On Apr 19, 10:07 pm, Jonathan Berry <jbe...@xxxxxxxxxxxxx> wrote:
> I understand that this Storm Trojan worm relies on the
> user to click something. My friend did get an email with an
> attachment that said she was infected and "click here" to
> clean it up, and she did so. All the news articles I've seen
> say that the malware attacks "PC"s or "computers", they don't
> say which OS may, with the cooperation of the user, be vulnerable.
>
> So, sorry for not being clear enough with the first question,
> but is it impossible for malware to act on an OS X or
> Linux machine in this way?
>
> Thanks,
>
> --
> Jonathan Berry
>
Dear Jonathan,
It's theoretically possible for Unix-based machines (including Linux
and OS/X) to be infected with malware, but much less likely than on a
Windows machine. You can't get infected just by clicking on
something, but if you were willing to go through more complicated
procedures, the kind that you follow when you want to install
legitimate software, then you might get infected. The worst kind of
infections, common with Windows, would require you to enter a root
password on Unix. These kinds of infections include the taking over
of your machine as a "zombie" by a spammer somewhere. Most spam today
originates in such compromised Windows machines. Also, if you run a
Unix-based system that is not configured correctly, it might be
vulnerable to take-over. All the modern Linux distributions (and OS/
X) come properly configured automatically when you get them ("out of
the box"), and an ordinary user wouldn't know how to de-configure them
even if he/she wanted to.
Vista is advertised as having better security than XP and its
predecessors. I don't have personal experience with it, but based on
what I've heard, the extra security in Vista involves lots of pop-ups
warning you about the consequences of some action you might take, and
tighter use of the root=administrator account. Based on what I've
heard, it still isn't as effective as in Unix-based machines, partly
because Microsoft wants to maintain backward compatibility with old
software and make things supposedly easy to use (for "grandmas"). I
say supposedly because malware isn't easy for grandma to deal with.
Plus the announcements so far indicate that Vista is pretty buggy.
But when Vista finally shakes down it may be safer from infection than
XP. (Or maybe not. There is a technology/psychology war between the
purveyors of malware and the defenders, and the bad guys keep finding
new exploits and new ways of getting users to do stupid things. Plus
Vista involved a huge rewrite of code, inevitably introducing lots of
new bugs, and it may be a long time before the worst of these from a
security standpoint are worked out.)
All software of all types has bugs, so it's important whatever system
you run to keep up with patches and bug fixes. This can be done
automatically in most cases, pretty easy if you have a broadband
internet connection. A bug in some software can leave your system
vulnerable to compromise. Plus there is the question of how much
damage can be done if there is a bug in a program that opens an
opportunity for malware. The answer depends on the privilege level at
which the software runs, and Unix-based machines have more software
running with the least privilege than does Windows, where lots of
applied programs require root privileges (based on what I've heard).
In terms of actual numbers, the different types of malware out there
for Windows is in the 100,000's range, while for Linux it is in the
100's, and similar numbers for OS/X. These are the figures I
remember. There are raging debates all the time about the reason for
this. People who defend Windows say that this is because Windows has
the majority of the desktop market, while OS/X and Linux are minor
players (of the desktop market), so Windows is the larger target.
It's a hypothetical question that can't be answered (what would be the
amount of malware written for Linux if it had 50% of the market).
Personally I'd say it would be more than you see today (for Linux),
but still a tiny fraction of what you have with Windows today. The
fact remains that malware today is a very small problem on Linux or OS/
X compared to Windows. Personally, I've never heard of anyone running
Linux or OS/X getting infected with malware, although you do hear from
time to time about bugs in software that open security holes. These
are usually patched very quickly.
The newspaper article speaks of PCs and computers as if they were
synonymous with Windows machines, because the large fraction of
desktop machines do run Windows, and because Microsoft advertising and
marketing has always encouraged the idea that computers=Windows. That
is how they would like it (total monopoly control over everything,
your computer, the software that runs on it, the internet,
entertainment, etc). Journalists are slowly wising up, however, to
the fact that there are alternatives (Linux and OS/X, mainly, on the
desktop).
This is my best take on this question. Hope it helps.
|
|
