On 2009-01-15, Dave Henn <[email protected]> wrote: > > > > > One way to nearly eliminate malware is to do away with Windows once > and for all, or to demand that MS overhaul it so that the malware > can't take advantage of its security holes. There is little, if any, > malware for Unix-based OSs, such as Mac OS X and the various Linuxes > (Linuxi?), and what there is requires the user to give it permission > to run. Unix has been around a long time and is installed on millions > of servers, yet no malware of significance.
Unless you count the server-side component of Storm. ... > Acceptance is the problem, again. While Ubuntu is helping bring lesser > geeks and even non-geeks into the Linux world, and the Vista problems > urged people to look at alternatives like Mac OS X and Linux, there is > still a huge amount of inertia confronting any massive OS change, not > to mention the economic incentive millions of techies have to stand in > the way of a truly secure OS. Mass-acceptance of OS X would simply move much of the malware to OS X. Ditto desktop Ubuntu. True, it's a bit harder to get root than it is to get Windows superuser status, but it may not be as much harder as you think. There's an annual competition to hack OS X. Participants are pointed at a fully-patched Mini with default security options. The system is routinely compromised in less than an hour's effort, from scratch. I firmly believe that, while Windows is in fact uniquely vulnerable (and for reasons a number of us are familiar with), end-user-focused Unixes like OS X and desktop-Ubuntu are nevertheless also going to continue to be vulnerable. "OS vulnerabilities" are usually operating *environment* vulnerabilities (where the environment starts at the application layer and extends out to your hands and brain), and even then, usually a matter of configuration. And the reason that the configurations are vulnerable is that when they're not, the system gets hard to use. (Which I think goes to Dana's point below about installing SW on Linux.) At one time, for example, most email exploits were actually Outlook or Outlook Express exploits. It's a fine point, but that's not the same as a * Windows* exploit. There are Firefox exploits and Thunderbird exploits, too, and many are cross-platform. As "operating systems" "become the web" (the "web 3.0" vision), that will become more and more relevant: What will be important is that there's no vulnerability in Flash that allows the Flash movie on tab 3 to draw data from the Yahoo Wallet on tab 16. That will be a browser issue, not an OS issue, and my experience suggests to me that issue will still keep cropping up for some time to come. A short version of what I just wrote: Never assume you can fix a social engineering problem with software. I also (probably) agree with Dana that Linux's primary problem isn't acceptance. I think it's because the Bazaar model is generally quite poor at producing usabile software. My 2¢. > > (btw - you know what I have to do to insert the ¢ symbol on my Mac? > Option-2. To do it in Windows... Well, I know how to do it in Word and > other Office programs, but I'm not sure if I could do it in Firefox > without jumping through a lot of hoops.) It used to be easier than it is. You used to be able to get access to a standard applet that would put characters into the paste buffer. I don't think that's existed since Win95. -- eric scoles ([email protected]) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "R-SPEC: The Rochester Speculative Literature Association" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/r-spec?hl=en -~----------~----~----~----~------~----~------~--~---
