On Tue, December 15, 2009 17:37, Paul Raulerson wrote:
> Just a comment, but I do not think the Windows virus infection is
> merely a factor of market share.

>
> I am not saying that market share doesn't play a part, even perhaps
> a very large part. But it is certainly no the only factor. In my
> opinion, it also isn't the main driving factor, but that is just my
> opinion. :)
>

I never said computer virus development and infection was 'merely' a
consequence of market share, I said that the reason MS-Windows is
targeted most frequently is because of market share.

The reason that most virus-type software is directed against
MS-Windows is simply that it is the OS most commonly connected to
the Internet.  That is a direct result of market share and nothing
else.  Viruses are not directed against MS just because that it what
the script kiddies have to play with at home. Rather, modern viruses
are all about adding slave machines to a zombie net so as to provide
illicit network services to paying clients.  And it is so much
easier to create such a net from MS-Windows machines since there are
so many more hosts out there running it than anything else.

If Linux today ran as the OS of 45% of all hosts connected to the
Internet, instead of its current 4.5%, then I firmly believe that
Linux would be under the same scale of assault from virus writers as
MS-Windows.  And, I suspect, given the lack of concern evidenced on
my distro's mailing list, many sysadmin's have no clue what they are
in for once Linux becomes a focus of criminal exploitation.

There I regularly read of people turning off SELinux because it
makes administering their systems more difficult.  Others think that
reassigning the sshd port from 22 to something else suffices to
protect against brute force login attempts.  I do not know what they
do to prevent brute force attacks against authentication schemes for
web based services not to mention those for smtp, imap and pop3. 
These are all subject to exactly the same techniques as used in ssh
attacks.  How well will simply moving the service port number work
there?

These are supposedly trained, experienced, and technically
proficient people, not Joe and Jane Average.  If they do not 'get
it' then what will the average Ubuntu user do to protect themselves,
and the rest of us, from criminal penetration and misuse of their
laptops and home computers?

I am no fool, nor am I noticeably negligent, and yet recently it
still took me more than four days of dedicated effort to lock down a
number of Linux hosts that were under dedicated assault from China. 
At one point I had hundreds of different IP addresses simultaneously
attempting to brute force the root password of a single host. What
rule based system, self modifying or not, can deal with tens of
thousands of centrally controlled yet separate IPs, each of which
tries to logon as root just one time every minute or even every hour
if there enough of them?

That capability is what today's computer viruses provide for their
masters, thousands of separate IPs and processors from around the
globe available to direct against the next target.  That is why
MS-Windows presently is the preferred target, there are so many more
of them 'on-line' than anything else.  If something displaces
MS-Windows then that will become the target.  And that is just
market share.

-- 
***          E-Mail is NOT a SECURE channel          ***
James B. Byrne                mailto:[log in to unmask]
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *