Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: The "Biggest Target" paradigm and its consequence

  • Subject: Re: The "Biggest Target" paradigm and its consequence
  • From: Richard Rasker <spamtrap@xxxxxxxxxx>
  • Date: Sat, 30 Sep 2006 20:58:41 +0200
  • Newsgroups: comp.os.linux.advocacy
  • Organization: Linetec
  • References: <pan.2006.09.30.17.30.20.356006@linetec.nl> <4o7obnFcp3f1U1@individual.net> <1679689.nfbT7gsTrn@schestowitz.com>
  • User-agent: Pan/0.14.2.91 (As She Crawled Across the Table)
  • Xref: news.mcc.ac.uk comp.os.linux.advocacy:1162793
Op Sat, 30 Sep 2006 18:48:35 +0100, schreef Roy Schestowitz:

> __/ [ B Gruff ] on Saturday 30 September 2006 18:38 \__
> 
>> On Saturday 30 September 2006 18:30 Richard Rasker wrote:
>> 
>>> 
>>> We all know the drill: Whenever we point out that the security of Windows
>>> has an appalling track record, with hundreds of thousands of viruses,
>>> countless critical (and slowly patched) flaws in IE, and a whole slew of
>>> other nigh disastrous problems, the Windows shills come up with the one
>>> Magic Excuse: "That's because it's the Biggest Target, you stoopid!"
>>> 
>>> According to them, Linux, BSD or MacOS are just as vulnerable as Windows
...
>>> Well then, this can lead to only one conclusion, and only one solution -
>>> and it's so obvious that even the biggest Microsoft apologist can't but
>>> agree.
>>> 
>>> Microsoft's market share must be cut down drastically, by forced
>>> government measures if need be.

>> Exactly:-)
>> 
>> I go back to the question I posed earlier - "Why did so many Irish people
>> suffer and die in the potato famine(s) of the 19th century?"

> Diversifiaction is a natural choice, but I can't say that I agree with
> Richard (yes, I know it was sarcasm). 

I don't agree with me either - if you catch my drift ;-) 
It's just that I realized that the "Biggest Target" paradigm is actually
the absolutely stupidest defence possible to explain the malware crisis,
as it implies that *any* OS with MS' market share would suffer the exact
same problems; therefore, the only possible remedy is a reduced market
share, so that there wouldn't be one Biggest Target any more, but a number
of smaller targets of roughly equal size.

Had they conceded that yes, Windows security really sucks, then they could
have come up with the defence that with a better version of Windows,
things could be solved, without the need to cut down altogether (although
I wouldn't hold my breath on that one either).

There *is*, however, general agreement that a more diversified market is
very desirable, not just for alleviating the malware problem, but also for
a host of other reasons, some of which I mentioned.


> Governments increasingly choose Open Source because they /do/ appreciate
> its merits and inherent security. After all, it is not Linux whose
> majority of code needs to be scraped and (re)written from scratch.
> Moreover, companies whose interests lie in the insecurities of Windows,
> seem to sidle with logic, e.g.:

[snip example]

Well, these people should know :-)

> Lastly:
> 
> The short life and hard times of a Linux virus
> 
> ,----[ Quote ]
> | For a Linux binary virus to infect executables, those executables must
> | be writable by the user activating the virus. That is not likely to be
> | the case. Chances are, the programs are owned by root and the user is
> | running from a non-privileged account. Further, the less experienced
> | the user, the lower the likelihood that he actually owns any
> | executable programs. Therefore, the users who are the least savvy
> | about such hazards are also the ones with the least fertile home
> | directories for viruses.
> |
> | [...]
> `----
> 
>                                         http://librenix.com/?inode=21

Not to mention the fact that one can mount /home noexec. End of problem
altogether, unless the user can be tricked into su'ing to root and
installing malware. But that's a rather less likely scenario. (NO, Erik!
Down Boy! DOWN!)

Richard Rasker

-- 
Linetec Translation and Technology Services

http://www.linetec.nl/


[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index