[PLUG] D'oh: Linux, spyware, and Nazi's...

[Matt Wirges]

Looks like you stirred up the hornets nest, Carl. :-)

Unfortunately, I have to disagree with your statement:
  "Most importantly, Linux is immune to spyware, adware, and all types of 
malware."

  Here's the biggest [non]secret in security: USERS ARE THE VULNERABILITY! :-)

   Most malware (spyware, adware, worms/viruses, etc...) are installed by the 
user (even though they do not know it).  So in the case of, say spyware 
packaged with Kazaa, /you/ installed it.  It's there, and it wasn't so much of 
a vulnerability of the OS, as it was the ignorance of the user.  It wouldn't 
be very hard to put together some malware and distribute it in, say, an RPM 
and get a bunch of people to install it.  In most cases, the user will 
escalate her privileges to root to install the package, thus adding the 
spyware which can then run at will (and once you have root, is terribly easy 
to "hide" such processes from the casual/intermediate user).

Now, having said that, we are really dealing with probabilities here.  The 
probability that you will get a piece of software for Linux that has some sort 
of malware in it, is relatively low.  I think there are likely many factors 
that go into this.  The average "computer smarts" of Linux users is probably 
higher than that of the Windows user base, making it more difficult to sneak 
something by (though completely possible). However, I also believe that it is 
easier for an attacker to exploit network-based services running on your Linux 
boxen (vulnerabilities in say, openssh, account enumeration attacks, etc...) 
than it is to get you to install a package with some malicious software. 
Finally, and the opinion from Dave Enright in the Exponent touched on this, 
and its something you cannot ignore: there are many, many, *many* more 
[clueless] Windows users out there than there are Linux users.   For 
script-kiddies and so-called "hackers", this means there are so many more 
easy-to-exploit targets for IRC bots/C&C/proxies servers, ftp servers, 
launching pads, ad nauseum... in the Windows user-base.  For the (spy|ad)ware 
community _this is where all of the consumers are_.  These are the people they 
want to cater to, or spy on as the case may be.  More effort is diverted 
towards exploiting Windows than it is towards Linux.

I think Linux has a lot going for it, but I certainly think that if a bulk of 
the Windows community suddenly switched to a Linux distribution, we'd be in 
for a rude awakening security wise. The bulk of which would be attributed to 
the clueless users running it.

On another related topic, it made me chuckle to see that the Installfest 
posters of last semester came back to haunt the PLUG community (from 
yesterday's Exponent opinions [1/25]):
http://www.purdueexponent.com/interface/bebop/showstory.php?date=2005/01/25&section=letters&storyid=letter2

"Furthermore, I have a beef with you Linux or Mac users. I was offended by 
some flyers last year for a call out. One went something like, "Hitler used a 
Mac" and another turned the Microsoft logo into a swastika. Maybe it is just 
me but I do not see the humor in the deaths of 11 million innocent people. 
Would you make a flyer that said, "Don't be a slave to Microsoft" and show a 
slave ship sailing from Africa to the Americas flying a Microsoft flag? There 
is nothing funny about racism and anti-semitism."

I mainly find this sort of thing funny because people will stop at nothing to 
be offended.  It's becoming as much of a part as the American way as 
litigation is.  But reality has to kick in and make me realize that, even if I 
think it is overreacting, people do get offended by this sort of stuff and it 
can turn them away from what could be an otherwise good thing: trying Linux.

-matt
-- 
Matthew Wirges
IT Security and Policy Analyst
Office of the Vice President for Information Technology
Security and Privacy, Purdue University
wirges at purdue.edu :: (765)49-62307
PGP/GPG: EB69 701E EECC 5DD0 E604  0EE0 1346 74BF 5DBC 5ADB