Use Linux/BSD

[dave]

Cheaper than paying $50 USD for anything that
only lasts for a single year.

Windows Worms/Viruses/Trojans/Time Bombs = 70,000+
Unix worms/Viruses = 3

Do the math people...

 

[Dr Halonfires LesGirl]

Windows users 70,000+

Linux users (Lusers) 3 approx

Linux makes you stupid.

 

[Julie Brandon]

Do the math people...

Then do the math again after everyone has done what you ask and swapped over
to Linux et-al, and just watch the viruses for Linux vulns shoot up.

Yes, there might not be quite as many perhaps, and it might be harder to
write them, but they would exist, as bugs exist, and people are cr*p at
updating their systems.

Ta-ra,
Julie (as it happens, a Linux advocat)

 

[dave]

Then do the math again after everyone has done what you ask and swapped over
to Linux et-al, and just watch the viruses for Linux vulns shoot up.

Never happen, and here's why;

Multi user and Source code.

If you run as root, sure, you can blow up your entire
system. That's why most people who do run Linux on
production machines don't.

And source code.

If you don't install from source, or it is unavailable,
why bother with the program? Sure, some cases can be made,
like StarOffice or AppGEN, but these are established
companies that good consumer feedback and project
reporting to advertise.

but they do provide some sourcecode to developers. Developer
in the Linux community gets isolated pretty quick if he
starts churning out bad code.

Just think what happens to him if started churning out viruses.


If a sysadmin finds a virus, he nixs it. So far, Sun,
as far as I know, is still around.

So far, Microsoft has proven again and again, that every product
they produce is nothing but a black hole. It merely continues to
suck, from code bloat.

Yes, there might not be quite as many perhaps, and it might be harder to
write them, but they would exist, as bugs exist, and people are cr*p at
updating their systems.

Ta-ra,
Julie (as it happens, a Linux advocat)

Yes, that is true. However, even akami has chosen a Linux
router for their 2000 webserver, remember

Bugs in software will always exist. But with Opensource,
they eventually get found and quickly eliminated.

Hell, last year someone patched a OPENBSD ssh file with some
code update, and the primary developer THEO de RADDTT found
after he compiled the thing that it didn't work out at all,
and worse, it worked more like a virus.

Let's just say that he literally tore a strip off the
newsgroup, including the contributor.

total time on the CVS server: 18 hours.

Only 2 real casulities, and I was one of them. I merely
removed the diff, and recompiled an old .tgz.

[ Okay, and had 2 coffees, so what. ]

Better than waiting for MS 6 months for a code patch..

 

[Dr Halonfires LesGirl]

dave wrote:
<snip>

Dave that's twice you've had to write a novel in defence of the
undefendable. Do yourself a favour and give up before you get writer's
cramp.

 

[FromTheRafters]

Cheaper than paying $50 USD for anything that
only lasts for a single year.

Windows Worms/Viruses/Trojans/Time Bombs = 70,000+
Unix worms/Viruses = 3

You're kidding right?

Do the math people...

I demand a recount!
....but have someone who can count higher than three do it okay?

 

[dave]

You're kidding right?




I demand a recount!
...but have someone who can count higher than three do it okay?

I can count to more than 3.

So, are you planning on writing a virus for the rest of us
to experience with the LINUX OS today, so we can say 4,
or are you just whistling dixie?


Cheers...

 

[Dr Halonfires LesGirl]

Why Dixie? From The Rafters might not be AmeriKKKan. ( But it sounds a great
idea to write a Linux eradicating virus. Just have to find the Linuxfucks to
use it on. - There are 3 approx. to date I think..............)

 

[Julie Brandon]

If you run as root, sure, you can blow up your entire
system. That's why most people who do run Linux on
production machines don't.

You don't need to educate me on using Linux, thanks very much.

Not all Linux boxes out there are going to be immune to root shell vulns
from user accounts; same issue, if you don't keep patching and updating,
you're open to viruses and hacking.

but they do provide some sourcecode to developers. Developer
in the Linux community gets isolated pretty quick if he
starts churning out bad code.

I have to admit that that does help.... but it just cuts down the numbers,
it doesn't STOP the vulnerabilities. Bugs in code still occur (heavens, I
reported a simple Linux kernel bug myself once, and I'm no kernel hack) and
so there's always the dreaded updates.

Plus of course, you shouldn't hang too much on peer review, there's been a
few interesting reports detailed in NewScientist about research into the
real-world success of peer review out there, and its less than perfect.
However, I _am_ a big open source advocate, and prefer open source [and
source as opposed to executables] wherever possible; however I'm also aware
that it has its limitations too.

Just think what happens to him if started churning out viruses.

It wouldn't be that "him" that'd be writing them though would it, it'd be
people who've spotted a vuln that others haven't; or much more likely,
someone who just uses a currently known and popular vuln that still exists
on many unpatched systems.

If a sysadmin finds a virus, he nixs it. So far, Sun,
as far as I know, is still around.

So far, Microsoft has proven again and again, that every product
they produce is nothing but a black hole. It merely continues to
suck, from code bloat.

Hehehe, I'd agree with that, I'm no Microsoft fan, to say the least.

Bugs in software will always exist. But with Opensource,
they eventually get found and quickly eliminated.

Too late, if people don't then patch their systems, though.

Hell, last year someone patched a OPENBSD ssh file with some
code update, and the primary developer THEO de RADDTT found
after he compiled the thing that it didn't work out at all,
and worse, it worked more like a virus.

Let's just say that he literally tore a strip off the
newsgroup, including the contributor.

total time on the CVS server: 18 hours.

Only 2 real casulities, and I was one of them. I merely
removed the diff, and recompiled an old .tgz.

[ Okay, and had 2 coffees, so what. ]

For a counter to that though...

Remember, the GNU FTP server was rooted from March, and they only recently found
out.

Better than waiting for MS 6 months for a code patch..

 

[Julie Brandon]

You're kidding right?


I demand a recount!
...but have someone who can count higher than three do it okay?

Hehehe. Good point actually, I gather there's a lot more than 3 linux
worms/viruses/rootkits out there. (A rough/messy/inaccurate bodgit count
from 'ravav -V | grep -i "linux" | wc' [1] gives 22, however that's going to be
out wildly I suspect, but probably in the too small, rather than too large,
as most of the virus names in the list there don't seem to be prefixed by
their target OS.)

Ta-ra,

 

[Julie Brandon]

idea to write a Linux eradicating virus. Just have to find the Linuxfucks to ^^^^^^^^^^
use it on. - There are 3 approx. to date I think..............)

Oi! 'scuse me, but we use Linux!

No zapping our HDs please, already had two physically go poorly[1] in as many
years (first HDs I've ever lost ever, in 15 years of home computers with
HDs.)

Ta-ra,
Julie

__
Footnotes

[1] Those HDs were inside my _Windows_ box, before you make any smarmy
comments One infamous IBM Dekstar 75GXP (like half the other owners
of those HDs), and one Maxtor 540 (which was a bit surprising.)

 

[kurt wismer]

Cheaper than paying $50 USD for anything that
only lasts for a single year.

Windows Worms/Viruses/Trojans/Time Bombs = 70,000+
Unix worms/Viruses = 3

Do the math people...

plenty of people can do the math, but apparently you're somewhat
challenged when it comes to *counting*... your figures are way, way off...

 

[dave]

You don't need to educate me on using Linux, thanks very much.

My apologies.

Not all Linux boxes out there are going to be immune to root shell vulns
from user accounts; same issue, if you don't keep patching and updating,
you're open to viruses and hacking.

I agree.

I have to admit that that does help.... but it just cuts down the numbers,
it doesn't STOP the vulnerabilities. Bugs in code still occur (heavens, I
reported a simple Linux kernel bug myself once, and I'm no kernel hack) and
so there's always the dreaded updates.

Ah, you mean dependancy hell. Yes, I'm going through that right
now with a recent new install

Plus of course, you shouldn't hang too much on peer review, there's been a
few interesting reports detailed in NewScientist about research into the
real-world success of peer review out there, and its less than perfect.
However, I _am_ a big open source advocate, and prefer open source [and
source as opposed to executables] wherever possible; however I'm also aware
that it has its limitations too.

Peer review is only a beginning. However, I am of the
belief that if you refuse this type of scrutiny for
rediculous deadlines, your software is dead in either case, even
an operating system.

It wouldn't be that "him" that'd be writing them though would it, it'd be
people who've spotted a vuln that others haven't; or much more likely,
someone who just uses a currently known and popular vuln that still exists
on many unpatched systems.

I sorry, 'her/him/it' I forgot about being politically
correct


However, that vuln though small, eventually is removed. I am
not happy how hard it is to keep up with Linux for the newcomer,
but software writers already are beginning;

[ ie; swaret for Slackware, is just so cool ! ]

Hehehe, I'd agree with that, I'm no Microsoft fan, to say the least.




Too late, if people don't then patch their systems, though.

I'll concede your point...

Hell, last year someone patched a OPENBSD ssh file with some
code update, and the primary developer THEO de RADDTT found
after he compiled the thing that it didn't work out at all,
and worse, it worked more like a virus.

Let's just say that he literally tore a strip off the
newsgroup, including the contributor.

total time on the CVS server: 18 hours.

Only 2 real casulities, and I was one of them. I merely
removed the diff, and recompiled an old .tgz.

[ Okay, and had 2 coffees, so what. ]

For a counter to that though...

Remember, the GNU FTP server was rooted from March, and they only recently found
out.

Back in march, corrected this month, and everyone opted
to pull the guts out, and use source instead from somewhere
else.

Face it, I just want to be an advocate of Linux, albiet

A VERY LOUD ONE...

 

[dave]

plenty of people can do the math, but apparently you're somewhat
challenged when it comes to *counting*... your figures are way, way off...

Then please, give me your numbers to compare.

Mine for the Windows side come from Norton Anti-virus site,

Mine for the Unix/Linux side come from CERT.

Waiting...

 

[dave]

Why Dixie?

Cause he sounds like you, a REDNECK.

From The Rafters might not be AmeriKKKan.

He still sounds like a REDNECK

( But it sounds a great
idea to write a Linux eradicating virus. Just have to find the Linuxfucks to
use it on. - There are 3 approx. to date I think..............)

Try over 18,000,000 PC's. So, by all means, go ahead.

Just give it a dry, fat boy...

 

[FromTheRafters]

A simple search turns up these:

Lixux.Vit.4096
Linux.Diesel
Linux.Jac.8759
Linux.Simile
Linux.Svat
Linux.Hyp.6168

That looks like more than three to me, and I haven't even
started on the worms yet. If you want to spew facts, make
them factual.

I like Linux, but I get tired of Linux users who think that it
is somehow immune to viruses. It is resistant to escalation,
but is fully capable of running viral programs. It has in the
past, and is likely to have in the future, vulnerabilities within
the applications people choose to run on it. The user is the
weak link, and I keep seeing some very weak links posting
Linux bigotry.

To be honest, you do seem to have a pretty good grasp
of the safe computing practices for Linux, but don't fall
for the belief that Linux is somehow immune ~ it isn't.

 

[FromTheRafters]

You're kidding right?


I demand a recount!
...but have someone who can count higher than three do it okay?

Hehehe. Good point actually, I gather there's a lot more than 3 linux
worms/viruses/rootkits out there. (A rough/messy/inaccurate bodgit count
from 'ravav -V | grep -i "linux" | wc' [1] gives 22, however that's going to be
out wildly I suspect, but probably in the too small, rather than too large,
as most of the virus names in the list there don't seem to be prefixed by
their target OS.)

In my response to dave via "Dr Halonfires LesGirl" whose post
showed up on my server prior to daves post, I admitted that he
seemed to have at least half a clue ~ but then he had to go and
call me a "redneck" GRRRR we hillbillies *hate* to be called
rednecks. ;o)

He is giving Linux users a bad name, and lowering the overall
Linux userbase IQ. He seems to be one of those all too often
seen "Hey! Look at me! I one of those super elite Linux users!"
types. He needs that other half clue badly though.

 

[dave]

A simple search turns up these:

Lixux.Vit.4096
Linux.Diesel
Linux.Jac.8759
Linux.Simile
Linux.Svat
Linux.Hyp.6168

That looks like more than three to me, and I haven't even
started on the worms yet. If you want to spew facts, make
them factual.

Well, for viruses, I can only recall
"Bliss" and "Stoag" off the top off my head

[ well okay, near the top, behind the metal plate ].

I agree with you, there are probably more. However, most
( not all ) Linux users know enough to protect themselves
from them by now, if not in the future.

I like Linux, but I get tired of Linux users who think that it
is somehow immune to viruses.

I never mentioned immune; I merely mentioned cheaper

Cheaper than paying $50 USD for anything that
only lasts for a single year.

If I have to pay $499 for Windows XP, why can't
I merely purchase a version of Slackware,
or OpenBSD, for $75 USD instead, and spend some
time patching it for the life of my computer instead?

Sounds like good business sense to me.

How about the yearly update ( lets say you go with
Norton's, which is recognised as the best ANTI-VIRUS
around for Windows. Yearly payment is the typical
contract. )

Hell, when I was using MS-Dos from ver 2.0-6.2, I was
using F-PROT, and it was a *hell* of a lot better
and cheaper ( free for single home user )
than Norton's AV and utilities back then.

It is resistant to escalation,
but is fully capable of running viral programs. It has in the
past, and is likely to have in the future, vulnerabilities within
the applications people choose to run on it. The user is the
weak link, and I keep seeing some very weak links posting
Linux bigotry.

Well, if the owner of a linux box is the sole user and complete
idiot and/or newbie, and does any or all of the following for
starters;

- and runs the thing with permission wide open, say world
writable? [ no sticky bit, runs with 777, etc, etc, ... ]

- doesn't apply a single patch, uses the originally installed
kernel

- cruises the net and porno sites with JAVA and
JAVASCRIPT enabled on his web browser,

- installs a ftp, webserver or other servers, and runs X
and telnet with no firewalling or daemon lockdown
[ like RPC ]

- downloads and installs binaries from unknown sources
from Russia, China, or the Balkan countries, including Poland.

- runs the system as root at all times.

- puts in the statement 'ALL' only in the hosts.allow,
and leaves the 'hosts.deny file blank;


Then sure, I agree with you.

After all, security is merely a matter of playing the odds.
Software viruses and worms are in
the wild, and it is merely a matter of *time* before
one's system gets hit with one of these.

As you and I know, Linux users are *worriers* in life,
and it is usually the *worriers* that survive the best.

To be honest, you do seem to have a pretty good grasp
of the safe computing practices for Linux, but don't fall
for the belief that Linux is somehow immune ~ it isn't.

Again, I never did say that; I said it was cheaper < hehe >


I was hoping to convert at least one person around here, like
Halon,

You see, I can't code, so I guess all that's left for me
is to be a loud, and as abnoxious Linux advocate as I can be

Cheers

 

[kurt wismer]

Then please, give me your numbers to compare.

Mine for the Windows side come from Norton Anti-virus site,

what's the url?

quite frankly, the 70,000 figure is closer to the number of pc
viruses... that is, windows + dos + linux + os independant ones (like
bootsector infectors)... while it's not *too* hard to believe that
symantec would have erroneous info on their site, it seems like an odd
mistake to make to call all 70,000+ of them *windows* viruses...

Mine for the Unix/Linux side come from CERT.

a linux box, if it's x86, can still catch a bootsector infector...
there are considerably more than 3 bsi's...

even if you want to constrain the discussion to only those that operate
*within* the domain of a filesystem, linux still has more than 3... see

http://www.sophos.com/virusinfo/analyses/index_linux.html

and

http://www.sophos.com/virusinfo/analyses/index_linuxworm.html

and

http://www.f-secure.com/v-descs/l.shtml (scroll down, the linux ones
are clearly marked)

Waiting...

well, while you're waiting, there's an interesting article you might
like to read at http://www.virusbtn.com/magazine/archives/200304/linux.xml

 

[David]

Are you sure they borrowed it from FreeBSD? The latest "word on the street"
is that they stole it from SCO
..