Surrender To Malware Or Switch To GNU/Linux

In my real world, I’ve seen a good fraction of the PCs around me running that other OS taken down by malware.“After contracting a virus from the Register’s website "over a decade ago", Solomon decided to format his hard-drive and install Linux, and claims not to have had any trouble since then.” I’ve seen them slow down to a crawl. The record was 5 minutes per click. I’ve seen them spewing spam to the point where the thing DOSed itself. I’ve never seen malware on a GNU/Linux system.

The folks who sell security software are seeing similar results and use GNU/Linux themselves and may even be giving up on defending that other OS against malware. Instead they may supply tools for rapid detection and response. Go ahead. Switch to GNU/Linux. Make my day.

See Security pioneer Alan Solomon uses Linux to avoid viruses.

About Robert Pogson

I am a retired teacher in Canada. I taught in the subject areas where I have worked for almost forty years: maths, physics, chemistry and computers. I love hunting, fishing, picking berries and mushrooms, too.
This entry was posted in technology and tagged , , , . Bookmark the permalink.

20 Responses to Surrender To Malware Or Switch To GNU/Linux

  1. oiaohm says:

    http://thenextweb.com/mobile/2014/05/13/research-project-cider-brings-ios-apps-android-devices/
    Something a lot of people don’t read about.
    eug hypervisors are normally a bad choice from performance. Todo the above you are exploiting the in Linux called “cgroups/LXC/Linux Containers” or under Solaris called zones plus some custom code.

    eug if you dig around you will find over and over again technical reasons why Linux Desktop is resistant. Just like Windows Linux has a historic thing causing it trouble. X11 is the historic thing. Attacks against X11 are being attempted to be reduced by taking away root and wayland. Wayland uses a newer/older more secure design. How can it be newer and older at the same time. Wayland goes back to using file descriptors to transfer data between applications. So the security model works. NT has a NT Object security model interesting enough OLE, DDE and COM are disconnected from this in the same way memory mapping and network transfers in X11 are. Difference is OLE DDE and COM could be made connected to the NT security model without rebuilding the complete stack. X11 rebuilding the complete stack is the only option to fix it..

    Interesting enough get lists of Windows Registry security values applied. The reality XP still is running with most of NT security turned off. Windows 7 and 8.x are more resistant to particular attacks than XP because Microsoft has at long last had the permissions they should have had from the start turned on by default. Of course its still a long way to go.

    Linux is hardening with new techs to a level Microsoft is a long way off achiving.

    Sorry to say the idea of the .net OS was Microsoft primary plan and they had no fall back plan. Microsoft is resorting to lack of effectiveness hyper-visor.

    Its the hard thing one of Windows major reasons for being exploited is its default settings sux.

  2. eug wrote, “The downside is the same access to the COM communication layers are also available to the hacker and those who wish to write malicious code.”

    Exactly. Nice comment. Thanks. Of course I knew that NT was not DOS-based but M$ indeed locked itself into a fragile OS by dumping on features and linking everything to everything. I don’t know how the “surface” area of that other OS compares to GNU/Linux but it’s a huge ratio. I remember “3.1” fit on 7 floppies. Around the time of XP is was a good part of a CD. Now its multiple CDs just for the OS. My Beast, kernel and GNU-stuff and X and major applications will still fit on a CD. So, GNU/Linux is probably 10X smaller target and because of the simpler more reliable design a few times smaller again. I saw brand new PCs stagger under the weight of Vista/”7″, just for the OS, doing nothing useful for the user.

  3. kurkosdr says:

    @paul

    tl;dr

  4. eug says:

    http://blog.eracc.com/2009/10/23/gnulinux-security-linux-house-vs-microsoft-house/

    paul
    October 28, 2009 at 9:55 am

    Your article has some truth to it, but it is also flawed. Since Windows NT 4, Microsoft is not using a kernel designed after the old DOS (Windows 95-ME) model. Although you do not explicity state that the newer MS OSes are using the DOS model, it is implied.

    Microsoft developed the NT kernel for Networking and using the Network design of a multi-user system. Therefore, at the foundation, the Windows kernel is a multi user system OS. It is not based on the single user model and has not been really
    since Windows NT/2000. The NT actually stood for Network computer.
    (Há controvérsia. Supostamenet NT vem de New Technology)

    That is where your article may be misleading. However, the truth or germ to your article deals with the Desktop portion of the Windows OS, or the GUI layer. It is here that MS has an old design that causes and will cause multiplicities of security holes and problem domains.

    With the advent of Windows 3.1, Microsoft wished to develop a Common Object layer that would allow applications to communicate with each other, using Objects that could be shared. This was commonly referred to a DDE (Dynamic Data
    Exchange) or OLE (Object Linking and Embedding). This was a model designed to allow programs written for Microsoft Windows to share information and objects among each other. These OLE or DDE based objects could communicate with each other effectively and efficiently allowing programs the ability to interact and share objects and data.

    The results of the OLE and DDE work revealed a great way for programmers to work with and exchange data between disparate applications. OLE was an astounding success. My Word processor and Database application can communicate with each other rather uneventful. MS continued to expand upon this model as they entered the 32 bit world, where it became known as COM and now COM+.

    COM was a hit with programmers and programs that needed to interact with each other. Wonder why MS programs can communicate with others, it is due to COM. Wonder why I, as a programmer, can use MS Office with my custom apps, or
    customize Office, Outlook, and Visio with my custom applications? It is due to COM.

    However, COM was meant only as a single user or desktop application process. When MS started working in the LAN world and later the WAN world, they needed a COM based model for application to application communication with the
    intricacies of their core event model (which COM uses). So they developed DCOM or Distributed COM.

    DCOM allowed MS to to make programming extensions to services and applications easier to work with on the LAN based systems. By allowing COM objects to be accessed remotely, MS allowed program to program communication based on their
    highly successful COM model. Most of the base COM APIs are part o the core of MS’ application programming model. ActiveX grew from Distributed COM.

    The benefits for MS and the MS developer is that it is rather easy to provide application to application communication and low level API processes through the COM API (the HAL layers also exposes COM based objects for device drivers,
    printers, etc). The downside is the same access to the COM communication layers are also available to the hacker and those who wish to write malicious code. Since nearly every MS application uses COM and COM+, and the base kernel APIs are also exposed as COM wrappers, this single or Desktop based model is easily exploited and thus this is why “script kiddies” are successful in hacking MS systems with simple JavaScripts. Once you know the Runtime Type Libraries for a COM object, if it belongs to the MS registry, you can use it. Some of them have protected right access, but most do not. That is the hole that is the MS OS today; COM. (Yes there are others, but this is the primary culprit).

    So why doesn’t MS just do away with COM and the COM model and create an OS that does not need COM? Why don’t they remove the COM based layers from the HAL and GUI layers (as well as hooks to the System Kernel Layer) and thus secure their OS?

    This is easy to answer and hard for MS to move away from. The reason is nearly every application that MS has is based on this model. Office, Outlook, Visio, Project, etc. Nearly all custom applications built in MS shops are also using COM whether they know it or not. If MS removes this model, all compatibility with applications using any part of this model, will no longer work. The MS OS becomes something else and that means firms would more than likely dump the MS OS and adopt something else. Why wouldn’t they, since none of the legacy apps they use today would work any longer.

    MS is a victim of its own success and marketing. They are struck with the COM and Event based model which propelled them to great heights in the beginning of the GUI interface days. They rode that success without much thought to the future. Gates had the correct vision of the computer in every home being used for common tasks. However neither he nor MS envisioned a network computer day, when all computers would be connected to a centralized network as the overwhelming majority are today through the WAN based Internet.

    Now, the Windows OS and the Windows applications are much too ubiquitous to allow a complete rewrite of the MS OS to properly fix the glaring issues that are at the core of the API model, which the Windows OS employs. Could MS fix it?
    Yes, but to do so means a complete rewrite of the application model.

    This is one reason MS embraced Java in the beginning and when they could not control Java, created their own clone called DOT.NET. If and when NET becomes the norm for all application development, MS could change the core API COM based
    model with something else, without breaking the application layer. Since it is the runtime that controls the communication with the OS, all that would have to be changed in a Java or NET based application is the runtime to call and use the newer APIs. The other option is to support a Hypervisor environment within the OS to support the old API model, similar to what Apple did when they adopted the BSD based kernel for OS X. But that does not work as well as native OS calls and needs work to prove effective, not to mention the costs involved for such a development efort.

    However, I am willing to bet MS is secretly working with an MS BSD kernel and the hypervisor model today. Since DOT.NET did not take off nearly as well as MS had hoped, MS has to have a fall back plan.

    Although nearly every MS based shop is doing at least some of their development with NET (primarily browser based applications), the Desktop based apps are still primarily using native API access. This means that they are using COM and
    COM+. That means that the applications as well as the OS are still vulnerable and shall be until this model is changed or abandoned. It may be years before MS finally cuts the ties, or it may be that MS loses so much market share that biting the bullet is easier to swallow. Until that time, MS users should understand that they are truly vulnerable and do what they can to block access. If you are using Windows servers to provide external access in your organization, I really suggest you take a modern IT security course that is not sponsored by MS. You may truly learn something useful.

    One more thing that the MS shops should seriously consider and that is to purchase and develop all new applications in an OS agnostic manner. That way, you are not locked into MS not the vulnerabilities.

    Java is probably the more Enterprise level way of doing your new application development, but there is also Python, PHP, Ruby, and QT based C and C++. If or when MS does change the OS or if they continue to lose market share, you will be
    covered. Moving OS agnostic programs to Windows, Linux, Unix, or MAC is much easier than attempting to move an MS only based application to another platform. NET has its problems, so I do not suggest that NET be a real consideration
    unless you truly want to stay with MS only. Mono works, but does not guarantee 100% compatibility with MS NET. My experience is somewhere between 50 and 70%, which I find unacceptable.

  5. kurkosdr wrote, “I was talking about Desktop Linux and you know it. It’s percentage among ordinary users (aka the ones malware writers target) is small.”

    There are whole countries where StatCounter shows GNU/Linux ahead of XP or MacOS and yet those are targets, so GNU/Linux would be a target if it were as easy to exploit. It’s not because the OS has smaller surfaces to exploit. M$’s OS, for instance has multiple APIs each with its own surface of vulnerabilities and backwards-compatibility vulnerabilities, stuff copied, bugs and all, from one version to the next. It is untenable to hold that malware-writer A would not find it profitable to attack millions of PCs if he could. There are millions of GNU/Linux PCs. Millions… Think of it. Think of the spambots that could be created, the passwords that could be stolen, the files that could be snooped… Black-hat hackers will spend months trying to get into a single system. Why would they ignore GNU/Linux systems?

  6. kurkosdr says:

    @ohioham
    Just to clarify, you have to cite this:

    “un-updated Desktop Linux with all the security options the OS offers on it is less than 1 percent of all known Linux exploits for that Desktop Linux work.”

    AND also this:

    “Majority of known security flaws against windows work under default conditions.”

    (you also haven’t defined the word “majortiy”, so I will define it with the default definition, which is 50.1% or more. So, I expect a citation proving that 50.1% or more of Windows exploits in Windows Vista/7/8 work under default conditions)

  7. Mats Hagglund wrote, “whole ecosystem is abandoning that old boring Microsoft world based on ideas of 1990′s”.

    Wrong decade… 1980s or 1970s. BG and friends had the idea of monopoly from the time of the IBM PC at latest. 1990s OS from M$ was based on DOS until NT/2000/XP. The NT idea was clearly superior to Lose ‘9x but BG and friends corrupted it so we got XP which took a decade or longer to almost debug. XP started with at least 50K bugs and almost no security. Waves of malware and crashes followed. Folks forget early versions of XP would run for just a few days and crash on their own… Now, many consider it sufficiently reliable to use in business. GNU/Linux was like that long before XP came along. The software I used in 2000 from Caldera worked perfectly as far as I know. Zero issues except non-journalled file-system.

  8. kurkosdr says:

    “central management provision of applications”

    Microsoft should have given us a Market for desktop apps, and should have made sure every WHQL driver is in Windows Update.
    But anyway, there are all kinds of third party apps and sites that fill that void. So hunting down is not needed and there is no lack of trustworthy sources, so stop pretending a lack of Market for desktop apps causes infection rates. What causes infection rates is idiots installing stuff from untrustworthy sources.

    “un-updated Desktop Linux with all the security options the OS offers on it is less than 1 percent of all known Linux exploits for that Desktop Linux work. Majority of known security flaws against Linux don’t work under default conditions(user had to have changed configuration of something for them to work). Majority of known security flaws against windows work under default conditions.”

    Any source to prove that? Of course not, rat droppings don’t have to be cited.
    And even if this is true, some attacker can base his attack on that alleged 1% of exploits that work, put said attack in an ad banner or whatever and infect your PC. One known exploit that stays unpatched is enough.

    ANYWAY, TO CONCLUDE:
    My point was that the title of this post, “Surrender to malware..” was dishonest scaremongering and dishonest promotion (used car saleman level of dishonest promotion).

  9. kurkosdr says:

    “I got 3 different pc with Windows on them during 1994-2007 and result was always the same: disaster. After moving to Linux my current pc has worked fine and of course without any useless antivirus applications.”

    You FAILED TO DISCLOSE whether you have done your updates and whether you installed software from untrustworthy sources.

    Is it because such disclosure would not favor your position, because I KNOW you either didn’t do your upgrades or you installed stuff from untrustworthy sources, and THAT’S the reason you got what you got.

    In other words, you purposely hid information from your anecdata (which being anecdata cannot be researched), in order to present your own incompetence (failure to do updates and install stuff from trustworthy sources) as a failure of Windows.

    PS: If you run a popular system, you have to do updates. This is a fact Mac OS X fans are slowly catching up to (after experiencing Flashback).
    Essentially, you are blaming Windows for not being as obscure as Desktop Linux.

  10. oiaohm wrote, “The key to Linux Desktop low infection rate is central management provision of applications”.

    Amen to that. It’s also key to a very low cost of managing GNU/Linux systems. It beats the heck out of hunting down applications and drivers at random intervals. Where I last worked, with that other OS, we had to update the office suite and the anti-virus software separately. M$ was always breaking things and the AV annoyed users greatly while not stopping virii. When we switched to GNU/Linux my re-imaging tasks dropped to zero from at least one a week and slowing down disappeared entirely. Re-re-reboots also disappeared. Most users shut down their PCs once per day instead of having M$ force it repeatedly. I found one original XP SP1 machine that had never been updated by M$ and it was crisp and fast… Instead of upgrading it to the broken solution,XP SP3, we converted it to GNU/Linux where it was crisper and faster. We also put it on the network without fear.

  11. oiaohm says:

    Interesting thing is that even Android is starting to show lower infection rate than Windows. Yes huge number of infections being created for android but they are having reducing effectiveness.

    The key to Linux Desktop low infection rate is central management provision of applications and this being well audited to the Majority. OSi shows the the same virus resistance as Linux Desktop same reasons. So its not just market share Linux Desktop resistance is method of application provide. Android with packages side loadable has shown lower resistance than Linux Desktop but with OS Hardening we are still seeing the effectiveness of viruses dropping on Android to lower than Windows. Advertisement ware is more likely to sneak onto android than malware as such.

    This is the problem Desktop Linux is low numbers and not exactly easy to get into. As Linux Desktop numbers are increasing we are seeing more security solutions.

    un-updated Desktop Linux with all the security options the OS offers on it is less than 1 percent of all known Linux exploits for that Desktop Linux work. This is why the openssl issue was so shocking. Majority of known security flaws against Linux don’t work under default conditions(user had to have changed configuration of something for them to work). Majority of known security flaws against windows work under default conditions.

    un-updated Desktop Linux has a higher resistance than Windows. Ok not 100 percent safe. This is what we should be after.

    Firejail idea is very interesting on Linux. Firejail that is currently proto increases resistance a lot. On a firejail running system breach firefox access a SUID access lift exploit and you raise yourself to the root user of the container Firefox is in that has absolutely no rights to alter the OS.

    Linux world does not believe they have security hard enough yet.

  12. Mats Hagglund says:

    I got 3 different pc with Windows on them during 1994-2007 and result was always the same: disaster. After moving to Linux my current pc has worked fine and of course without any useless antivirus applications.

    Those having XP/Vista or Windows 7 machines should move to Linux immediately because Windows in unnecessary nowadays. World is moving to mobiles (mostly using Android or other Linux distributions). That’s whole ecosystem is abandoning that old boring Microsoft world based on ideas of 1990’s.

  13. kurkosdr says:

    Of course, I don’t expect from you to answer how an un-updated Desktop Linux system cannot be exploited. You just bet on the obscurity of Desktop Linux among average users, just like the mac fans did during the PowerPC era.

  14. kurkosdr says:

    I was talking about Desktop Linux and you know it. It’s percentage among ordinary users (aka the ones malware writers target) is small.

  15. kurkosdr wrote an old canard, “the relative obscurity of Linux systems”.

    You mean malware writers are the last ones on the planet to know about */Linux? Many million ordinary folks know about it and use it. It’s on TV and in newspapers where I live. You can even find it on retail shelves in some parts of my local city.

  16. lpbbear says:

    “Are you telling me Linux doesn’t have exploits, and all the stuff that runs on top of it (browser, Flash, PDF reader) doesn’t have exploits too?”

    Check back in with us when you hit 17 years of being malware free running like that in Windows.

  17. kurkosdr says:

    Ironically, I do NOT run Security Essentials and any other antivirus. Defender is disabled on my system too. No problems with malware.

    Of course I always update Windows, my browser and Flash/Acrobat Reader.

    Are you telling me Linux doesn’t have exploits, and all the stuff that runs on top of it (browser, Flash, PDF reader) doesn’t have exploits too?

    If you leave a Linux system un-updated, it is vulnerable to exploits. It’s just that nobody is exploiting them as of yet, because of the relative obscurity of Linux systems.

    This is exactly the kind of thinking that gave us Flashback, thanks for confirming my previous post.

  18. lpbbear says:

    “Oh please explain to me dougman, how Linux prevents someone from creating a trojan that sets an auto-starting process that sends spam, package it in a deb and rename it to “JennaJamesonScreensaver.deb” Oh yeah it doesn’t prevent that.”

    That has no correlation to the Windows malware issue.

    Think of this as the Pepsi challenge….for computer operating systems. Uninstall any antivirus app you are using in Windows, including Microsoft Security Essentials. Uninstall any Anti Spyware app you’re using. Uninstall any other app that is meant to provide a security function for Windows. Uninstall any software firewall and turn off the built in one in Windows. You can stay behind your firewall/router. Now go ahead and send and receive email, visit random websites, watch videos on you tube and do the things you normally do with your Windows computer. Check back in a month and tell us how secure Windows was. I’ll do the same with Linux………..oh…..wait a minute. I’m already doing that with Linux and have been since 1997. Oops…..oh well I cheated but no worries. I’m sure you’ll catch up….someday.

    Your “security by obscurity” myth is just that….a myth.

  19. kurkosdr says:

    Oh please explain to me dougman, how Linux prevents someone from creating a trojan that sets an auto-starting process that sends spam, package it in a deb and rename it to “JennaJamesonScreensaver.deb”

    Oh yeah it doesn’t prevent that.

    The rhetoric of Linux fans, the “we are immune to viruses” kind of rhetoric, is a Flashback Linux Edition waiting to happen. Mac fans used a similar rhetoric, and look what it happened when they broke out of the niche status and security by obscurity was no more.

    On a second thought, Linux probably won’t break out of the 1%, so if you think security by obscurity is a good thing provided you can maintain the “obscurity” bit, keep on posting “Windows = Malware”.

  20. dougman says:

    Windows = Malware

Leave a Reply