re: hum..

SSH is available for windows.

This is an OS flaw. Not an application one.

SSH is an application.

Idiot.

The funniest thing about this whole affair...

...is BBC news trying to explain it: http://news.bbc.co.uk/1/hi/technology/7832652.stm

Scroll to the 'Method' section, and giggle.

@Mike and Andy Worth...

> I've heard it all before and it's a common misconception that you "can't" get a virus on a Linux machine.

No, it's not. There are no Linux viruses, and never will be. However, shedloads of malware exist for all platforms, including Linux - trojans, worms, miscellaneous security vulnerabilities... the list is long.

The problem is caused by the likes of Sophos, who will admit (in direct correspondence) that there is no such thing as a virus (executable malware that propagates through self-replication without user intervention) for Linux, but will then explain that, for marketing reasons (because they are selling their products mostly to non-techies) they now use the word "virus" instead of "malware" because (as is the way of the world) they sacrifice accuracy for the need to "dumb down" in talking to their customers. Presumably, such users are too stupid to understand the word "malware", but comprehension dawns if "virus" is used instead. Sigh.

Language is designed to convey meaning, and so accuracy in the use of language (including the use of correct spelling and grammar) is important. Hence this post.

So, in summary - lots of malware exists for all distributions of Linux. But there are no viruses for Linux. If you think you've found/invented one, use it to attack a properly-configured machine run by Eddie Bleasedale at NetProject, and thereby claim the prize of (whatever) thousands of pounds that he's been offering for years for this impressive task.

And don't bother to post if you find advertisements for the "Linux anti-virus software" that actually runs on Linux to remove Windows viruses passing through in e-mail messages and attachments, and think that this proves the converse.

Sigh. Again.

And it's not going to go away

Part of the problem is that you can never make a building secure by screwing on a lock from the outside -- because it can be *un*screwed from the outside. You have to screw the lock on from the inside.

The other part of the problem is that the business activities going on in that building rely on all manner of tradespeople having access. Not only that but they have got used, over the years, to having full and unfettered access to the building -- and learned to take shortcuts through rooms to which they never really needed access. Although *most* of them are well-behaved and don't poke about in other people's drawers, anybody could wander in pretending to be on official business and wreak havoc. And *any* access restriction is going to affect people who have a legitimate reason to be there.

Across the way, meanwhile, is another building. This one had locks fitted properly from the inside ever since it first opened for business; and any tradesperson who needs access has to have their own key, which only opens doors they actually need to use in order to go about their legitimate business. Occasionally, someone in that building leaves something unlocked and a malicious interloper gets in. But that building's blueprints are available in the library for anyone to look at; and nine times out of ten, a problem will be spotted by some responsible person who will inform the management rather than exploit it for their own ends.

@ Steven Knox

The public can protect itself by learn to use a BSD/GNULinux otherwise their in for tough times it would appear.

And NO!! the ratio of effective attacks won't increase proportionately.

Paris, because I know someone will say that the ratio of effective attacks won't increase proportionately.