<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title></title>
</head>
<body>
Tony Langdon wrote:<br>
<blockquote type="cite"
cite="midB17EB7B34580D311BE38525405DF623201318628@atc-mail-db.atctraining.com.au">
<blockquote type="cite">
<pre wrap="">A question to throw into the linux and open source user circle...<br>Is linux as much at risk to virus' as Windows, etc?<br></pre>
</blockquote>
<pre wrap=""><!----><br>I think the answer is "yes and no". Linux is less susceptible to the<br>"scripting" type viruses and worms that plague Windows, because Linux<br>software tends not to have as much emphasis on automagically doing<br>everything when you open an email, whereas Windows (especially Microsoft)<br>software has a lot of automatic scripting capabilities, which viruses and<br>worms can tap into. The Outlook preview pane is a classic example of this<br>in action.<br></pre>
</blockquote>
<br>
not true. Standard RedHat 7.3, by default, has way more scripting languages
than windows will ever have.<br>
<br>
Also, functionality of mail readers for Linux approaches, and in some areas
surpasses what windows offers.<br>
<br>
The difference is - scripting langauages for Linux are 'abstracted' from
the operating system, making it difficult to wreak any real harm, whereas
in windows these scripting languages are a fundamental part of the O/S, and
therefore have read/write permission for everything. This is a foolish scenario
of course as any virus writer has free-run of the system once he is past
the initial hurdle - getting the email onto the users' desktop.<br>
<br>
<br>
<blockquote type="cite"
cite="midB17EB7B34580D311BE38525405DF623201318628@atc-mail-db.atctraining.com.au">
<pre wrap=""><br>Linux users also tend to run their end user apps as a non root user, so the<br>amount of damage a traditional virus can do is usually quite limited and not<br>system wide (unless the virus can exploit a local root hole on a system<br>binary).<br></pre>
</blockquote>
<br>
It is daft to run *any* program as root, unless it is gauranteed secure -
which it rarely is, hence the regular 'vulnerabilites' type updates we see
for Linux distros.<br>
<br>
"end user" software *never* runs as root unless a. the system is not connected
to *any* network, b. you are happy with destroying your system with a single
typo (done it 3 times myself) or c. you just like living dangerously.<br>
<br>
of course, as you suggest, non-root processes have a very limited opportunity
to do harm.<br>
<br>
<blockquote type="cite"
cite="midB17EB7B34580D311BE38525405DF623201318628@atc-mail-db.atctraining.com.au">
<pre wrap=""><br>For a pure Linux environment, there's no real need for a traditional virus<br>scanner.... yet. That may change one day, if more virus writers target<br>Linux.<br></pre>
</blockquote>
<br>
agreed. I think the hax0r community will be less inclined to destroy an
open-source operating system. Many folks (even non-crackers) consider microsoft
to be equivalent to the tax-man, and could not care less if microsoft were
targetted. Linux is a community-owned system, and is less likely to be actively
targetted.<br>
<br>
I have run Linux for 3 years or so (no windows in our house) I have never
been touched by any virus/attack/anything, and I'm on the net 24/7.<br>
I have *recieved* a few viruses, but simply deleted them.. <shrug><br>
<br>
viruses, today, are irrelevant to Linux.<br>
<br>
<br>
/sw<br>
<br>
</body>
</html>