Viruses, Microsoft and *nix

I'm wondering why there *seem* to be so few *nix viruses.

Do any people choose not to go the Windows (server) route because of the virus issue?

As a Mac user, I was often told that there aren't many Mac viruses because virus writers want to target as big as audience as possible, so when Mac went to Unix I thought that with Unix being around for 30 years and it being a major operating system within the internet I could expect to be hit by more viruses, but not one in 3 years. Why is that?

its largely to do with popularity, not as many people use macs so no1 writes virii for them.

but that's just what I said. Unix is a hugely popular system and it's been around for 30 years, so it cannot be just that.

Unix is a hugely popular system that's run by people who know what they're doing.

Windows is a hugely popular system that's run by alot of people who don't have a clue what they're doing.

BIG difference.

Path of least resistance, MS is an easy target

The "popularity" argument doesn't hold water anyway. The perennial example of that is that Apache is much more popular than IIS and it's nowhere near as problematic.

Not only do *nix people tend to have a more intimate working knowledge of their system (because it's not locked away from them the way Windoze is), it's a better designed system and has undergone it's stress testing. It handles permissions waayyy better than 'doze, has gotten away from the attitude of convenience before security, etc. There was a time when *nix systems were afflicted by scores of viruses and worms, it's just outgrown that stage (at this rate Windows will NEVER outgrow it though..).

I have to agree with the 'popularity' statement. After I read the above
threads, I tried looking for the article about how windows attacks
are on the decline while linux attacks are on the rise.

I believe this does have to do with popularity. The people that
started using Linux a few years ago are now knowledgable enough
to know how to attack it.

Is this saying that since MAC is hardly touched compared to Windows
that MAC is a solid, secure OS? I don't think so...

However, a great number of people that have switch to Mac OS X have been *iux users including myself. Many people have gone under the "hood" and tweaked the BSD core for added security.

Where I used to work, there were only a single OSS Zealot that still ran Mandrake, and only Mandrake, linux on his laptop.

Generally speaking though, there is something to be said about using off beat platforms. I had a job once where a bank was still using ALPHA servers with True64 Unix for a majority of the Database. Why? The number of people that know much about True 64 Unix is extremely small. The threat/security analyst basically said, "Well if they know the ends and outs of True 64, chances are we don't stand a chance of stopping them no mater what system we deploy."

Now there is one fact about Linux, *BSD, and most OSS projects is that when an exploit is found, it is usually patched within at least 2 - 3 days, usually hours, and most system admins know enough to go wget the patch and install. I have seen in installs at Hotels that are still running NT4 SP3 and IBM and others have not upgraded their system in proably two years. Its those systems that the coders can exploit and use in DOS and other attacks.

Of course, attacks aren't necessary the issue though. Vulnerability to attacks is. Perhaps the above post proves the point made by Ctb: more Linux attacks but far far less damage it seems.

The Mac issue is a bit of a red herring - I was really asking about *nix in general.

It's not a matter of it being solid because it's ignored. Mac OS X actually has a pretty good number of stupid problems. It's matter of it being unexploited because it's ignored, there's a difference.

Windows makes a convenient target for worms/viruses because it's so widely deployed and so homogenous. On top of that, Microsoft's patching history is HORRID. From ignoring problems to slow turnarounds, broken patches to unrealistically large ones, many people find it very painful to update Microsoft systems. As a result, exploits for Windows tend to have a good deal of time to grow in the wild before they're unleashed. An attack on 1 Win9x machine will probably work on 90% of all 9x machines and 75% of all XP machines. The problem is that it IS exploitable in a wide environment whereas each *nix system is not - it's exploitable in it's own little way.

*nix systems, have a tendency to be far less homogenous and so aren't typically exploited by worms or viruses anymore. *nix systems require you to dive in and get you hands dirty to pull off an exploit. For example, sendmail is a very popular, very broken application that runs on many, many *nix installations. However, rare is the occurence of a worm or virus that can exploit it because it often doesn't cross BSD/Linux/Solaris/AIX/OS X boundaries. Instead, most (if not 'almost all') of the sendmail exploits require you to actual get hooked up to the computer running the service and try to break your way in manually. This is far more difficult, so requires far more skill, and results in a loss of almost all the boring canned script-kiddies that can easily attack Windows. Also, you tend to have more security-conscious code slinger in OSS (probably due to the lack of marketroids telling them what to do) who don't do stupid things like embed VB scripting in spreadsheets. Windows has always taken the attitude that it was more important to be feature rich than safe and *nix has gone the other way. As a result, you get bloated, hole-riddled behomeths on Windows like Outlook and Word, and you get lots of little applications that can be chained for functionality on *nix. Since each little peice was written independent of all the other peices, you have fewer tie ins and less opportunity for wide-spread exploits.

Exploits on *nix exist, they just can't be exploited as easily most of the time. Windows, on the other hand, by design, is very easy to break using canned methodology because of it's insistence on convenience and 'make it familiar'.

The argument that it's exploited because it's popular just doesn't have any solid ground to stand on, really. Bear in mind that the juciest targets on the web are nearly all running something from the Unix family tree and they don't really get hit by normal exploits too often (DDoS.. yes.. but that's something that afflicts ALL systems).

I might note that the only thing that can be excused is viruses sent via e-mail. There really isn't much of anything that can be done about home users opening infections unless we can get them to stop doing it (although, heterogenous *nix systems would again make this type of exploit more difficult to pull off in as widespread a way as we see Windows attacks work). But then, that's where *nix shines again - by setting the proper executable restrictions on your filesystems, admins in a corporate *nix network can prevent these infections right at the source - the user. The same can (sort of) be done with Windows now, but it's usually such a hassle because it causes problems running other things that it's not a very good trade off.

Sorry... there's really no good reason to believe that popularity has anything to do with the widespread expoitations on Windows and not *nix....

My wife uses my old Mac to go online. I have SAM (Systematic Antivirus for Mac) on it which I've had since the late 80's. (now owned by Norton) I've never updated it's virus definitions.

A couple years ago, after downloading a program online, it gave my wife a message that the program she downloaded was trying to modify another program. I told her it was probably a virus, so she hit the "deny" button and deleted the program.

There's been several times a virus has tried infecting my computer (if you can call less then a dozen, "several") but each time, SAM detected and blocked it.

So why don't PC's use this type of virus protection? I can only guess that the Mac OS takes a more active roll in file access the Windoze.

BTW: I no longer use SAM since I switched to OSX. But then again, I rarely download programs any more.

There are plenty of systems out there for the PC that do various "passive checking" to watch for viruses indpendent of patterns.

Watching for unauthorized resource access attempts and fingerprinting original executable file sizes then watching for changes are two big ones.

Again... exploit != virus. Viruses take advantage of exploits and proliferate well on Windows platforms due to its homogenous nature and core design flaws. Exploits in general exist anywhere, including *nix systems, but are less likely to be effectively leveraged with canned attacks on *nix due to design discrepancies and, more-so, developers of those systems taking an active role to try and prevent people from being able to cause damage in that type of manner. It's that sort of thinking that makes *nix generally more difficult to use, but much, much more secure in the hands of a competent *nix professional than Windows in the hands of an equally competent Windows admin. The first breed of virus and worm all proliferated well before Windows came into existance. The Unix folks took heed and started beefing up their defenses and making smart design choices. Microsoft, on the other hand, went the route of convenience for it's users and is paying the price. They're just starting to learn this (they're "fashionably late" to every party...), but it's going to be impossible for them to actually build a secure system unless they ditch the existing kernel and rethink their system from scratch (unlikely since they've built themselves up by building systems for grannies and it's tough to create a system that's easy to use, secure, and actually does something).

One of the biggest problems with Windoze is that everything is run as the "root" user. That is just way too much control over the computer, and your average person does not have the knowledge to use that properly.

For Example (these are actual quotes from customers:

But I want to install the calendar program, gator, and my porn dialers, I don't care about the spyware, but it's slowing down or disabling my internet connection.

Or....I have antivirus, what do you mean it has to be updated, I only bought it a year ago. Oh, I turned off the automatic updates, they slowed down my surfing, and I disabled the antivirus software it slowed down my computer. I only open email attachments and programs that are from friends. Can I still get a virus?

The fact that it is sooo easy to install and mess around with Windoze is one of the biggest reasons the viruses get through. I don't know that there is a way of having it both ways.

On most of my XP and 2k networks users can't install anything, or change anything. They can only open the programs installed for them. Very few problems.

That's the biggest "core design flaw" I was thinking of at the time, and another major problem is the insistence on tying everything to the kernel so that problems have a chance to worm through the system's tunnels. Monolothic kernels are OK if they're done right... but Microsoft seems to have this bizarre microkernel that everything then clings desperately to to create a weird sort of monolithic system.... it's all just very odd....


You lucked out. They tried that here in a limited test run and the **** hit the fan. People had problems opening things they should've been able to open and all sorts of other crap (much of it was related to the inherent design flaws in the software itself - some of it Microsoft - that say they must be run with full privileges).

Also, we're running a lot of NT4 boxes, so the best they can really do is scan for unrecognized executables and slap people's wrists for installing them. I've gotten lucky though: they let me have near-admin privs on my own box, so they only thing I can't do is muck about with the registry. Most other people can't really do ANYTHING without incurring the wrath of the BOFHs (which is good).