It's obvious you are not a criminal. That is old-school theft thinking. Old-school theft is you go where the money is and you smash and grab the biggest amount you can all at once from one person or institution then run off. Most criminals today that do that get caught and serve long sentences and have to pay the money back, and the criminal justice system is totally setup to catch them.
New-school theft thinking is you steal very little - maybe a dollar - from every victim - and you just do it from as many victims as you can. A smaller who steals $25 from 10,000 people makes a quarter million dollars. And you are never gonna find a prosecutor anywhere who is going to file theft charges against someone for $25. My mother got a $25 charge on her credit card from an online gaming company for some stupid thing like more points or some such. She's 82 and has never played an online game in her life. She filed a dispute with the bank. The online game company responded claiming there was no way their system would allow an invalid charge. The chargeback was then denied. She's probably spent an hour on the phone by now trying to get the charge removed. I told her just cancel your credit card and get a new one she does not want to do that because the card number is setup in a dozen places for automatic payments. So she will end up giving up on the charge back, and the thief - who we know and the bank knows - will get $25 See how this works? Ted -----Original Message----- From: PLUG <[email protected]> On Behalf Of mo Sent: Friday, January 26, 2024 11:43 AM To: Portland Linux/Unix Group <[email protected]> Subject: Re: [PLUG] virus check methods Agreed on all this except Linux users are smart = smart ppl usually earn more = accessing their financial authorizations is more valuable. But if it's a numbers game then no. On Fri, Jan 26, 2024, 11:16 Ted Mittelstaedt <[email protected]> wrote: > I think just about all those phishing emails that are trying to > distribute phishing viruses are distributing viruses written for > windows, because Windows is written so poorly that you have to be > administrator on a windows system to do even basic user tasks like connecting > to a printer. > > They know that unless they get opened on a corporate network where the > Microsoft user security is enforced, they have carte-blanc to do > whatever the heck they want to the computer. > > This is just a numbers game. The number of Linux user desktops out > there is vastly smaller even than MacOS desktops, and the number of MacOS > desktops is a pittance compared to windows desktops. And almost all > windows desktops NOT connected to a domain the user has admin rights, > and probably half the windows desktops connected to a domain the user > also has admin rights. > > Assume only .01 of users fall for a virus, well .01 of 100 million > windows desktops is a lot bigger number than .01 of 1 million linux > desktops. You write for the bigger number. > > Hell, we can't even get Microsoft to port Office to Linux desktops > even though the majority of their revenue is coming from O365 and they > have forced every maker of desktops out there to buy windows licenses > from them > - all those linux desktops you have, also paid a Microsoft tax. So > there's zero downside to making O365 available for Linux desktops > other than developer cost to port and support, it won't negatively > impact their windows os revenue at all. And O365 is EXPENSIVE and > it's an ongoing cost. Plus they make O365 available for MacOS and > they are the greediest pigs of all the installed software vendors and > routinely throw millions into dog products like Microsoft Bob that > everyone can see will be money losers. > > Yet they can't even find a way to make money on linux desktops so if > THEY can't justify it for O365 which is a cash cow, how in the world > could a virus writer writing viruses to make actual real money (well, > steal real > money) justify writing a linux desktop virus? > > Just about all the linux escalation security cracks are written to > target linux SERVER products. If your Linux desktops are not offering > services to the public Internet, there is very little to worry about. > > Ted > > -----Original Message----- > From: PLUG <[email protected]> On Behalf Of mo > Sent: Friday, January 26, 2024 11:01 AM > To: Portland Linux/Unix Group <[email protected]> > Subject: Re: [PLUG] virus check methods > > Such a great group to learn so many things from! Yayus! > > I've aptitude auto updating. None of the systems have a LAN aka all > WFH situations. The individual users do not have root access, but I > install 1 other user which does so that I can ssh in as that user & > sudo when needed; root itself has no ssh or login access directly. Idk > if I use all the Linux defaults; I have a setup script I run on each > host after install to configure everything which probably changes some > defaults. > > Idk if Siduction/Debian has any 0days. I haven't had time to process > all the other links & info you guys shared yet but all very > appreciated. 🙏🏾 > >
