Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: Spam e-mail (=Windows Holes) is costing companies (even if they only use Linux)

__/ [ nessuno@xxxxxxxxxxxxxxxxxxx ] on Wednesday 02 August 2006 13:14 \__

>> But since more linux machines tend to run their own smtp servers and
>> leave them open as open relays there is a contribution there too.
> 
> Back in 97 Caldera linux put out a distro with sendmail that was
> default configured with an open relay.  By the summer they had a
> security bulletin out.  I don't think any Linux distro has put out a
> default mail server configured as an open relay since that time.  You'd
> have to know something about sendmail configuration even to
> deliberately set one up nowadays (or postfix etc), and a person with
> such sophistication would be unlikely to be so stupid.  It's possible,
> but I doubt it, and I doubt that very many linux systems are currently
> being used as open relays.
> 
> If 80% of the spam is sent by Windows zombies, then it's a good
> question where the other 20% comes from.  The majority of it may also
> come from Windows machines.  It may come from non-Windows machines that
> are not compromised, but deliberately used as spam spewers (I don't
> know, maybe in Russia or some place).  I have no idea, and I don't know
> about the methodologies used in the 80% studies.
> 
> You seem to trail off into the thought that Windows machines are the
> victims of malware only because they are a bigger target.  MS would
> like people to believe that, but it's just not credible.  The security
> issues with Windows are real, and much worse than with any other OS.

To provide just one explanation:

,----[ Quote ]
| To test her concept, Forrest experimented with a version of the
| open-source operating system Linux. She altered the system to force
| programs to assign data to memory locations at random. Then she subjected
| the computer to several well-known attacks that used the buffer-overflow
| technique. None could get through. Instead, they targeted the wrong area
| of memory. Although part of the software would often crash, Linux would
| quickly restart it, and get rid of the virus in the process.
`----

http://www.schneier.com/blog/archives/2006/08/security_and_mo.html

One would imagine that the 60% code rewrite (in Vista, according to Allchin),
as well as the complains about endless cyclic dependencies (no modularity,
according to a Windows tester/engineer) reflects on the sordid mess, which
renders the code untestable.

Moderate and patient development is a virtue. Deadline-driven addition of
bells and whistles, as well as inclusion of over-the-top patches (due to
premature O/S releases) leads to poor binaries lying out there 'in the
wild', being easy prey/pickings.

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index