On Wed, 2010-03-24 at 15:18 -0400, Benjamin Scott wrote: > However, if/when Linux gains significant market share, the Linux > binary/shell script/.deb/autopackage/whatever that gets downloaded > will run just fine. In other words, this is only an effective > countermeasure *as long as Linux remains a second-class citizen*. I > don't regard that as a winning strategy.
I think you are overlooking the social difference. When people are used to getting all of their software through synaptec/yum/pup they will *NOT* be used to installing and running software from outside sources. Its harder to distribute malware when people see the source. (Yes, I know that a javascript exploit triggered this thread, so source was available. I also read enough to learn that the javascript exploited browser plug-ins to spread malware without requiring user interaction. So that all validates the argument that Linux is not a panacea. Still, I'll continue.) Also, I can not just execute programs in my firefox web pages. I can download for handling by some software (archive manager, rpm, etc.), but nothing executes until I download the file and then choose to run it. Executables in my emails do not get run unless I go out of my way to run them. What I'm getting at is that Windows is constructed to make the execution of bits off the wire easy and (all-to-often) sometimes automatic. So far Linux has not made that mistake at least to the same degree. (e.g. I can connect a USB stick and not worry about autoexecuting malware. With Windows, can't a USB stick emulate a CD and force auto-execute even when flash auto-execute is disabled??) (Ben, stop me I am spreading FUD.) While I know that Linux computers and Macs are not invulnerable, they have markedly lower malware penetration rates. To argue that this lower rate *only* comes from lower market share is going too far. I'm not arguing that Linux is invulnerable. However there are a bunch of factors besides small market share that tend to make it more secure than Windows. -- Lloyd Kvam Venix Corp DLSLUG/GNHLUG library http://dlslug.org/library.html http://www.librarything.com/catalog/dlslug http://www.librarything.com/rsshtml/recent/dlslug http://www.librarything.com/rss/recent/dlslug _______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
