That's how a LinuxToday reader, Rainer Weikusat, summed up the claims by FEWT that Linux is more insecure than Windows.
Basically, a minor side water development project, Unreal, which offers an Open Source IRC server, exercised poor server administration skills which allowed their source code to get infected sometime after November 10, 2009. They noticed it only a few days ago.
FEWT used that, and one other incident by another minor side water project to claim that Windows 7 is more secure than Linux ... an ASTONISHING leap of logic. He backs his claims up with statement containing a combination of truths and half-truths:
He then makes this statement:
which he follows up with unnecessary advice which would be difficult or impossible for most ordinary Linux users to employ, which is the obvious intent, because he follows that prescription with the purpose of his real intent:
So, use Windows (and Mac?) rather than Linux to "protect your data"? That's rich in irony. That piece of advice comes from a Windows developer who attempted to create some system tray tools for Eeepc using Mono but failed, so he blames Ubuntu and quits Linux, more than once, apparently because his first "I'm gonna take my marbles and go home" didn't arouse enough interest to suit him.
Here's his "Bottom Line":
An amazing statement. I'm just wondering why 1,300,000 Windows users, after being informed by Windows that their OS was being hijacked as a zombie into a bot farm, agreed to allow it! I also wonder if he has ever heard of tripwire, or several other intrusion detectors, or of rkhunter or chkrootkit.
I am also wondering, since Steve Ballmer himself said a year ago last February that Linux owned 12% of the desktop market share, where are the large, hundred thousand zombie Linux bot farms? Especially since most Windows fanbois claim that infections map to popularity. So, if Windows has over 2 million viruses and such each year, and it does, Linux should have over 200,000 of viruses pounding on it. It doesn't. What is it that virus makers know that FEWT is hiding? That most malware requires the user to first manually save it, then manually add the execute permission, then manually run it, because Linux does not execute email attachments without taking those steps. Last year a hacker group created a 700 zombie Linux bot farm by manually hacking into those computers. It took seven months ( IIRC) for them to do so, about one every 40 minutes per working day. Email won't do it. Hacking mono-a-mono won't do it. Bad web sites are not doing it. IF Linux had even a 10,000 zombi bot farm Microsoft would PAY to make sure that news was ALL OVER the media it owns or controls. (On a side note, one can't help but recall how Microsoft bragged, in their "Highly Reliable Times" ad that .NET was chosen over Linux to create the London Stock Exchange's new trading program. It turns out that Linux wasn't even under consideration and that the .NET "solution" blew up in LSE's face, costing them over $1 Billion. LSE purchased a Linux alternative that had been around for 5 years, which was $ millions cheaper and 5 times faster, and with NO history of failure. The "Highly Reliable Times" has never printed a retraction! )
The advice given by the second source that FEWT cited, makes this statement:
This is why knowledgeable folks on this form state that Linux users with little experience would be wise using ONLY those applications downloaded from the Kubuntu repository or approved PPA's.
Now THAT is good advice.
Basically, a minor side water development project, Unreal, which offers an Open Source IRC server, exercised poor server administration skills which allowed their source code to get infected sometime after November 10, 2009. They noticed it only a few days ago.
FEWT used that, and one other incident by another minor side water project to claim that Windows 7 is more secure than Linux ... an ASTONISHING leap of logic. He backs his claims up with statement containing a combination of truths and half-truths:
When discussing Desktop Linux, the list of possible attack vectors is HUGE and there are just too many to discuss here. The following represents a few of the simplest to compromise areas which can easily be used to gain access to a Desktop Linux system.
* Files placed in /home, /var, and /tmp can be executed
* ~/.config/autostart is user writable without elevating permission
* Listeners can be started by processes running as the user above 1024 without elevating permission
* Use of forums, blogs, and similar to resolve problems often instructs users to run scripts
Malware isn't limited to existence as a binary, Malware can be a shell script. A simple shell script posted in a forum offering to help a user can contain functions that could be immediately applied using only user credentials that can at a minimum perform all of the following bad things to your data.
* Files placed in /home, /var, and /tmp can be executed
* ~/.config/autostart is user writable without elevating permission
* Listeners can be started by processes running as the user above 1024 without elevating permission
* Use of forums, blogs, and similar to resolve problems often instructs users to run scripts
Malware isn't limited to existence as a binary, Malware can be a shell script. A simple shell script posted in a forum offering to help a user can contain functions that could be immediately applied using only user credentials that can at a minimum perform all of the following bad things to your data.
He then makes this statement:
Lets stop selling the make believe case that Desktop Linux is any more secure than Windows because it just plain isn't.
If you consider these steps to be too complex then I strongly recommend that you stop using Desktop Linux. Not because I believe you aren't capable, I would just prefer to see you using a platform that helps you protect your data.
So, use Windows (and Mac?) rather than Linux to "protect your data"? That's rich in irony. That piece of advice comes from a Windows developer who attempted to create some system tray tools for Eeepc using Mono but failed, so he blames Ubuntu and quits Linux, more than once, apparently because his first "I'm gonna take my marbles and go home" didn't arouse enough interest to suit him.
Here's his "Bottom Line":
Bottom line: Be mindful that Desktop Linux is completely unlike Windows, and unlike Windows there is nothing on a Desktop Linux system to warn you when something bad happens.
I am also wondering, since Steve Ballmer himself said a year ago last February that Linux owned 12% of the desktop market share, where are the large, hundred thousand zombie Linux bot farms? Especially since most Windows fanbois claim that infections map to popularity. So, if Windows has over 2 million viruses and such each year, and it does, Linux should have over 200,000 of viruses pounding on it. It doesn't. What is it that virus makers know that FEWT is hiding? That most malware requires the user to first manually save it, then manually add the execute permission, then manually run it, because Linux does not execute email attachments without taking those steps. Last year a hacker group created a 700 zombie Linux bot farm by manually hacking into those computers. It took seven months ( IIRC) for them to do so, about one every 40 minutes per working day. Email won't do it. Hacking mono-a-mono won't do it. Bad web sites are not doing it. IF Linux had even a 10,000 zombi bot farm Microsoft would PAY to make sure that news was ALL OVER the media it owns or controls. (On a side note, one can't help but recall how Microsoft bragged, in their "Highly Reliable Times" ad that .NET was chosen over Linux to create the London Stock Exchange's new trading program. It turns out that Linux wasn't even under consideration and that the .NET "solution" blew up in LSE's face, costing them over $1 Billion. LSE purchased a Linux alternative that had been around for 5 years, which was $ millions cheaper and 5 times faster, and with NO history of failure. The "Highly Reliable Times" has never printed a retraction! )
The advice given by the second source that FEWT cited, makes this statement:
This incident highlights that fact that Linux, just like Windows, can be infected with malware if users are not careful while installing software from outside of the official repositories and trusted PPAs.
Now THAT is good advice.
Comment