On Thu, 23 Dec 2010 13:30:45 +0000 Wayne Stallwood ALUGlist@digimatic.co.uk allegedly wrote:
As well as Ubuntu this model has done ok at protecting OSX for a while now, and I don't buy the "not a big enough target" thing because there is a huge and rapidly growing base of OSX machines out there and most of them have no malware protection. If it was as easy to exploit then it would be rampant with malware now.
I disagree :-)
It /is/ as easy to exploit as windows - ask Charlie Miller for example. And so is Linux. In fact, linux server based apps are pretty vulnerable to lots of exploits.
Most commentators put MS desktop OSs at around the 90% mark, OSX at around 6-7% (though that may include IOS because of the dumb way that desktop usage is estimated) and Linux at around 1-2% (though that may be an underestimate for the same reason). Further the profile of desktop OS usage is skewed, with an almost 100% penetration by MS in the home (apart from the inevitable apple fans) and in large corporates (outside the specialists such as design houses etc) by far the majority of the desktops will be MS - and a very specific and common build of OS and applications stack at that.
Now consider the malware business (it is a business). The intention is to make money. Trojan writers can make a few simple assumptions about the target environment and reap huge rewards. They don't /need/ to write multiple variants of attack tools to cover multiple environments. We have an effective monoculture out there.
But don't believe that they are not capable of writing tools which do evaluate the envirionment and behave accordingly. The more sophisticated tools (aimed at commercial espionage) will evalute the environment and get a second stage implant to match that enviroment then attempt one of several exploits (usually aimed at privilege escalation and/or persistence) before eradicating immediate evidence of the initial exploit.
The /only/ reason we do not see the same problems that beset the MS world is that we /are/ a minority. If Linux were running on 90% of all corporate desktops then we would be drowning in Linux malware.
Mick
---------------------------------------------------------------------
The text file for RFC 854 contains exactly 854 lines. Do you think there is any cosmic significance in this?
Douglas E Comer - Internetworking with TCP/IP Volume 1
http://www.ietf.org/rfc/rfc854.txt ---------------------------------------------------------------------