

So Slow :(

Quite often the security software makes the computer slow down to the point that it becomes unusable. The user really shouldn't know its there unless there is a problem.

0
0

A thought...

I've had an idea.

You know all those sites which use user-agent strings to force you into using Internet Explorer, to avert the disaster that is Firefox rendering a title 3px left of where the designer wanted it?

Well, why not have a concerted action between Google, BBC online, Yahoo!, Hotmail, all the big sites... to use this kind of thing for good, evaluate user agent strings and flash up in front of appropriate users,

"Your browser is hideously insecure. Seriously, sort it out!

> Windows Update

> Firefox download page

> Opera download page

etc."

(And in tiny print down the bottom, a 'continue to site' option.)

Internet security suites = rubbish for the most part, a definite example of the, "It must work if it's so painful" placebo effect. Nowhere near as big a problem as the number of home/casual or even business users still running on versions of IE and so on that allow malicious pages to hook their tentacles into all aspects of the underlying system (including run-on-startup which still makes me wonder who the hell *ever* thought that was a sensible thing for a web browser to have access to) though.

0
0
Stop

Well of course Norton blocked the most exploits...

It blocks everything from turning the computer on to moving the mouse.

I'm interested to see exactly which exploits were tested, from the article I get the feeling that they were IE/ Windows vulnerabilities, or at least vulnerabilities in common software . If that's the case then there is (depending on the exact circumstances) not much security suites can do.

Also, most suites come with heuristics disabled by default, whereas I believe Norton comes with it enabled (correct me if I'm wrong), causing massive slowdown (not that anyone who uses Norton does anything more than web browsing).

0
0
Bronze badge

@David Kelly:Simple solution is ...

I love Linux, hate windoze, use both. I am hardly an ms fanboy, I promote Linux and denigrate windoze where ever I can.

Linux/Unix/OSX are NOT virus free.The reason that there are so many windoze viruses and hardly any Linux/Unix/OSX viruses IS market share. If the dominance in the desktop OS space was led by Linux/Unix/OSX. Then ms users would be saying how wonderfully free of viruses windoze is.

Yes, Linux/Unix/OSX are safer even if there were as many viruses for these OS. Even in Linux I use Firefox, NoScript. Flashblock and Adblock. In Windows I use all the above p lus Zonealarm, Adware, Spybot S&D and Super Antispyware.

The best advice rather than advising a security suite would be advising users to take up a 'nix based OS. If a user insists on windoze, then they should remove Outlook, and windoze media player and opt for third party solutions. Also NEVER use IE and block at the firewall if possible.

0
0
Flame

Antiware - stay off

Any system for which paid "antiware" is considered mandatory is broken beyond repair. The revenues in the "antiware" industry is a huge incentive to keep the malware flowing.

0
0
Silver badge

@Inachu: Do not need any hardware protection

I keep my software on a partition mounted read only. I keep my data on a partition mounted noexec. I have tried installing root kits and so far they have failed to spot this simple layer of confusion.

0
0
Silver badge

@Brian Miller

>>>>>

Trying to attack a PC running AVG, Spybot S&D, and Outpost Firewall through a Firefox with no-script and adblock would make for a more realistic test platform to see if these all free defenses could successfully keep a computer secure.

<<<<<

What complete twaddle. A realistic test platform is what comes out of the box which usually means an MS OS with IE and some bundled AV / spyware stuff. You can all think yourselves cleverer than the average bear but what's on most peoples' desk is just that. All the bragging about what add-ons you have don't mean beans to the vast majority of users. I doubt if most of them schedule updates nor take up any susbcription service after a free trial has expired. If this report is a catalyst for improving the quality of the offerings of the big players then it should be welcomed.

0
0

@ adnim

If you really believe that the massive number of Windows viruses is a result of market share then I can only assume that you know very little about UNIX and security and are just a casual Linux user. If you know anything about Linux you must understand how foolish it would be to log in to your KDE desktop as root. And yet the vast majority of Windows users have been logging in to their machines with admin privileges, not out of stupidity on their part, but because that's how M$ designed it.

0
0
Linux

@admin

Couldn't agree with you more, I've seen so many busted stock windaz installations it's untrue.

Someone once said television was like having an open sewer in your living room. Now it's the internet.

0
0
Gates Halo

@BrianW, and @AC 16:46

ChrisW's 18:12 reply to Brian's twaddle is spot on.

So is the AC @ 16:46 - what would the future of the WIndows-dependent anti-malware ecosystem be if Microsoft ever released a "secure when shipped" Windows OS (I know, I know, it'll never happen, but...)? The anti-malware businesses would end up the same way that STAC did when MS did DoubleSpace in DOS whatever (pick your own example of the various more recent companies that Microsoft drove out of business when they felt like it). Graham Cluless and the like would have to find real jobs. Etc. Does the legalised blackmail from factory-installed Norton Insecurity never strike people as odd, or even immoral?

Saint Bill, because he and his mates are the ones who should be bailing out the failed banks, that task shouldn't be left to Average Joes like you and me.

0
0

@admin

While market share is a big factor, vulnerabilities and demographic also play a big part.

Windows will always have more vulnerabilities as it caters to the average user who knows nothing about computers and needs every basic application installed out of the box. More programs and features = more vulnerabilities. More vulnerabilities = more exploitation attempts.

Also you have to consider the fact that Windows targets the average user who knows nothing about computers and makes uneducated decisions security wise (well, technically speaking, don't even consider the security aspect). On the other hand, anything UNIX based is almost garenteed to be run/administrated by an expert who will have more knowledge of security. Add to that the fact that alot of UNIX systems are servers, meaning that any malicous code will probably have to make its way onto the computer without the user visting any dodgy websites. Additionally servers will typically have much better security. Of course if you can manage to get into a server then it can be a goldmine, but there are a hell of a lot of windows servers out there.

If you wanted to get rich quick or cause as much destruction as possible, would you rob fort knox, or the man who keeps 10000x as much gold in a tent?

0
0

@David Kelly:Simple solution is ...

"Run a UNIX based OS, like Linux or OS X and the need for an anti-virus is gone."

Problem with that is there are many software packages that are used in the industrial and educational fields that are simply not available on Linux (or even Mac for that matter.) So it doesn't do you much good if the OS you use is less vulnerable to viruses/malware/adware if the software you need to run won't work with it. Some examples? AutoCAD, SolidWorks, Rhinoceros NURBS, MasterCAM, Chief Architect X1 (there is a Mac version for this) and just about every software package that now comes with school textbooks, to name a few (as well as drivers for laser engravers, CNC machines, dimensional printers, etc.) And again the reasons for this are market share and also the number of Linux/UNIX variants out there... so until the Linux/UNIX (or Mac) market matures enough to the point that developers are willing to port or write software for it, we are for the most part stuck with Windows and the problems associated with it.

P.S. Yes, I realize that you could probably use WINE to get some of the Windows software to work under Linux, but graphically intensive applications are tricky enough sometimes to troubleshoot under the native OS, not to mention possible performance and hardware issues and you would be SOL for support solutions...

0
0

unix etc...

is not the solution, you need to look at *why* windows suffers the most, and I don't mean cus its the only one people dumb enough to fall for the scams use either (joke).

unix is more secure (as is OS X etc) because _you don't need super user access for day to day tasks_ read that again. the day windows can be run by mr average as a limited user is the day half this crap stops.

specifically the ability to install programs (for a single user) but not to effect the core system. e.g. program 'x' _cannot_ alter network settings or other system wide settings.

personally I like a feature KDE has, where the root account looks horrible to use as a way of making the point don't use it.

the problem isn't so much windows as the way it gets used.

MS *need* to make it a requirement for the next version of windows, you want the logo or sticker you work in limited user mode. this applies to games as well.

there is no need for a user space program to require root access, unless the user wants to install it for everyone.

0
0
Gold badge

How to secure Windows

You *can* secure Windows without AV software...

1) Don't run as administrator.

2) Don't run stuff from untrusted sources, like email or random websites.

3) Do keep your system patched.

Funnily enough, if you stick to these three steps then AV products offer no further protection, so you might as well ditch them and enjoy a faster and more reliable machine. Also funnily enough, this is the same advice I'd give to a user of any other OS. Omit any of these three steps and not even Linux users are safe.

Windows has a peculiar problem in that MS *still* encourage you to run as an Administrator. (The only change in Fista is that you have to get used to entering your password every time the screen dims.) It has also inherited a complete lack of separation between readable, writeable and executable data, so an earlier poster's remarks about mounting his programs readonly and his data noexec just isn't possible. The closed source nature of the MS ecosystem leaves MS largely unable to rectify this fundamental design flaw, although their flailing about with UAC suggests they don't actually take it seriously anyway. Lastly, that fraction of the user population who can't resist clicking on the link to free porn that some kind stranger has just sent them will never be able to use a non-MS system, so the figures are a bit skewed.

0
0
Happy

@David Kelly and others

Many of us are Admins of various abilities, most of us know the end user is "usually" a numpty, some home users can go beyond Numptyism, So i can say with no hesitation that if you give Linux to the masses people WILL do the stupid and use admin accounts, install crap that shouldnt be there, plug in just about anything including the kitchen sink and expect it to work. Linux has its place, I agree, but if you put ANY system in front of a numpty, it will go ti*s up eventually.

And for anyone saying Market share is rubbish blar blar, can i remind you what a Virus is.

It has to propogate, it as to copy from place to place with a sole purpose of infecting as many PCs as possible, anyone with half a brain would make a virus Windows compatable because

A, is has a massve userbase beyond anything any other OS can dream off,

B, its relitively easy to infect due to poor confguration and other crap installed and

C, and more importantly, there is a much higher degree of Numpty-ism on Windows, If i was going to make something like that i'd target as many plonkers as possible, and most of those will be using Windows because of reasons im not going to get in to since this isnt the debate.

as for the article, tell me how many false positives there were? because its all very well saying your the best at stopping things but if the user turns it all off because they get fed up with constant warnings and poor system performance its not very usful at all.

0
0

Another kind of Windows?

Cars have windows. Windows are made of glass. Glass can be smashed. This is a HUGE SECURITY HOLE and anyone who drives a car is an idiot, and all the idiot car-drivers are responsible for the EPIDEMIC of car thievery. The only proper response is to plate over all your windows with sheet steel welded to the frame of the car, and install a suite of armored cameras to show what's happening outside.

0
0

This post has been deleted by its author

Flame

Meaningful? Meaningless?

"[Secunia] haven't actually "run" these exploits on the computer"

So they should re-test and actually run the exploits, right?

Let us have meaningful tests reported.

And I agree with Mike Powers 100%.

0
0
Boffin

Write your own OS

As Adnim notes, Linux (and I'd add, Max OS) depends on security by obscurity.

Those who write tools for hacking hobbyists don't write tools for unpopular operating systems.

And the more effective the anti-virus, or more vulnerability free the OS and application, the greater the overhead. Hence the need for quad core processors.

Security will begin to arrive when journalists realize respectable computer professionals disown those who and and abet breaking into and vandalizing other people's computers without permission.

Security also requires effective laws, policing and penalties for crimes. But the internet is worldwide, and current civilizations hardly provide respectful effective policing in developed countries, let alone remote parts of the world.

The highest security comes when you custom write your own OS, for your own custom designed CPU, assuming you can do both error free.

0
0
Linux

I once got a virus on Linux!

I really should have been suspicious when the first line of the installation read:

"Run these commands as root to enjoy this virus:

chmod +x virus.sh

sudo ./virus.sh"

0
0
Bronze badge
Happy

@David Kelly

"f you really believe that the massive number of Windows viruses is a result of market share.."

Yes I do, although there are other factors that make windoze a target for vxers, this the main reason. As mentioned by Matt and others, vulnerabilities are also important. The closed nature of the majority of windows apps, and the highly integrated nature of the windows OS with other ms apps make it ripe for exploitation. Finally, as you yourself mentioned the default for windows prior to vista was to give the user admin rights giving any hostile code complete access to the OS.

"then I can only assume that you know very little about UNIX and security and are just a casual Linux user."

Not entirely true, I am no expert with Linux. But knowledgeable enough to run a VMware honeynet on Ubuntu, with a honeypot running a LAMP setup that I have purposely made vulnerable to sql injection. I was also a member of a global security team for a large International company, responsible for windoze servers in Europe and Asia.

Agreed any Linux virus will only run with the rights of the logged in user, still an awful lot of damage could be caused to that users files, any command that does not need root privileges can be run. I could write code that pretends to be something else that will trash your home directory or encrypt open office files and spam it out as an email attachment or host it on a website.

If Linux had the majority market share, I sure somebody would have incorporated some of john the ripper code and a rootkit into a compressed ELF executable in order to own our smug little arses but I am guessing. As I said I am not a Linux expert, but I am working on it.

The points raised by Steve C and Darren T are equally valid.

And no I don't log into my Ubuntu, Debian or CentOS machines as root. I do use my XP box as admin, hence all the layers of "protection" I employ. Commas around the word protection because despite all the mitigation offered by AV and antispyware, a windoze box is only as secure as level of user knowledge and experience permits.

0
0
Anonymous Coward

Linux and viruses

It is due to market share and user base.

Virus writers are often unix users, so hey why piss in your own pond, that might have a bit of truth as well.

Ooh security via obscurity hmm, well that is the cherry, but unix does have a lot more and a lot better security tools than the windows platform, so I know which I want to be on. And even with 100% market share I don't think I would jump to windows just because there were no viruses.

See people extrapolate too far when they find out Linux has no silver bullet, it still is more secure in most instance.

0
0
Flame

@Keith T

How can open source be "security by obscurity"? And the most effective hacking tools are written for Linux. And Linux runs better on older hardware than Windows (i.e. function-for-function, it uses less resources than Windows, especially Vista).

As for this comment: "Security will begin to arrive when journalists realize respectable computer professionals disown those who and and abet breaking into and vandalizing other people's computers without permission." - What the fuck have you been smoking?

And this one: "The highest security comes when you custom write your own OS, for your own custom designed CPU, assuming you can do both error free." - You're speaking nonsense. That is the very definition of "security by obscurity". Even without errors, if your specification contains a logical weakness, you invite an exploit.

Basically, that is the most full-of-shit post t I've read in a long time. I sure hope to God you don't have any responsibilities in information security.

0
0
Paris Hilton

They need "SELinux for Windows"

> "Symantec has recently begun introducing behaviour-based detection, which helps to explain why its software did the best of a bad bunch."

> "... as well as monitoring what they are doing once they begin running"

Why don't they go the whole hog and introduce an SELinux-like approach for Windows? Basically, whitelist what resources are legitimately required for each and every program and block everything else. The program developer should (IMO) be responsible for developing the resource access list, and it would be setup at installation time and password and key protected, though certain access items might be denied globally by a master policy controlled by the OS. As with SELinux, malware gaining admin-level access is no longer a fatal problem. You get the idea.

Of course, this would require Micro$hite to actually care about security above profit.

If you put 1 million Paris Hilton's in a room with programming tools, there is a probability that eventually they might produce Windows ...

0
0

@Keith T

@Keith T

"Linux (and I'd add, Max OS) depends on security by obscurity"

Excuse me? Linux is OPEN SOURCE, perhaps you might want to find out what that is before you make such a monumentally stupid statement. And BTW it's "MacOS" or "OS X".

In terms of OS X, obscurity plays a part in in its security, but a large part is down to its UNIX foundation.

"Security will begin to arrive when journalists realize respectable computer professionals disown those who and and abet breaking into and vandalizing other people's computers without permission."

ROFL! That was possibly the most absurd comment I've ever read on here. Crackers will stop writing malware when journos start to report about how IT pros don't like what they do? Really?

0
0
Bronze badge

Now Now, play nice

I think Keith T meant obscurity as in lack of prevalence. Constructive criticism and the sharing of ideas/information will always play a valid role in advancing the knowledge and abilities of those involved in the administration and use of computer systems. Insults rarely help and usually just serve to alienate. Are we not professionals, or at least strive to be such?

There are many times I have responded to the views of others without first thinking through what I have read and in turn not thinking how others will perceive what I have written. There was also a time I didn't know how much data would fit onto a floppy.

But back to the topic... Chris W hit the nail on the head with respect to the validity of this research. Most users do employ out of the box security or insecurity if we think windoze, they don't add third party security tools and use all the default apps and settings of their new PC without a thought nor awareness of what nastiness lies in wait.

I got a credit card statement via email this morning. I was informed that suspicious transactions had been performed on my account. The zipped attachment "statement.doc.exe" ( I have windoze set to show file extentions of known file types) was reported clean by all my security tools. Now the chances are the average user would have windoze set to hide the .exe extension and would have perhaps run this exe expecting it to open in word. I would have infected a VM with this for fun had a Jotti scan not reveal it was a trojan downloader. There's not much fun in running known malware, at least from my point of view.

0
0

Prevx

I remember running a trial of this a while back, it seemed like a great AV/Protection system.

Now I use a Mac and whatever anyone says about Marketshare etc etc, for your average end user the extra buffer of having to enter your admin password to run anything and plenty of warnings usually sorts most things out... Vista is better than XP for your average user, but god the implementation is shite.

0
0
Flame

PMSL ROFL OMG!

I know the research is a load of bollox when they say Norton did the best!!! PMSL ROFL OMFG MY SIDES ARE KILLING ME!

0
0
Stop

@adnim

"I could write code that pretends to be something else that will trash your home directory or encrypt open office files and spam it out as an email attachment or host it on a website"

Sure you could, but you're overlooking a simple point. What you've described is not a virus but a TROJAN.

"If Linux had the majority market share, I sure somebody would have incorporated some of john the ripper code and a rootkit into a compressed ELF executable in order to own our smug little arses"

People have been able to do that for decades Hell, you could package that up yourself right now and email it to me. But what do you think your chances are of getting that to spread?

If Apple has 5% of the desktop market, why aren't there at least 1000 OS X viruses in the wild?

Anyone who thinks that there would be the same number of viruses for Linux as there are for Windows, were the market share numbers reversed, needs to go on an "Basic IT Security" course.

0
0
Anonymous Coward

Dave you are deluded

Linux doesn't offer any silver bullet to stop malware.

I don't care if you want to weasel out by trying to make a distinction between a trojan and a virus, as most viruses use trojan mechanisms, they can be combined you moron.

It is like me wandering onto a car designer's news site and stating that brakes aren't need in a particular model of car.

Dave if you think that Linux systems require no security process, and are 100% bullet proof you are a complete imbecile, but hey it is your funeral.

0
0
Bronze badge

@David Kelly

Why so acerbic and pedantic? Virus or Trojan is it not malware.

A computer virus is any program that can copy itself and infect a host without the permission or knowledge of the user. A computer trojan is malware that appears to be that what it is not. A computer worm or virus can in fact be a trojan.

"People have been able to do that for decades Hell, you could package that up yourself right now and email it to me. But what do you think your chances are of getting that to spread?"

Have you never sent an email with attachment from the command line in Linux, Like I have mentioned I am no expert as you appear to profess to be, but could this not be done without opening a terminal window? And if so is this not a spreading mechanism?

"If Apple has 5% of the desktop market, why aren't there at least 1000 OS X viruses in the wild?"

Precisely because it has a 5% market share and thus not worth the effort. It is also inherently more secure than windoze.

"Anyone who thinks that there would be the same number of viruses for Linux as there are for Windows, were the market share numbers reversed, needs to go on an "Basic IT Security" course."

I presume this sentence is aimed at me under the guise of being aimed at "anyone"? If so it would appear your are putting words into my mouth and not actually reading what I have written. Nowhere have I stated that there would be the same number of viruses for Linux as windoze, should Linux have the majority market share.

I originally said that Linux/Unix/OSX are not virus free in respose to your statement:

"Run a UNIX based OS, like Linux or OS X and the need for an anti-virus is gone.", a statement which is misleading and potentially dangerous. A statement that highlights your expertise and insight as a revelation, I can only guess you are a security professional of the highest regard.

Perhaps I should recommend an anger management course for those who feel the need to defend themselves with pedantry and vitriol when backed into a corner.

I don't wish to argue further, it seems pointless, for as an advocate of open source systems you seem remarkably close minded, not to mention a little arrogant. Are you American by any chance? Rhetorical question please don't respond. Apologies to open minded and humble Americans everywhere should they exist ;-)

0
0

virus vs trojan

Pendantic? There's a world of difference between someone breaking into your house without you knowing and a thief knocking on the door pretending to be the meter man and you letting him in.

LIkewise there's a huge difference between being sent a trojan in a mail, having to save it to disk, change the permissions to execute, clicking "yes" on a security prompt and then entering your password to give the program admin privileges and receiving a virus which your poorly programmed email client downloads and the virus replicates, changes your boot partition, registry etc. without you even having to open the email.

"Precisely because it has a 5% market share and thus not worth the effort. It is also inherently more secure than windoze."

You think the possibility of infecting tens of millions of machines is "not worth the effort"? With Linux and Mac boxes connected to the internet it is potentially far easier to spread viruses (if they were as insecure as 'doze) than it was in the days of viruses spreading over floppy disks. And yet there are still not even a fraction of the number of viruses on Macs as there were in the bad old days of DOS.

You call me closed minded but you must be pretty closed minded yourself to think that not ONE person has made the "effort" to make an OS X virus that spreads in the wild, especially with Apple's "Macs don't get viruses" adverts on TV.

@AC:

I have never called Linux "bullet proof", why do you jump to such a conclusion? I still maintain that you don't need an anti-virus on a Linux box or Mac. All you need is some common sense.

0
0
Bronze badge

@David Kelly

Oh right I guess if Apple say macs don't get viruses it must be true.

http://www.theregister.co.uk/2003/10/06/linux_vs_windows_viruses/

That was from two years ago

Use scroogle, read what proper security professionals have to say about mac/nix and viruses, and what they attribute the prevalence of windows viruses to.

"You call me closed minded but you must be pretty closed minded yourself to think that not ONE person has made the "effort" to make an OS X virus that spreads in the wild" I know that people have written viruses for the mac and Linux. It was my whole reason for questioning your statement about not needing AV on these platforms. read my posts again, only this time don't let your anger/frustration/dumb loyalty to OSX/Linux or what ever it is that has blinded your logic hold sway.

I leave it to you to have the last word for this is my last on the matter.

0
0

@adnim

Ahem, I did say OS X viruses *in the wild*. If you can find proof of such a virus then please share it, it will be news to me.

Funny that you should post a Reg article which echos my sentiments on viruses and marketshare, and the divide between poor architecture and social engineering.

BTW the article is obviously from 2003, not two years ago, in which case it would have been written soon after the first release of OS X. The Mac viruses mentioned would most likely then be OS9 viruses. There have been a handful of trojans for OS X which AV companies trumpeted as viruses in the hopes that their FUD will sell more OS X anti-virus software.

And FYI I don't make these statements out of "dumb loyalty" to Apple / Linux but rather from 15 years of UNIX sysadmin experience in a range of environments from national ISPs to high street banks.

0
0
Anonymous Coward

@David

The userbase has changed, and the market share is expanding, expect to see unix based viruses (actually expect to see more cross platform viruses).

The equation goes something like this:

( (N - 2P ) / C ) * M = T

Where T is Virus Threat Level.

N is number of numpties using the operating system.

P is number of IT professionals (those who can code assembly :) )

C is choice weighting ( what level of choice of software is there on the system and the actual variety used )

M is market share

I call this the Alpha Numpty Equation for Determining Virus Threat Level.

Now let's add some figures:

Assume a population of 100M.

Windows:

( ( 79M - 3 ) / 0.5 ) * 0.80 = 126,400,000

Linux

( ( 10M - 1M ) / 4 ) * 0.20 = 450, 000

So you can see it is not just not worthwhile at the moment to write viruses for the Linux platform. But the numpties are on the rise in Linux, and more pros are lost to Plan9 everyday now.

The point is Dave, Linux distros are vulnerable, proof of concept viruses are good enough to prove that, but the reason it doesn't get hit is mainly market share and user base.

If you happen to live in a nice neighbourhood, full of builders, architects, gardeners, internal designers, then your chance of being shot is quite low, but it doesn't mean bullets bounce of you. And if the neighbourhood changes; starts to host rock concerts, opens a lap dancing club or two, a few fast food joints turn up, then the chance of being shot increases. Thanks Ubuntu :)

0
0

@AC

I disagree with your equation and analogy. As I said before, you have more opportunity to make a Linux virus spread via the internet then there ever was when people were writing DOS viruses. And you must be very naive to think that tens of millions of potential infections is an unattractive target. If Linux really was not "worth" writing malware for then there would be no rootkits.

I think it's more accurate to equate malware to driving fatalities. There are more numpties than ever behind the wheel but fatalities have dropped significantly as cars become safer. Likewise as OSes improve their design they become safer.

0
0
Bronze badge
Happy

@AC

You are wasting your time, pretty much as I wasted mine. Some people are never wrong, some people are just plain disagreeable, and some people well, some people are both.

And David, if you believe I am referring to you, in this instance, you would be correct. Still, good luck to you and bye.

0
0
Anonymous Coward

@David

Going round in circles with you Dave.

But just so you don't think your points are valid:

Rootkits are often created for Linux, because those getting into Kernel development often cut their teeth on it. The rootkit checkers also build their own as well to test out their rootkit detection capability. If anything it points to what will happen when people do target Linux.

But rootkits are payloads after the intrusion, so they are benign. A virus is not benign, and you have to be quite careful to keep them in the LAN you control, and then you cannot be sure they would work until you release them, so most don't tinker as often there.

You might think tens of millions of potential infections is an attractive target, but it ain't when compared to the opportunity costs of 100s of millions, that is the whole point you seem to not be able to understand.

If you are going to write a virus you will target the large over the small, if you think about it you will target the weak over the strong as well, and whilst the system plays a part in the strong or weak, really the userbase plays a much larger part.

Your points are all over the place and filled with logical fallacy and weasley semantics; I notice you used the word fatality not accident, I am guessing accident figures rather disproved your point.

And even then, viruses are not accidents, they are deliberate attacks on systems, someone codes the virus they don't just happen. And don't think for one moment people wouldn't be able to write viruses for unix platforms, there are lots of ways in, and lots of ways to make code execute.

Think like a virus writer, they want to maximise the number of compromises and be in an environment where the user can do little about their existence, at the moment that is windows.

Why go after something with a smaller market share, when you can go after the big one, duh.

0
0

Screw you all

I said... "Face it. There is no way to keep a non-technical (read that idiot) person secure online. And those that have even a semblance of a clue about keeping their PC's secure wouldn't trust a single program or suite to keep them secure. The USER keeps themselves secure."

In my previous post. Now some people may think they have got magic beans that can stop an idiot user from stumbling into trouble. I bet most those who have poo-pooed my comment work in the "security" business.

Just to show how quickly they judge, AVG has scheduled updates and ALL of the software I mentioned has at least 1 COMPLETELY free version NOT TRIALS. I have been running my work PC for over 2 years and have not had any infections. Others in my work have, quite a few others actually. The browser you choose and the layers of defences you have DO matter.

Take my "twaddle and shove it up your arse" as a great man once said.

0
0

@AC

I think the prevalence of Windows viruses is more due to weakness than userbase so I guess we will just have to agree to disagree.

People have been predicting a rapid rise in Linux / OS X viruses as market share grows for at least 10 years. So far time has proven them wrong.

0
0
Boffin

@David Kelly

People have also been predicting that "this is the year of the Linux desktop" for a decade. So far time has proven them wrong too. Ever stop to think that the two facts might be related?

Oh, and in an incidentally-related question, how many ten-year old Mac apps work on OS X 10.5.whatever? And never mind how many binaries (it's unfair: the ABI has changed about half a dozen times, but that's OK 'cos you can compile from source...) - how much source from 1998 compiles, links and runs on 2.6.whatever?

0
0
This topic is closed for new posts.