Re: [LAD] Linux Malware
On 22/03/12 15:17, Louigi Verona wrote: The typical argument is that there are not too much users. I generally do not agree with this argument and point to architectural reasons, number of distros, community reasons and the openness of the platform. Additionally, I even argue that the more users, the faster news about a potential risk spreads. Actually, there are many, many more Linux machines connected to the Internet that Windows machines - all those broadband routers. Ever seen a Windows box directly connected to PPPoA? No? Yeah, that's what I thought... -- Gordonjcp MM0YEQ ___ Linux-audio-dev mailing list Linux-audio-dev@lists.linuxaudio.org http://lists.linuxaudio.org/listinfo/linux-audio-dev
Re: [LAD] Linux Malware
On 24/03/12 21:19, Jeff McClintock wrote: Lignux systems only have write access to their home directories, which the system does not run software from by default. So Malware can trash your personal documents and steal your identity.but the kernel is safe? The malware has to be able to run. Simply writing it to disk is not sufficient. -- Gordonjcp MM0YEQ ___ Linux-audio-dev mailing list Linux-audio-dev@lists.linuxaudio.org http://lists.linuxaudio.org/listinfo/linux-audio-dev
Re: [LAD] Linux Malware
On Saturday 24 March 2012, Paul Davis wrote: even though CORBA attempted to do object management before MS, its design never really took off, whereas MS's DOM model has been quite successful when viewed through certain lenses. DOM? Document Object Model? like in HTML and XML documents processing? I guess you mean COM, aka OLE2, == Component Object Model. Let me add D-Bus to the soup of acronyms: http://dbus.freedesktop.org/doc/dbus-faq.html#components Regards, Pedro ___ Linux-audio-dev mailing list Linux-audio-dev@lists.linuxaudio.org http://lists.linuxaudio.org/listinfo/linux-audio-dev
Re: [LAD] Linux Malware
Lignux systems only have write access to their home directories, which the system does not run software from by default. So Malware can trash your personal documents and steal your identity.but the kernel is safe? Windows isn't a victim of its own popularity, it's a victim of being crap. Yeah, While the average programmer makes 20 errors per 1000 lines-of-code. Linux programmers, having being on a mission form god, NEVER make such mistakes, therefore Linux is has no exploitable flaws. ;) Seriously though, this is *SO* off topic. Best Regards, Jeff Message: 3 Date: Fri, 23 Mar 2012 20:15:23 -0400 From: David Robillard d...@drobilla.net Subject: Re: [LAD] Linux Malware To: Louigi Verona louigi.ver...@gmail.com Cc: Linux Audio Developers linux-audio-dev@lists.linuxaudio.org Message-ID: 1332548123.6586.15.ca...@verne.drobilla.net Content-Type: text/plain; charset=UTF-8 On Thu, 2012-03-22 at 18:17 +0300, Louigi Verona wrote: Hey guys! This is an Offtopic question, really, but I wanted to ask people I know and people who are developers - what are the reasons there are (almost) no viruses on Linux? The typical argument is that there are not too much users. Maybe typical in Redmond... the typical sane argument is that users on Lignux systems only have write access to their home directories, which the system does not run software from by default. Windows, on the other hand, traditionally had users running with complete access to the system. Add to the mix notoriously flaky low-quality code, slow moving development, and a core system built from numerous layers of piled legacy crap, and it'd be shocking if exploits *didn't* run rampant. Anyone claiming that any system would have been as badly affected in Windows' situation has no idea what they're talking about. The system essentially didn't have any form of security whatsoever. The security model wasn't flawed, it *wasn't there*. You didn't have to exploit the system to get viruses and malware on it, you just had to get the user to run something. Windows isn't a victim of its own popularity, it's a victim of being crap. -dr ___ Linux-audio-dev mailing list Linux-audio-dev@lists.linuxaudio.org http://lists.linuxaudio.org/listinfo/linux-audio-dev
Re: [LAD] Linux Malware
On 03/25/2012 08:19 AM, Jeff McClintock wrote: Yeah, While the average programmer makes 20 errors per 1000 lines-of-code. Linux programmers, having being on a mission form god, NEVER make such mistakes, therefore Linux is has no exploitable flaws. It's a reality that Linux (and it's programmers) have been at the forefront of computer software design and implementation; and that will continue. Microsoft have never been. g. ___ Linux-audio-dev mailing list Linux-audio-dev@lists.linuxaudio.org http://lists.linuxaudio.org/listinfo/linux-audio-dev
Re: [LAD] Linux Malware
On Sat, Mar 24, 2012 at 5:40 PM, Geoff Beasley ge...@laughingboyrecords.com wrote: It's a reality that Linux (and it's programmers) have been at the forefront of computer software design and implementation; and that will continue. Microsoft have never been. this isn't actually true. microsoft research has done some pretty innovative stuff. the original NT kernel group headed by dave cutler (who used to work at dec and basically bought a decent chunk of the VMS team with him) did some quite creative things with kernel design. and even the justifiably maligned IE did bring a few features to web browsers that are now standard. even though CORBA attempted to do object management before MS, its design never really took off, whereas MS's DOM model has been quite successful when viewed through certain lenses. what is true is that microsoft innovations rarely spread outside of microsoft. not never, just rarely. ___ Linux-audio-dev mailing list Linux-audio-dev@lists.linuxaudio.org http://lists.linuxaudio.org/listinfo/linux-audio-dev
Re: [LAD] Linux Malware
On 03/23/2012 07:15 PM, David Robillard wrote: Windows, on the other hand, traditionally had users running with complete access to the system. Add to the mix notoriously flaky low-quality code, slow moving development, and a core system built from numerous layers of piled legacy crap, and it'd be shocking if exploits *didn't* run rampant. Anyone claiming that any system would have been as badly affected in Windows' situation has no idea what they're talking about. The system essentially didn't have any form of security whatsoever. The security model wasn't flawed, it *wasn't there*. You didn't have to exploit the system to get viruses and malware on it, you just had to get the user to run something. In all fairness... the situation in Windows is getting better while the situation in Linux is getting more relaxed. When it comes to the user experience, Win7 and Ubuntu now have more or less the same security model WRT doing administrator tasks (asking for a password, sudo-style). And even in Windows XP you *could* do it right (don't run as admin), but several applications forced people to do it wrong... and the default was to run as admin. So now the difference is mainly that *nix has execute permissions on files. Everything else is converged or converging.(*) -gabriel ___ Linux-audio-dev mailing list Linux-audio-dev@lists.linuxaudio.org http://lists.linuxaudio.org/listinfo/linux-audio-dev
Re: [LAD] Linux Malware
Reply to All / Reply to List On Thursday 22 March 2012 18.17.46 Louigi Verona wrote: Hey guys! This is an Offtopic question, really, but I wanted to ask people I know and people who are developers - what are the reasons there are (almost) no viruses on Linux? The typical argument is that there are not too much users. ... If I should take a wild guess, It was not so many Windows users in numbers back in around 1992/1993 either, but the number of viruses and Co. was around 16 000. So yes, that number argument is not really good. The smaller number of viruses and other problems in Linux is in my opinion mainly because of this: * The simplicity in file structure. Most programs and libraries can be normally be found in just a few paths, which generally makes it easier to control things. This structures also makes it easier to install and run programs without being an admin and messing with the system. * It is the distro vendors that are doing the hard work of upgrading packages as fast as possible when a security hole are discovered. In a main stream distro like Ubuntu, this can happen more that one time at day if needed. In Windows this is once a week and in OSX, it can take many weeks if they fix it. This is a very serious thing. Many packages are in use in both Linux, Windows and OSX, If I'm not mistaking, Openssl is one of them. So when the world knows about security holes, it might take long time before MS and Apple fix it. So to sum it up: The distro take care of most of it in Linux, MS and Apple usually only care about the OS related stuff. In addition: for MS, antivirus and other security programs are central for keeping things healthy. The passive nature of the Unix systems are probably better here. *Speaking about packages: They are often open sourced, and many eyes can identify and solve problems. This was only tree points, but one can probably find more. But now, I will go and watch TV! :-) Jostein ___ Linux-audio-dev mailing list Linux-audio-dev@lists.linuxaudio.org http://lists.linuxaudio.org/listinfo/linux-audio-dev
Re: [LAD] Linux Malware
On 22/03/12 15:17, Louigi Verona wrote: The typical argument is that there are not too much users. I generally do not agree with this argument and point to architectural reasons, number of distros, community reasons and the openness of the platform. Additionally, I even argue that the more users, the faster news about a potential risk spreads. Actually, there are many, many more Linux machines connected to the Internet that Windows machines - all those broadband routers. Ever seen a Windows box directly connected to PPPoA? No? Yeah, that's what I thought... -- Gordonjcp MM0YEQ ___ Linux-audio-dev mailing list Linux-audio-dev@lists.linuxaudio.org http://lists.linuxaudio.org/listinfo/linux-audio-dev
Re: [LAD] Linux Malware
On Thu, 2012-03-22 at 18:17 +0300, Louigi Verona wrote: Hey guys! This is an Offtopic question, really, but I wanted to ask people I know and people who are developers - what are the reasons there are (almost) no viruses on Linux? The typical argument is that there are not too much users. Maybe typical in Redmond... the typical sane argument is that users on Lignux systems only have write access to their home directories, which the system does not run software from by default. Windows, on the other hand, traditionally had users running with complete access to the system. Add to the mix notoriously flaky low-quality code, slow moving development, and a core system built from numerous layers of piled legacy crap, and it'd be shocking if exploits *didn't* run rampant. Anyone claiming that any system would have been as badly affected in Windows' situation has no idea what they're talking about. The system essentially didn't have any form of security whatsoever. The security model wasn't flawed, it *wasn't there*. You didn't have to exploit the system to get viruses and malware on it, you just had to get the user to run something. Windows isn't a victim of its own popularity, it's a victim of being crap. -dr ___ Linux-audio-dev mailing list Linux-audio-dev@lists.linuxaudio.org http://lists.linuxaudio.org/listinfo/linux-audio-dev
Re: [LAD] Linux Malware
On 3/23/12, David Robillard d...@drobilla.net wrote: On Thu, 2012-03-22 at 18:17 +0300, Louigi Verona wrote: Hey guys! This is an Offtopic question, really, but I wanted to ask people I know and people who are developers - what are the reasons there are (almost) no viruses on Linux? The typical argument is that there are not too much users. Maybe typical in Redmond... the typical sane argument is that users on Lignux systems only have write access to their home directories, which the system does not run software from by default. true, but a little reset of LD_LIBRARY_PATH, or even better, LD_PRELOAD in the user's .profile or whatever can go a long way towards fixing that particular err, barrier ;) ___ Linux-audio-dev mailing list Linux-audio-dev@lists.linuxaudio.org http://lists.linuxaudio.org/listinfo/linux-audio-dev
[LAD] Linux Malware
Hey guys! This is an Offtopic question, really, but I wanted to ask people I know and people who are developers - what are the reasons there are (almost) no viruses on Linux? The typical argument is that there are not too much users. I generally do not agree with this argument and point to architectural reasons, number of distros, community reasons and the openness of the platform. Additionally, I even argue that the more users, the faster news about a potential risk spreads. However, several of my friends and colleagues at work who are long time Linux users have argued that in the end it is still the number of users, since no architecture is perfect and virus writers will find a way to penetrate the system and target all known distros. I am wondering if I am missing something. Does anyone on this list thinks that number of users does play more than a minor role? -- Louigi Verona http://www.louigiverona.ru/ ___ Linux-audio-dev mailing list Linux-audio-dev@lists.linuxaudio.org http://lists.linuxaudio.org/listinfo/linux-audio-dev
Re: [LAD] Linux Malware
On Thu, Mar 22, 2012 at 7:17 PM, Louigi Verona wrote: Hey guys! This is an Offtopic question, really, but I wanted to ask people I know and people who are developers - what are the reasons there are (almost) no viruses on Linux? Technically I could be wrong, but ... Lots of viruses come via mail. On Linux it means executing binary files from mail clients. Well, 1) mail clients on Linux don't do that 2) the executable attribute of a file is lost when you send it anyway. Alexandre Prokoudine http://libregraphicsworld.org ___ Linux-audio-dev mailing list Linux-audio-dev@lists.linuxaudio.org http://lists.linuxaudio.org/listinfo/linux-audio-dev
Re: [LAD] Linux Malware
I would say your friends are essentially correct. To put an extreme example, there is only so much an operating system can do for security-unconscious users that will grant root permissions to an unknown executable that promises adult content or the Linux port of Angry Birds. Knowledgeable and determined attackers can only be fended-off with an active security policy. However, the Linux software distribution model based on well-maintained centralized repositories will probably help in making casual infections more difficult. If those repos are compromised, though... L ___ Linux-audio-dev mailing list Linux-audio-dev@lists.linuxaudio.org http://lists.linuxaudio.org/listinfo/linux-audio-dev
Re: [LAD] Linux Malware
Am 22. März 2012 16:17 schrieb Louigi Verona louigi.ver...@gmail.com: what are the reasons there are (almost) no viruses on Linux? I don't write them for Linux, because I don't want to infect my own system :)) OK that was a joke. I don't write viruses and would have to guess an answer :) -- E.R. ___ Linux-audio-dev mailing list Linux-audio-dev@lists.linuxaudio.org http://lists.linuxaudio.org/listinfo/linux-audio-dev