Quote:
|
Originally Posted by Epyon9283
Linux and OS X have fantastic real world security records compared to Windows.
|
The Morris worm. The ramen worm. The li0n worm. The slapper worm. I can keep going. There have been a couple of minor ones recently but as Jinto basically said, the world of linux has diversified to the point that its hard to write 1 single worm. There was actually an attempt in 2005 at the latest version of a worm for a sendmail vuln iirc. "Wait, but most of these don't actually affect the nix core itself." Yes, they attack the installed components that you find on almost every server. The actual base os itself has a better security track in the last 6 years than MS. (Most pre-blaster worms for MS affected IIS and only IIS). A windows box with an admin who knows what they are doing (Even running as admin) is just as secure as a OSX or Linux box.
In the past 6 years, there have been about 8 or so remotely wormable holes in Windows. Otherwise, the majority of the exploits that have done anything are in IE or Office Suite/Outlook.
Quote:
|
If it was so easy to infect Linux and OS X, why aren't there more viruses out there? I have difficultly believing its because there are relatively few boxes out there. Linux is pretty popular in the server space. If someone were to write a virus that spread quickly in Linux or OS X they'd gain some notoriety.
|
OSX viruses are very very difficult to write from my understanding of the OS security model. My understanding is that they are trivial to do, but all require user interaction basically. There are plently of unpatched components on any OS X that a good enough 0 day will result in a decent attack. But there are so few OS X boxes out there that this is probably not even worth your time.
Linux is a different story. Most linux boxes have a set of programs which will be there semireliably and so it is very easy once you find something listening that is exploitable. There is no user interaction required if you find the right targets. (1x remote code on a program with enough privs + 1x priv eliv = all your root are belong to us). You can't exactly write a virus for linux that does anything reliably except take control or log the affected system. What are you going to do, have popup ads in the terminal?
If you are qualifying a virus by whether it self-replicates, then yes. If you are qualifying virus as the umbrella term for malware which it has become, then no.