I do not think virii will ever be nearly the problem it is for windows. This is because the anti root security model is enforced in any distribution by default. Windows to the contrary, historically was not designed with any security model giving rise to typically security brain dead 3rd party software, global only configuration, and common bad user practice such as making all domain users local admin. Windows XP's install even sets users up with full admin privs, as does any suppliers default config. This would not happen wide scale in Linux because Linux and Unix as a whole does not have this history and no tech in their right mind would ever think of letting a common user run as root (at least not on a wide enough scale to enable massive virii dists). Also Virii heavily rely on uniform configuration and software dists/versions. Linux does not and hopefully will not ever have such complete and total version consolidation as windows has. Available updates are also far more frequent in active Linux projects even if somehow there became only one dist, the chance that everyone would all be running on the same version is less for this reason. Lastly it comes down to the open source mentality, when the source is open to look at the developers can not hide behind anything, they can not make any excuses because weather they fix it or someone else fixes it, it will be fixed if it annoys some talented people. Some reports have shown that there have been about the same number of security holes found in Linux software than in the Windows OS. Of course thats completely unfair and there are many ways of measuring this however it points to one interesting fact. If we are able to find that many holes in a closed source OS like Windows just imagine how many more than Linux it must really have. *not to mention the limited number of systems that are actually affected by any found on Linux*. Microsoft also just plain doesn't care, there are an unbelievable number of Microsoft verified bugs in windows that they just do not fix! Searching on www.technet.com (Microsoft's support site) will reveal quite a number of documents which ends with answers such as "Microsoft recommends not using this feature", "Microsoft has verified this as a problem but no solution is currently available", or my favorite "Reformat and reinstall is the only solution to this problem". Microsoft fixes security bugs but only the minimum of actual bugs. It's a fact and I am sick of it. (I have to reload our companies exchange server this weekend because of this). PS: I would love to see a performance comparison of a windows server running a virus scanner VS a Linux server without, because thats the reality of it. On Wed, 2003-08-06 at 09:07, Craig White wrote: > On Tue, 2003-08-05 at 23:12, der.hans wrote: > > Am 05. Aug, 2003 schwätzte Craig White so: > > > That might be true, but executing images and plain text are foolish. > > Whatever group did that obviously never took security or stability into > > account. That wasn't adding functionality, that was only adding security > > holes. > > > > Open the file and examine it to find out if it is an image, don't execute it > > and see what happens. It's a data file, not an executable, so why do m$ > > programs execute them? I haven't yet seen anything saying they're fixing > > this error. They're just suggesting using filters ( some of which are now in > > their code ) to avoid ( some of ) the exploits we know about. > > > --- > Some of these things had roots before the Microsoft mail clients...html > mail with embedded javascript for example and then there was RLE pics > > As you know, when you have a sizable workgroup, sending users an > executable via email is a bad idea. Some users won't execute it, some > users are incapable of making the distinction of which executable > attachments are ok and will get the idea that all executables are OK to > double click and so on. > > Windows can pretty much distribute updates via netlogon scripts so the > email thing was an interesting idea that went amuck. Starting with IE/OE > 6, the default is to prevent scripted attachments from executing (in > fact, they are by default not even shown to the user) which eliminates > the problem on new installs but of course, there are millions of > machines out there that aren't thus configured. > > At this point, the virii benefits of Linux are pretty much the same as > for Macintosh - it's hard to gain recognition for the evil deeds when > your target is a small percentage of the computing public. I would agree > that I have had enough of removing the various virii from Windows > machines and insist that all my Windows network clients use Symantec AV > for desktops & servers which I can maintain, update all clients and lock > them out of shutting it off on their desktops - thereby alleviating all > user responsibility. It's about $50 per user (and $25 per year > thereafter). It's just an addition to the cost per computer per year and > I'm afraid that in the not too distant future, something similar will be > required for Linux. > > Craig > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change you mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss -- Entelin