CAD CAM EDM DRO - Yahoo Group Archive

Re: [CAD_CAM_EDM_DRO] virus warning

on 2001-09-19 15:29:27 UTC
Tim wrote:
> For the time being Linux should be plenty safe. I just fear for when the
> virus writers decide to target Linux. With the open sources nature they
> have full access to the code and can really pull some serious stuff.

[ Sorry about this, but I've gotta dispell some FUD ]

Which is a total FUD statement from people who don't understand
anything about security and the type of hackers out there. Even
Symmantec's CEO talked about how the OSS model lends to fewer
exploits _because_everyone_ has access to the source -- including
"the good guys"
who are far more numerous.

BLACK, GREY AND WHITE HACKERS -- LINUX HAS ALL, WINDOWS HAS ONLY
FORMER

You see, only black hat and the occassional gray hat hacker can
exploit closed source software. They are the ones disassembling it,
probing it and doing other things generally forbidden by the
license, ethics or even law. With open source software, you also
have white and gray hat hackers exposing exploits as well -- who can
do so quite legally. Since white and gray hat hackers significantly
outnumber black hat and borderline gray hat hackers, exploits are
usually identified, publicly announced and patched immediately when
found.

This is quite unlike closed source software where the "auditors"
(i.e. the black hat hackers) are less likely to share the exploit
with the public. It isn't until something nasty appears before the
exploit is well known. And then there is a delay before the
commercial vendors puts out a patch.

NO ATTACK PREDATES AN EXPLOIT IN UNIX/LINUX

This has been well documented again and again. No UNIX/Linux
exploit to date has been a victim of a program before a patch was
available. And with the exception of the Morris worm (which really
"woke the Internet up" in 1988), UNIX in general. On the other
hand, half of Windows exploits are patched well after a program is
released to exploit it -- and usually that is the _first_time_ it is
publicly known.

UNIX/LINUX PATCH RESPONSE TIMES MUCH FASTER

As far as response time, UNIX exploits are usually patched in days
if the source code is available. UNIX vendors will repackage the
exploit within 1-2 weeks afterward, although many have been done the
same day as the patch became available. Microsoft's average
response time is 3-4 weeks.

NO REBOOTS NOR UNDESIRED EFFECTS MEANS ITS ACTUALLY INSTALLED

And even when the patch becomes available, UNIX/Linux admins are 10x
more likely to apply it. Why? Unless the patch is against the
kernel itself, UNIX/Linux systems do not have to be rebooted. This
is also combined with the fact that there is _rarely_ an "undesired
effect" that occurs after a patch. Most Windows patches require a
reboot and might have cause unforseen effects to the system,
including preventing the system from rebooting. So many Windows
sysadmins don't install patches as they come out.

UNIX/LINUX MORE POPULAR FOR INTERNET SERVERS

The other "FUD" out there is that since people use Windows more,
there are more people attack it. Wrong. UNIX/Linux servers are
more populus on the Internet, and hackers know this. UNIX has a
long history of WORMS and other issues back in the '80s that taught
UNIX developers how *NOT* to develop software. This "pro-active
security" attitude in development has carried over to Linux. And
unless software is installed as root, most "payloads" are limited in
what they can do.

As Windows became Internet "aware" in 1995, Microsoft has had the
chance to learn several lessons. Each time features were placed in
front of compatibility, interoperability, stability and, lastly,
security auditing. Many of us were not surprised by the macro
viruses that started to hit 1998, as we had been warning Microsoft
about for years. And unlike UNIX software in general, most Windows
software is multiuser-ignorant including many of the applications
written by Microsoft themselves (which require "administrator" or
"power user" level of privaledges), let alone various subsystems in
NT/2000 itself (and Windows 9x/ME is MS-DOS, so there is none).

SO WHO REALLY HAS MORE EXPLOITS?

There was some additional "FUD" that went around last year about
UNIX/Linux having more exploits than Windows. While the totals at
Security Focus were more for UNIX than Windows when blindly added,
Windows bigots didn't look at the _type_ of exploit. 90% of UNIX
exploits are classified as a "root exploit." A root exploit is the
type of exploit that allows a regular user to gain superuser
privaledges in a true, [simultaneous] multiuser OS like UNIX/Linux.

Running Windows 9x/ME *IS* a root exploit. Also running most
consumer Windows software on Windows NT/2000 also allows one to gain
many superuser privaledges -- and, due to incompatibilities, many
Windows admins just give users "Administrator" privaledges on their
local box instead of dealing with them. Lastly, while Microsoft
does offer a true multiuser version of NT called "Terminal Server"
(based on Citrix Winframe) and it is highly recommended you do *NOT*
make NTTS systems publicly available as such.

-- TheBS
White Hat Hacker and longtime NT/Linux admin

--
Bryan "TheBS" Smith mailto:b.j.smith@... chat:thebs413
Engineer AbsoluteValue Systems, Inc. http://www.linux-wlan.org
President SmithConcepts, Inc. http://www.SmithConcepts.com

Discussion Thread

carlcnc@e... 2001-09-18 21:21:29 UTC virus warning Jon Elson 2001-09-19 10:07:24 UTC Re: [CAD_CAM_EDM_DRO] virus warning dlantz@a... 2001-09-19 10:25:22 UTC RE: [CAD_CAM_EDM_DRO] virus warning Ron Yost 2001-09-19 10:27:19 UTC Re: [CAD_CAM_EDM_DRO] virus warning paul@a... 2001-09-19 10:56:01 UTC Re: [CAD_CAM_EDM_DRO] virus warning dlantz@a... 2001-09-19 11:00:01 UTC RE: [CAD_CAM_EDM_DRO] virus warning Tim 2001-09-19 11:04:17 UTC RE: [CAD_CAM_EDM_DRO] virus warning paul@a... 2001-09-19 11:05:06 UTC Re: [CAD_CAM_EDM_DRO] virus warning dlantz@a... 2001-09-19 11:07:26 UTC RE: [CAD_CAM_EDM_DRO] virus warning Bryan-TheBS-Smith 2001-09-19 11:26:25 UTC Re: [CAD_CAM_EDM_DRO] virus warning Bryan-TheBS-Smith 2001-09-19 11:31:59 UTC Re: [CAD_CAM_EDM_DRO] virus warning Tim 2001-09-19 13:29:38 UTC RE: [CAD_CAM_EDM_DRO] virus warning paul@a... 2001-09-19 13:54:45 UTC Re: [CAD_CAM_EDM_DRO] virus warning Bryan-TheBS-Smith 2001-09-19 15:29:27 UTC Re: [CAD_CAM_EDM_DRO] virus warning Bryan-TheBS-Smith 2001-09-19 15:47:50 UTC Re: [CAD_CAM_EDM_DRO] virus warning