Re: [LUAU] Its time to simply ban Windoze machines from the Internet
Ok, this is just silly. If you ban windows machines from the internet you'd just get a bunch of linux and osx botnets... Botnets run on windows because they are the majority population, not because they are inherently easier to write botnets for. Tim Newsham http://www.thenewsh.com/~newsham/
Re: [LUAU] Its time to simply ban Windoze machines from the Internet
On Oct 18, 2006, at 9:33 AM, Tim Newsham wrote: Ok, this is just silly. If you ban windows machines from the internet you'd just get a bunch of linux and osx botnets... Botnets run on windows because they are the majority population, not because they are inherently easier to write botnets for. Its not that simple. Windows boxes are a heckuva lot easier to populate with the software that creates botnets. They're an open infection vector. This is much, much harder (though not impossible) with osx/linux/ freebsd/openbsd/...
Re: [LUAU] Its time to simply ban Windoze machines from the Internet
Tim Newsham wrote: Ok, this is just silly. If you ban windows machines from the internet you'd just get a bunch of linux and osx botnets... Botnets run on windows because they are the majority population, not because they are inherently easier to write botnets for. Linux has some advantages when it comes to serving in a botnet, such as increased stability and more reliable networking. Perhaps Solaris would be even better. On a more serious note, it's refreshing to do my weekly updates, and know that all my vulnerable software is getting updated. No anti-virus, and no anti-spyware, it's nice. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky
Re: [LUAU] Its time to simply ban Windoze machines from the Internet
Its not that simple. Windows boxes are a heckuva lot easier to populate with the software that creates botnets. They're an open infection vector. I don't agree at all. There are sufficient server and client vulnerabilities in *BSD, linux, OS X and windows. Many of the attacks don't even rely on any software vulnerability but on the poor judgement and bad practices of end users. These same problems exist in the unix population. The software for all aspects of a the malware would be substantially similar across all existing popular platforms. The only major differentiator is the return on investment. Writing attacks for windows makes more economical sense for attackers. Tim Newsham http://www.thenewsh.com/~newsham/
Re: [LUAU] Its time to simply ban Windoze machines from the Internet
Tim Newsham wrote: Its not that simple. Windows boxes are a heckuva lot easier to populate with the software that creates botnets. They're an open infection vector. I don't agree at all. There are sufficient server and client vulnerabilities in *BSD, linux, OS X and windows. Many of the attacks don't even rely on any software vulnerability but on the poor judgement and bad practices of end users. These same problems exist in the unix population. The software for all aspects of a the malware would be substantially similar across all existing popular platforms. The only major differentiator is the return on investment. Writing attacks for windows makes more economical sense for attackers. I do wonder what effect the human factor will have on the prestige FOSS enjoys once it becomes more mainstream, especially on the desktop. Of course, nearly 70% of web servers are run by Apache. As I understand it, a disproportionate number of vulnerabilities are found on the windows server platform. Tim Newsham http://www.thenewsh.com/~newsham/ --scott
Re: [LUAU] Its time to simply ban Windoze machines from the Internet
So given that argument on market share as correlating to a need and return on investment, in a hypothetical situation where there is a 50% Windows market share and the remaining 50% is a mix of *nix, Linux and OS X. Would there be an equal amount of malware/spyware/viruses/etc.. devided equally between Windows and others? I don't think so. It also makes more economical sense for spyware merchants to target say Internet Explorer than Mozilla Firefox. Not because of the market share of IE (which is declining) but because of the amount of time it would take for Microsoft to patch (or not patch) the security hole. Whereas a hole in Mozilla Firefox would take priority and be discussed in the open. And the security patch would be pushed out in a more timely fashion as opposed to the 2nd Tuesday of the month... Again, if MS decides to put the resources into patching the hole in the first place. That's not a case of market share. That's the closed and proprietary development model. ~ Julian --- Tim Newsham [EMAIL PROTECTED] wrote: Its not that simple. Windows boxes are a heckuva lot easier to populate with the software that creates botnets. They're an open infection vector. I don't agree at all. There are sufficient server and client vulnerabilities in *BSD, linux, OS X and windows. Many of the attacks don't even rely on any software vulnerability but on the poor judgement and bad practices of end users. These same problems exist in the unix population. The software for all aspects of a the malware would be substantially similar across all existing popular platforms. The only major differentiator is the return on investment. Writing attacks for windows makes more economical sense for attackers. Tim Newsham http://www.thenewsh.com/~newsham/ ___ LUAU@lists.hosef.org mailing list http://lists.hosef.org/cgi-bin/mailman/listinfo/luau
