There's a Microsoft apologist on a local list here that I'm on, and I hear the same dumb crap him. Basically:
1. Windows viruses are written by Linux users who hate Windows 2. Linux is vulnerable to viruses just like Windows, but nobody bothers to write them (see #1) 3. Windows is very secure, it just gets attacked much more due to the anti-Windows bias, that's why you see more Windows servers cracked It's odd because, if I'm to believe Microsoft, Linux is less secure because the source is available. If I'm to believe their apologists, Linux is no more secure than Windows, Windows just gets picked on unfairly by Linux users. I've never seen a bunch of losers having a harder time facing reality. Windows is targeted for worms and viruses for two reasons: 1. Poor coding practices at Microsoft, which have been perpetuated for years due to their closed-source nature and "security through obscurity" mentality, have left their various OS's and components vulnerable to any number of buffer overflow attacks. Their NT/2K/XP line of OS's has one of the best security models available (ACL's for everything), but Microsoft foolishly ignores it and runs the web server, and thus every single component and plug-in of that web server, as the Administrator with full, unobstructed access to everything on the machine. Linux, and most Unix systems, have a simpler security model, but run the web server (which is a much more well-written piece of code than IIS, anyway) as an untrusted user which generally can't even write to the same files that it's serving. So even in the rare case that someone can exploit the web server to run arbitrary code, they have no more rights than a normal user of the system. 2. Microsoft's mail clients (Outlook and Outlook Express) and particularly their users have been exploited freely now for a few years to spread email viruses. Most of these work through social engineering; the emails are sent to the people listed in the address book of the infected machine, so it typically arrives in the inbox from a known, and therefore trusted, person, which makes the recipient more likely to open them and spread the virus. To facilitate matters, the mail clients make it easy to execute the virus code simply by attempting to view the attachment. Because the OS is unable to differentiate between a trusted program and an untrusted program, it is run with no warning to the user. Some of these exploit bugs which allow the malicious code to be executed if the user simply previews the email without opening any attachments. Also, the Windows system is generally configured to "hide" well-known file extensions, including almost all extensions which are executable. For many executable types, the displayed icon is taken from within the file itself. This means that it's possible to create a file called "fun.doc.exe" and make the icon be the MS Word document icon. So the user sees "fun.doc" with a familiar Word icon, making them more likely to open it. All the whining in the world isn't going to fix this stuff. But apparently Microsoft and its horde of followers find whining easier than writing good, solid code. Michael -- Michael Darrin Chaney [EMAIL PROTECTED] http://www.michaelchaney.com/ _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
