You say that like you're talking about two systems, but "Mac based and *nix based" covers at least 5 different major operating system families (Solaris, AIX, *BSD, Irix, OpenServer), and that's just from what I could remember off the top of my head and not counting Linux which is a clone rather than a descendant of Unix. Compromising a Unix system is actually rather difficult compared to Windows - usually with Windows compromising one user or one service is enough to take over the system, while Unix systems tend to be more compartmentalized.
This saddens me...
- Thread starter racketboy
- Start date
You say that like you're talking about two systems, but "Mac based and *nix based" covers at least 5 different major operating system families (Solaris, AIX, *BSD, Irix, OpenServer), and that's just from what I could remember off the top of my head and not counting Linux which is a clone rather than a descendant of Unix. Compromising a Unix system is actually rather difficult compared to Windows - usually with Windows compromising one user or one service is enough to take over the system, while Unix systems tend to be more compartmentalized.
antime
Extra Hard Mid Boss
For those who don't know their history, Macintosh viruses existed in the wild in the late 80s/early 90s. OS X's Unix model certainly makes virus writing more difficult but at the same time keep in mind that most current Windows viruses/worms require explicit user action to help them spread.
Yeah, I've seen quite a few Macs running Norton on both commercial and educational networks.
I wouldn't say that the Unix model makes writing viruses/worms any more difficult. After all, how hard would it be for a piece of code to sit, unnoticed, with regular user permissions, until you sudo/su or otherwise type your root password, leaving your whole system vulnerable? (Strangely, people hardly ever use non-administrator accounts on their home windows boxes.) There are just as many security holes in your average Unix variant as there are in Windows; it's just that for most Unix systems on the network, the admins tend to patch them slightly quicker (and the patches are often released quicker, although for Apple this hasn't always been the case), and the script kiddies don't exploit them quite as much. To a real hacker, however, a poorly defended system is poorly defended no matter what OS it happens to be running.
Actually, the classic Mac OS was probably one of the hardest to exploit over a network because most machines didn't really run any services other than Appletalk file/printer sharing. But yeah, they were vulnerable to the same 'oldschool' virus attacks as every other type of machine, and Mac viruses were a dime a dozen not that long ago.
I wouldn't say that the Unix model makes writing viruses/worms any more difficult. After all, how hard would it be for a piece of code to sit, unnoticed, with regular user permissions, until you sudo/su or otherwise type your root password, leaving your whole system vulnerable? (Strangely, people hardly ever use non-administrator accounts on their home windows boxes.) There are just as many security holes in your average Unix variant as there are in Windows; it's just that for most Unix systems on the network, the admins tend to patch them slightly quicker (and the patches are often released quicker, although for Apple this hasn't always been the case), and the script kiddies don't exploit them quite as much. To a real hacker, however, a poorly defended system is poorly defended no matter what OS it happens to be running.
Actually, the classic Mac OS was probably one of the hardest to exploit over a network because most machines didn't really run any services other than Appletalk file/printer sharing. But yeah, they were vulnerable to the same 'oldschool' virus attacks as every other type of machine, and Mac viruses were a dime a dozen not that long ago.
su/sudo does not elevate all of your processes to root status; you'd have to run the program again as root. And AFAIK there is no way to noninteractively become root on most systems. I suppose a virus could leave a trojan alias in a user's shell startup file so that "su" becomes "su -e ~/.evilprogram", but that's still a hell of a lot more trouble than stack smashing and MIME-type-handling attacks against IE/Outlook/IIS since you generally still need to get someone who's in the wheel group (IIRC, sudo can be configured to be immune to this type of attack). I'm not trying to say that there are not holes in *nix systems or that the number of holes is so tiny that it somehow makes Windows look like evil incarnate, just that the type of administration encouraged by the Unix model leads to better security than the type of administration encouraged by the Windows model. Basically, the Windows attitude is "you can do anything unless it's explicitly forbidden" and the Unix attitude is "you can't do anything unless it's explicitly allowed".
edit: actually, I'm not sure it's impossible to use su-like code to get root noninteractively, but I'm not sure how it could be integrated in a way that would not look suspicious to anyone who is paying attention.
The most recent really bad ones (Code Red, Nimda, and Blaster) required no explicit user action, at least not in the traditional sense. A user will always be able to take stupid risks in running unknown code, but the worst viruses/worms have been those that exploit holes to run without user intervention.
antime
Extra Hard Mid Boss
They're in the minority though. Most (like currently spreading Mydoom) require a user to manually launch the infected mail attachments.
EDIT: Windows also has the disadvantage that lots of programs are still written according to the single-user model and simply don't work properly when not run as admin/localadmin. The "runas" service helps somewhat but is still too limited, at least in Windows 2000.
EDIT: Windows also has the disadvantage that lots of programs are still written according to the single-user model and simply don't work properly when not run as admin/localadmin. The "runas" service helps somewhat but is still too limited, at least in Windows 2000.
ExCyber, I'm not talking about the virus automatically becoming suid rooot as soon as the user executes su/sudo, what I mean is that it would snag the root password from the user at this time and later use it to relaunch itself with root permissions. I'm not just talking out my ass; there are actual viruses written for Linux that work this way, although thankfully most have been written by benevolent authors. I do agree with you about the allowed/forbidden thing as being one of the main flaw of Windows though; I've always wondered why that was the case myself. Although even Windows doesn't allow direct hardware access to anybody but the superuser.
Not only that, but security patches aren't automatically updated in Office components as they are in WinXP. People have to manually go the office update site and get the updates for Outlook, which makes it a much easier target.
http://office.microsoft.com/OfficeUpdate/default.aspx
I use Outlook frequently, I love it. It syncs perfectly with my Zaurus, too.
Similar threads
