[kwlug-disc] Linus viruses

Wed Jul 28 10:57:34 EDT 2010

Insurance Squared Inc. wrote:
> I don't think there's a need to get that specific.
> 
> I have a linux desktop, had one for something like 5-10 years.  I take 
> no specific security precautions, run no virus scanner, and have never 
> had an issue with external intrusions or compromises.
> 
> Try the same thing with a windows desktop.  My mother's computer was 
> filthy with viruses and hacks until I got her on to linux.  All I did 
> was do a default install, give her the machine, and no further issues.  
> My point was, linux desktops don't get compromised ever.  Not rarely - 
> ever.  I've never had it happen, and nobody on this list even knows 
> anybody that it's ever happened to. that's the point I was curious about 
> - could it happen in some remote possibility?  Apparently not.

I'm sorry, this is simply false.  Very false.  I've once been pwned by a 
worm.  I'll freely admit, it was entirely my fault for not locking down 
a default Slackware install and not taking action to fix a well 
publicized vulnerability. It was fascinating to see the hackers work, 
using the compiler toolchain on my system to build the rootkit on the 
fly and access the machine via an irc bot.... fun times.  And more 
recently, we have the example of themes being downloaded with malware 
from gnome-look.org; a perfect example of Windows style malware when you 
have users downloading and installing whatever they want with admin 
privilages from untrusted sources.

I believe Linux security to be far and away better than the traditional 
Windows model, but a direct comparison is unlikely to be useful.  Linux 
security is greatly improved by two important factors that are, 
combined, probably better than any software design of modern OS's.

1.  Relative obscurity:  If Linux requires more work to compromise and 
represents only 5% of of your potential target base, it makes little 
sense to invest in malware for Linux desktops, currently.

2.  Linux users are likely to be more tech savvy.  So if Linux is on 1 - 
5% of desktops, how many of those are likely to be a potential victim? 
half? less than a quarter?