__/ [ Richard Rasker ] on Sunday 01 October 2006 10:46 \__
>
> The Linux vs. Windows security discussions have an all too familiar
> pattern: someone reports the latest weekly critical one-click Windows
> vulnerability, and Windows advocates fall over themselves to present
> excuses, and start mentioning woeful tales of hacked Linux boxes.
>
> Yes, Linux gets hacked on occasion, as it's not invulnerable.
>
> But I have one request: please show me those one-click exploits for Linux.
> I can't seem to find any, except for Windows (where they seem to be the
> rule rather than the exception). I must be looking in the wrong place, as
> all those Windows experts say that Linux is just as vulnerable as Windows.
>
> So even with Linux' smaller installed base, there must be a few at least.
> But I can't find 'em. And oh, throw in a few of those dreaded "social
> engineering viruses" for Linux as well for good measure, as I can't locate
> a single one of these either.
>
> I don't understand. Where is the "easy-to-install" Linux malware?
>
> Richard Rasker
>
You completely forgot use-search-engine-to-compromise-box type of exploits.
You see, with Windows. some exploits only require that you visit a Web site
that has snuck into search engine results pages (SERP's). This has led
Google to going as far as scanning pages for exploits rather than just
caching and indexing them. Windows has increased the workload for services.
|
|