>From Ben Higginbottom on Friday, 2004-12-03 at 23:29:37 +0000: > Conrad Newton wrote: > > > >Up to now, the only formulation that I find reasonably satisfing is the > >following: > > > > Ask a Linux user when he or she last had a virus, and you will > > encounter only confusion: although security experts agree that Linux > > _could_ have viruses (in theory), in practice I have never met a > > Linux user who suffered from one. > > > >This seems a little weak, but at least it is honest. Many of the more > >detailed discussions are completely unusable. > > I've been using unix based/inspired operating systems for over ten > years, and have never had a virus or trojan (a much more serious problem > for linux than viruses). The only case of a virus infecing a *nix box I > got second hand from a LUG meeting. Someone with root access to a box > logged direcly into it as root, and then used evolution to read their > emails and was infected.
This is pretty interesting. Do you know any more details? The story is consistent with my picture of what could happen: you read mail, mime calls a vulnerable program, and bang! > In other words, the user screwed up. Root access is dangerous of course, but normally I would not blame the user for reading their e-mail! What was the actual point of vulnerability? > One thing I've discovered since atrting to work full time with linux is > that no-one from a windows background I've met has a grasp on multi-user > operating systems. Not surprising given windows single-user background, > but that lack of a grasp means that they fail to understand that any > genuinely multi-user OS (not just linux) must have a radically different > security model than those with single user only, be that operating > system windows, BeOS, NeXT or even linux distros such as linspire. Yes, so maybe a short security article should concentrate on this point instead of discussing the highly theoretical possibility of viruses ... > The fact that the Windows security model is inherently flawed is an > entirely different topic, and probably not relevant for getting your > point across. My original plan for a security article was to never even mention the word W....ws---just let the story speak for itself, and the guilty parties will know who they are! :-) > BTW, congrats on your recent award. Thanks, Conrad

