# Linux infection proves Windows malware monopoly is over



## Mumbodog (Oct 3, 2007)

.

http://www.zdnet.com/blog/bott/linu...entoo-ships-backdoor-updated/2206?tag=nl.e550



> Theres a great deal of comment in the Talkback section of this post about how official repositories can be trusted. It appears that system broke down thoroughly in this case.
> 
> Every time I write about Windows security software, I get a predictable flood of responses from Linux advocates who claim that they dont need any such protection. Today comes a shining example of why theyre wrong.
> 
> If you downloaded and installed the open-source Unreal IRC server in the last 8 months or so, youve been pwned.


----------



## lotuseclat79 (Sep 12, 2003)

What a crock! The Windows monopoly on malware far exceeds Linux by many orders of magnitude. Why is this you may ask? Because Windows was never designed or implemented with security in mind in the first place, and the profit motive at the foundation of malware writers today shows no shift or interest in dealing with the problem of breaking into Linux systems (not impossible, but a lot harder to pull off and disguise the malware presence). 

While Windows is improving somewhat and MS Research shows great promise with their work on the Singularity project, MS has yet to win the hearts and minds of security researchers, let alone the poor saps that still insist on running MS Windows at home and in businesses and pay through the roof for security software that is supposed to protect them, but sadly is child's play owing to the superset of malware holes that still exist in MS Windows software. And lets not forget the plight of the computer illiterates that host botnets without knowing that they contribute to the ugly mess that remains yet to be cleaned up on the Internet.

Ask yourself why MS took 2 years to complete a security hardened Windows system for the US Air Force, but never offers such a configuration to normal Windows users - for what price?

-- Tom


----------



## lotuseclat79 (Sep 12, 2003)

Dell says Ubuntu is safer than Windows.

*So, does this end the debate over what the safest OS is? Not by a long shot. Nice bragging rights, though.*

-- Tom


----------



## namenotfound (Apr 30, 2005)

Mumbodog said:


> .
> 
> http://www.zdnet.com/blog/bott/linu...entoo-ships-backdoor-updated/2206?tag=nl.e550


If I read that article correctly, they're just talking about Gentoo, not ALL Linux distributions?


----------



## paisanol69 (Sep 7, 2005)

lotuseclat79 said:


> Dell says Ubuntu is safer than Windows.
> 
> *So, does this end the debate over what the safest OS is? Not by a long shot. Nice bragging rights, though.*
> 
> -- Tom


...take it easy. 

The article is not saying that windows is now better than Linux, or anything like it. It only points out, that linux has been succesfully arracked with malware ...

From Mumbos link above...



> Meanwhile, Mac users shouldnt get complacent either. Intego has reported two in-the-wild outbreaks of a Trojan horse program found on game sites and a gruesome piece of spyware that tags along with screen savers and other freebie apps. (And Intego says they found copies of the unwanted software even after the original distributor claimed to have removed it.)


Now I guess if you are a mac user, the above is an attack on the mac's of the world?? 
nope, just an item pointing out what has become a danger to a mac user. It's the same as what was pointed out regarding the linux users who have downloaded a version of Gentoo, since last November. I didnt read it as an attack on Linux, I read is as an" information for users " article. And I didnt see anything in that article that wasn't true.

You should relax a bit, cause life is way too short !!


----------



## lotuseclat79 (Sep 12, 2003)

Hi paisanol69,

So, you conclude by my posts above that I am not relaxed, eh? I was just injecting information about the circumstance of MS (no security foresight) building a system and then not focusing on its vulnerabilities in its design with regard to its users. I posted it just to be fair following my first post/rant about MS security. So, Linux now has some malware - big whoop, as the problem was not a problem to the Linux kernel, but an IRC server with a backdoor due to sloppy administration of updates - not a design problem in terms of security with Linux, but a vulnerability nonetheless.


If and until MS brings Singularity (their research project OS built from the bottom up with security in mind) to market - I will not have any need to spend my $$$ on their products. The question that stands out is - why can't I have security that's built in like Singularity's from MS?

I've been on Linux for 4 years now as my everyday OS. WinXP Pro SP2 borked itself, and I've never looked back.
Relax you say, eh?. I spend exactly $0.00 on my OS, and $0.00 on security software - and my security works great!

-- Tom


----------



## paisanol69 (Sep 7, 2005)

lotuseclat79 said:


> Hi paisanol69,
> 
> .... So, Linux now has some malware - big whoop, as the problem was not a problem to the Linux kernel, but an IRC server with a backdoor due to sloppy administration of updates - not a design problem in terms of security with Linux, but a vulnerability nonetheless....
> 
> -- Tom


 That was what I gathered after reading the link as well.:up:

It just seemed that you were a bit upset when you posted, and I was joking with you in my post. After all, what with all of the important news links that you post, and not just in this forum, I was concerned that we might have to do without you for a while, if you didnt relax a bit.

If that happened, I would have to spend a whole lot more time on the web, looking for all of the tidbits that you do post about, and I don't have the time to do that!


----------



## TheDr313 (Apr 28, 2010)

Thanks tom for your posts....

I know zip but reading your posts i learn more and more. Food for thought!

Cheers... Jeremy :up:


----------



## Mumbodog (Oct 3, 2007)

> I've been on Linux for 4 years now as my everyday OS. WinXP Pro SP2 borked itself, and I've never looked back.
> Relax you say, eh?. I spend exactly $0.00 on my OS, and $0.00 on security software - and my security works great!
> 
> -- Tom


What distro do you use?

Thanks Tom.

.


----------



## lotuseclat79 (Sep 12, 2003)

Hi Mumbodog,

I use the Ubuntu Live CD, in my own custom scripted environment. No disks are mounted during Internet surfing sessions which is IMO far more secure than any installed OS which automatically becomes exposed via any Internet facing application - browser, email, IRC, or servers - with security vulnerabilities not yet fixed. Anything I want to save is backed up to disk with the network disabled. And if any malware makes it onto my platform - are they smart enough to know the difference between hard disk and an in-memory filesystem? Once I power down - they are gone, and my disk is safe once again. The same scheme can work on a USB flash.

-- Tom


----------



## Mumbodog (Oct 3, 2007)

lotuseclat79 said:


> Hi Mumbodog,
> 
> I use the Ubuntu Live CD, in my own custom scripted environment.
> 
> -- Tom


How is this done?


----------



## lotuseclat79 (Sep 12, 2003)

Hi Mumbodog,

Here's the short overview. Note: I have 4GB RAM, only 3GB usable due to BIOS until I install another MB which I have already purchased and my CPU is compatible with.

1) Boot up the Live CD - this means that browser state, etc. is saved on disk and needs to be reincarnated to RAM.
2) The scripts are on disk, plus I have a CD with a setup.sh script and a second device (a DVD-RAM + a CD/RW)(however, Lucid Lynx Ubuntu 10.04 does not auto-mount the CD (but, Kubuntu 10.04 does). I have to manually run the mkdir and mount commands to access disk initially.
3) First, run setup.sh which retrieves the initlucid.sh script for installing tarballs of minimal packages to be installed.
4) Finish up any housekeeping like reconfiguring background, printing setup, screensaver, displaying size of files on Desktop, running gconf-editor to move buttons to right (although I am comfortable with them on the left as well).
5) The last thing the initlucid.sh script does is to initialize firewall rules for iptables and then dismounts the disk.
6) Boot up the hardware router for a network connection, and then run my browser, Firefox 3.6.3.

I have written a total of 25 scripts that do various things, from upgrading releases, saving my browser session state, handling installed packages and pkg sets for certain functionality to (my newest one - still testing) recompressing bzip2 compressed tarballs into xz compressed tarballs. I have a backup naming scheme that may need to be simplified if I so choose, but obviously, I have integrated the use of everything into my daily working process, so that the redundancy of redoing things everyday instead of booting up from an installed OS is only a matter of minutes which is the price I pay for not installing what OS I choose to run.

I have purchased a couple of 1TB external drives and several USB flash devices to port the scheme over to once I can purchase some more RAM for the new MB.

I have even reconfigured my hardware router to tighten up security on that front. I just saw an article today about hacking one's hardware router, but decided not to comment on it (required registration) - they said nothing about saving your current configuration before downloading and installing new firmware (for bug fixes and new features).

-- Tom


----------



## Mumbodog (Oct 3, 2007)

Thanks Tom.


----------

