Comments
Kaspersky: Mac, Linux, BSD open for attack
Looming attacks will soon pop the security bubble enjoyed by Linux and Macintosh users, according to Russian security expert Eugene Kaspersky.
View full article »
Free books
Build your tech library with our book giveaways.
Hacking Exposed, Sixth Edition
By Stuart McClure, Joel Scambray, George Kurtz; Published by McGraw-Hill/Osborne
The original Hacking Exposed authors rejoin forces on this tenth anniversary edition to offer completely up-to-date coverage of today's most devastating hacks and how to prevent them. Using their proven methodology, the authors reveal how to locate and patch system vulnerabilities. The book includes new coverage of ISO images, wireless and RFID attacks, Web 2.0 vulnerabilities, anonymous hacking tools, Ubuntu, Windows Server 2008, mobile devices, and more. Enter now!
Regurgitated warning
This same warning has been repeated not only by this company, but other security companies making their living from selling anti-malware to Windows users for as long as I've been using Linux. The first time I heard one of these warnings was in 2001. I'm still waiting for the other shoe to drop.Pure B.S.
The majority of the world's servers run on Unix or Linux. Most of these keep databases with sensible data from banks accounts to tax payers info. How come nobody has released malware to steal such data?The answer is simple, it is extremely difficult. Unix is well designed to resist attacks.
Hollow scare mongering from someone who benefits from it.
Anti-malware vendors make generalisations and hollow claims periodically to frighten people and thereby drum up more business for themselves.Their targets for fear are where the largest markets are and they throw in some systems considered to be near the heights of "most secure" like OpenBSD, to make people think that there is no other option but to use anti-malware software.
The fact is, that no complex system accessible to potentially malicious people can ever be perfectly secure, since they're designed by fallible people. So there will always be a trade-off between security and usability.
For my systems which need security, I prefer to choose a system which has security as the primary focus, with functionality worked into it as the secondary focus (OpenBSD). Given the complexity required and how hostile the Internet is, it can't be perfect, but at least a best effort is made.
If ever I start getting malware outbreaks on my OpenBSD and Mac systems, I'll then consider the new BSD/Mac anti-malware industry which might pop up. But since I'm past 10 years with these systems with no malware problems, I keep saving my money.
Thanks anyway Kaspersky. I'll just keep waiting for the storm.
enchanting delirium, by
enchanting delirium, by Kaspersky. From time to time he making some strange screams about apocalypse, and something about KAV saving the world from the viruses, we're accustomed to it already. Usual puddle gasification, no more.Wondering
I wonder if the die hard Linux user really stops and thinks before commenting.Let see Linux has not been targeted by any major attack since it enception. Part of this is because Linux on the desktop is still a third rate OS due to the ever evolving changes made in every distro. The same phrase I hear all the time is Linux is more secure the Windows. Hate to burst your bubble, but Linux is only more secure because of the lack of use by main stream users, aka average home user. Being open source makes it more vunerable in itself as all a hacker has to do is look through the source code to find vunerablities in the OS. Quit kidding yourselves or being ignorant, the name of the game in hacking has changed. It is no longer about shutting down websites, finding generating key to use pirated software. It is about money and yes Linux and Unix servers are going to be targeted due to this.
How many of the recent attacks on banks were against the almighty Apache server? Think first before talking.
Apache is not an operating system
I think my subject line here says it all, but I'll elaborate. Apache, which mburton325 mentions, is an open source HTTP server, which just happens to be available on nearly every platform on the planet...including Win32/64.What he's failed to realize here is that being open source isn't a bad thing, because there are tons of review on most applications that are available on public repos for just about every major linux distribution. This means that the code is under scrutiny to ensure that any vulnerability found is snuffed out quickly, which often leads to multi-platform fixes, not just Linux, BSD, or Mac native.
Now, I'm not going to berate this person, because it shows that he hasn't used Linux to any extent or he would know how quickly it's out-evolved every other operating system out there. There are a lot of differences in one distro to the next, just like there are a lot of differences from one car make and model to the next. It's all about taste, not differing ideas in security. People tend to forget, Linux is a kernel, not an operating system, even though most distributions are referred to as Linux. Hence 'Red Hat Linux', 'SuSE Linux', 'Kubuntu Linux'. Notice that the distribution name preceeds what powers it. Linux, just like BSD, or any other UNIX/posix OS, is a comglomeration of tools. Windows is no different. When you load out a Windows server, do you only use what came on the installation CD, and never anything more? Not often, I would imagine.
Now, all that said, think about which user-group these OS communities really focus on. Linux, traditionally, has been a server/workstation OS designed with Power Users in mind. Windows, like MacOS, has always been about being everything to everyone, though Windows has traditionally been more open to a greater number of developers. True Linux distros are changing that, and yes... I figure we'll see a lot more flavors of consumer grade Linux distros, but that doesn't make them any more or less secure due to development model. Vulnerabilities in code, are vulnerabilities in code, regardless of what kernel is powering the operations.
In the end, it all comes down to education. If a system-owner / user are not properly trained in system security practices (as most are not), then they will more likely suffer a security breach many times over. I can't keep track of the number of systems that I've had to 'de-infest' of malware because the 'average joe consumer' took his new Windows XP or Vista box, and connected it directly to a Cable modem or DSL, because his ISP sent him only a modem & starter disc and told him 'here... install this and you'll be good to go'.
If you really want to fix the internet security problems, restrict all access to those that can pass a standardized system security and usage training course, tied to an ID card, teamed with a standardized card reader to be used on all systems world wide. The problems with that idea are many-fold however, and most would see this as Orwellian. But, I'd bet that if these login control systems & licensing were tied to biometrics, we would see the internet security problems become a thing of the past, since noone would want to throw up a red flag every time they did something against the 'global internet usage agreement'.
M. Burton is an idiot
This BS is what one would expect to come from one who is so bigoted toward a fatally flawed operating system such as Windoze.That Windoze is essentially the only operating system that hackers attack speaks volumes. Unix has been around for a long time. Why have we not seen attacks against it. It is pretty much the same for Linux and OS X.
M. Burton's sophomoric statement regarding the vulnerability of Open Source software gives one the impression that he works at Microsloth since his statement so closely parallels that of Microsloth.
For the record, I routinely work with all flavors of Unix, Linux, OS X, i5/OS, and even Windoze. Of all of those operating systems, Windoze gives us the most headaches.
mburton325 reality check
mburton325,* Linux has been targeted for attack. It's just that the success of each attack is very short lived, due to sane fundamental design which allows holes to be quickly patched. http://en.wikipedia.org/wiki/List_of_Linux_computer_viruses
* Linux is not just used on the desktop.
* Linux is only a 3rd rate OS for people who cannot command its power. UNIX and UNIX-like systems shift the power towards the intelligence and creativity of the operator, by providing smaller tools designed to be used in combination with each other. Windows assumes its users are idiots and thereby limits them to specific features. Mac OSX provides the best of both Worlds.
* The machines most vulnerable on the Internet are servers, since they always have exposed attack surfaces. Most desktops are not addressable thanks to the high use of NAT routers, are used sporadically and often hop around to different IP addresses between use. Of the hosts which are accessible and SSL enabled, Linux and the BSD's account for 43%. http://news.netcraft.com/SSL-Survey/CMatch/osdv_all Yet Windows still dominates when it comes to exploited hosts.
* If source being open makes the system less secure, explain the OpenBSD success story.
* Money driving some aspects of hacking is very old news. What do you think are the most common targets for SPAM zombie hosts? If open source reduced security, we would have had a shift towards Linux for exploited hosts by now.
* And as someone else pointed out, Apache is not Linux, nor is it an OS.
You should quit being ignorant and start educating yourself and thinking before you talk. If you are creatively challenged, just stick with Windows and be happy that a company caters to the special needs of people like yourself.