Text 43044, 55 rader
Skriven 2008-02-11 21:27:04 av Jeff Bowman (1:229/500)
Kommentar till text 43021 av Alan Zisman (1:123/789.0)
Ärende: Re: Surf.
=================
> The lesser number of Mac and Linux users certainly plays a role in the
> lack of malware-- but more important is that both are simply better
> designed than Windows in a number of important ways-- such as processes
> being turned off by default if they're unused, while in Windows many are
> turned on, needed or not. Microsoft, if designing Vista, tried to build
> in a number of security features that are already standard in Mac OS X
> and Linux... in some cases, such as Vista's overly nagging UAC, they
> botched the job.
I think peoples view of security problems is a bit skewed. First of all, Linux
has many many security problems. Just the other day was the big kernel 2.6
root exploit. Then there's the tons of Apache, postfix, bind, etc flaws which
plagued Linux servers for years. There are always exploits popping up for
various Linux applications and server softwares all the time. So while Linux
arguably implements certain aspects of security practices better, it's
certainly not without its flaws.
Windows isn't really plagued by services running in the background. The
majority of people are behind a firewall, particularly a router, so incoming
connections to software isn't the vector of attack. Windows gets targetted
over the web the huge majority of the time. Every nook and cranny of IE gets
poked at. There are automated processes that people run to try to find buffer
overflows, and when one is discovered, they start poking around to see if it's
exploitable. But it's not limited to just IE, because Firefox has started
showing a huge number of buffer overflows. Other web-based apps are targets
too. The OS itself isn't really the target anymore like it once was, because
it's just too hard to get into directly.
� �
Mac is the oddball. It has a small userbase like Linux, but was never used as
servers, so it's never appealed to anyone as a target. As such, people
perceive it as being secure. But that's simply untrue as well. I've seen some
security researchers say that Apple's coding practices are about where
Microsoft was nearly 10 years ago. They've never had to deal with huge scale
banging on their software like Microsoft did. Microsoft HAD to learn and fix
their mistakes, and they got a bad rap for it. Apple however remains small and
still a trivial target.
Apple's software, however, is still a target on the PC. Often you'll hear of
Quicktime flaws, which people use via the web browser to infect a PC with
malware. I'm pretty sure it was a Quicktime flaw which was responsible for
that huge infestation of Myspace users via a bad advertisement.
It all comes down to money these days. The bigger the botnet you can form, the
more spam you can send out, and the more pressure you can put on businesses
with extortion or direct DDoSing to keep them out of business. If you go where
the money is, that's PC, because that's where the majority of users are. It
has much less to do with security practices now, and just how bad somebody
wants to find flaws to profit from.
My response ended up being a lot bigger than I realized! But I tend to keep up
on these things, and thought I'd share my input.
--- D'Bridge 2.95
* Origin: FyBBS (1:229/500)
|