The"Biggest Target" paradigm and its consequence

Richard Rasker · External Since: Jul 27, 2005 Posts: 170

We all know the drill: Whenever we point out that the security of Windows
has an appalling track record, with hundreds of thousands of viruses,
countless critical (and slowly patched) flaws in IE, and a whole slew of
other nigh disastrous problems, the Windows shills come up with the one
Magic Excuse: "That's because it's the Biggest Target, you stoopid!"

According to them, Linux, BSD or MacOS are just as vulnerable as Windows
(if not more, hahaha, the idea!), it's just that hardly any hacker thinks
attacking them is worth the trouble, because perhaps ten percent of people
use these OS'es.
"If Linux would have the market share Windows has, there'd be the very
same massive problems with botnets, spam, and malware", "Linux just isn't
an interesting target at all", "Social engineering makes any OS completely
defenseless. But hackers only go after the largest platform", "Complexity
[to execute arbitrary code] is no deterrent." Et cetera, and so on, ad
nauseam.

Apart from the fact that these people appear somewhat detached from
reality, I found that they're actually digging their own grave.
It's quite simple, really:

Let's assume that these people are actually right, and that Microsoft's
approximately 90% market share is the first and foremost cause of the
current malware and spam crisis.
Well then, this can lead to only one conclusion, and only one solution -
and it's so obvious that even the biggest Microsoft apologist can't but
agree.

Microsoft's market share must be cut down drastically, by forced
government measures if need be.

I propose a phased approach, bringing down the percentage of Windows
computers with 15% annually, to avoid creating instant IT chaos (um, well,
more chaos than today, that is), for five years to come. After this
period, we'll not just have a nice, healthy, heterogenous IT environment,
with vastly less malware and spam, but lots of other benefits as well,
such as universal interoperability, general adherence to open standards,
more choice, cheaper computing, and lots more.

And, of course, I count on the co-operation of all those Windows fans
here - it's their current "Biggest Target" conviction that largely
implies this course of action in the first place. So people, let's go do
some cutting down and diversifying!

Richard Rasker

--
Linetec Translation and Technology Services

http://www.linetec.nl/

B Gruff · External Since: Jun 17, 2004 Posts: 1639

On Saturday 30 September 2006 18:30 Richard Rasker wrote:

>
> We all know the drill: Whenever we point out that the security of Windows
> has an appalling track record, with hundreds of thousands of viruses,
> countless critical (and slowly patched) flaws in IE, and a whole slew of
> other nigh disastrous problems, the Windows shills come up with the one
> Magic Excuse: "That's because it's the Biggest Target, you stoopid!"
>
> According to them, Linux, BSD or MacOS are just as vulnerable as Windows
> (if not more, hahaha, the idea!), it's just that hardly any hacker thinks
> attacking them is worth the trouble, because perhaps ten percent of people
> use these OS'es.
> "If Linux would have the market share Windows has, there'd be the very
> same massive problems with botnets, spam, and malware", "Linux just isn't
> an interesting target at all", "Social engineering makes any OS completely
> defenseless. But hackers only go after the largest platform", "Complexity
> [to execute arbitrary code] is no deterrent." Et cetera, and so on, ad
> nauseam.
>
>
> Apart from the fact that these people appear somewhat detached from
> reality, I found that they're actually digging their own grave.
> It's quite simple, really:
>
> Let's assume that these people are actually right, and that Microsoft's
> approximately 90% market share is the first and foremost cause of the
> current malware and spam crisis.
> Well then, this can lead to only one conclusion, and only one solution -
> and it's so obvious that even the biggest Microsoft apologist can't but
> agree.
>
> Microsoft's market share must be cut down drastically, by forced
> government measures if need be.
>
> I propose a phased approach, bringing down the percentage of Windows
> computers with 15% annually, to avoid creating instant IT chaos (um, well,
> more chaos than today, that is), for five years to come. After this
> period, we'll not just have a nice, healthy, heterogenous IT environment,
> with vastly less malware and spam, but lots of other benefits as well,
> such as universal interoperability, general adherence to open standards,
> more choice, cheaper computing, and lots more.
>
> And, of course, I count on the co-operation of all those Windows fans
> here - it's their current "Biggest Target" conviction that largely
> implies this course of action in the first place. So people, let's go do
> some cutting down and diversifying!

Exactly:-)

I go back to the question I posed earlier - "Why did so many Irish people
suffer and die in the potato famine(s) of the 19th century?"

Erik Funkenbusch · External Since: May 27, 2005 Posts: 2362

On Sat, 30 Sep 2006 19:30:21 +0200, Richard Rasker wrote:

> Apart from the fact that these people appear somewhat detached from
> reality, I found that they're actually digging their own grave.
> It's quite simple, really:

....

> Microsoft's market share must be cut down drastically, by forced
> government measures if need be.

Ahh... the cutting off one's nose to spite the face argument.

How pedestrian.

SierraTangoFoxtrotUniform · External Since: Sep 30, 2006 Posts: 2

Richard Rasker wrote:
>
> Microsoft's market share must be cut down drastically, by forced
> government measures if need be.
>

Nellie Kroes tried and failed, allowing Bruno Segers, among others, to have
the last laugh.

http://segersbruno.spaces.live.com/blog/cns!8C08E27D447F4396!580.entry...=BlogPa

Roy Schestowitz · External Since: Jun 26, 2005 Posts: 24199

__/ [ B Gruff ] on Saturday 30 September 2006 18:38 \__

> On Saturday 30 September 2006 18:30 Richard Rasker wrote:
>
>>
>> We all know the drill: Whenever we point out that the security of Windows
>> has an appalling track record, with hundreds of thousands of viruses,
>> countless critical (and slowly patched) flaws in IE, and a whole slew of
>> other nigh disastrous problems, the Windows shills come up with the one
>> Magic Excuse: "That's because it's the Biggest Target, you stoopid!"
>>
>> According to them, Linux, BSD or MacOS are just as vulnerable as Windows
>> (if not more, hahaha, the idea!), it's just that hardly any hacker thinks
>> attacking them is worth the trouble, because perhaps ten percent of people
>> use these OS'es.
>> "If Linux would have the market share Windows has, there'd be the very
>> same massive problems with botnets, spam, and malware", "Linux just isn't
>> an interesting target at all", "Social engineering makes any OS completely
>> defenseless. But hackers only go after the largest platform", "Complexity
>> [to execute arbitrary code] is no deterrent." Et cetera, and so on, ad
>> nauseam.
>>
>>
>> Apart from the fact that these people appear somewhat detached from
>> reality, I found that they're actually digging their own grave.
>> It's quite simple, really:
>>
>> Let's assume that these people are actually right, and that Microsoft's
>> approximately 90% market share is the first and foremost cause of the
>> current malware and spam crisis.
>> Well then, this can lead to only one conclusion, and only one solution -
>> and it's so obvious that even the biggest Microsoft apologist can't but
>> agree.
>>
>> Microsoft's market share must be cut down drastically, by forced
>> government measures if need be.
>>
>> I propose a phased approach, bringing down the percentage of Windows
>> computers with 15% annually, to avoid creating instant IT chaos (um, well,
>> more chaos than today, that is), for five years to come. After this
>> period, we'll not just have a nice, healthy, heterogenous IT environment,
>> with vastly less malware and spam, but lots of other benefits as well,
>> such as universal interoperability, general adherence to open standards,
>> more choice, cheaper computing, and lots more.
>>
>> And, of course, I count on the co-operation of all those Windows fans
>> here - it's their current "Biggest Target" conviction that largely
>> implies this course of action in the first place. So people, let's go do
>> some cutting down and diversifying!
>
> Exactly:-)
>
> I go back to the question I posed earlier - "Why did so many Irish people
> suffer and die in the potato famine(s) of the 19th century?"

Diversifiaction is a natural choice, but I can't say that I agree with
Richard (yes, I know it was sarcasm). Governments increasingly choose Open
Source because they /do/ appreciate its merits and inherent security. After
all, it is not Linux whose majority of code needs to be scraped and
(re)written from scratch. Moreover, companies whose interests lie in the
insecurities of Windows, seem to sidle with logic, e.g.:

Trend Micro: Open source is more secure

,----[ Quote ]
| Antivirus vendor Trend Micro is claiming that open-source software is
| inherently more secure than proprietary software such as Microsoft
| Windows.
|
| "Open source is more secure. Period," Raimund Genes, chief technical
| officer for anti-malware at Trend, said. "More people control the code
| base; they can react immediately to vulnerabilities; and open source
| doesn't have so much of a problem with legacy code because of the
| number of distributions."
|
| Genes said open-source developers "openly talk about security," so
| patches are "immediate--as soon as something happens," whereas
| proprietary vendors with closed code have to rely purely on their
| own resources to push patches out.
`----

http://news.com.com/2100-7355_3-6083490.html?part=rss&tag=6083490&subj=news

Trend Micro CTO hints that Trend will Open Source Code

,----[ Quote ]
| In a stunning revelation in Trend Micro: Open source is more secure,
| Trend CTO Raimund Genes hints that Trend may release their code as
| an open source project!
`----

http://blogs.technet.com/security/archive/2006/06/14/435960.aspx

Lastly:

The short life and hard times of a Linux virus

,----[ Quote ]
| For a Linux binary virus to infect executables, those executables must
| be writable by the user activating the virus. That is not likely to be
| the case. Chances are, the programs are owned by root and the user is
| running from a non-privileged account. Further, the less experienced
| the user, the lower the likelihood that he actually owns any
| executable programs. Therefore, the users who are the least savvy about
| such hazards are also the ones with the least fertile home directories
| for viruses.
|
| [...]
`----

http://librenix.com/?inode=21

[H]omer · External Since: Apr 21, 2006 Posts: 2134

Richard Rasker wrote:

> It's just that I realized that the "Biggest Target" paradigm is actually
> the absolutely stupidest defence possible to explain the malware crisis,
> as it implies that *any* OS with MS' market share would suffer the exact
> same problems; therefore, the only possible remedy is a reduced market
> share, so that there wouldn't be one Biggest Target any more, but a number
> of smaller targets of roughly equal size.

"Creating more targets" is a process called diversity; it's a solution
that has already been implemented in Linux since 2003, and is set to be
a feature of Vista called ASLR (Address Space Layout Randomization).

http://www.eweek.com/article2/0,1895,1969505,00.asp

Note that the technology upon which ASLR is founded, was created by
Professor Stephanie Forrest at the University of New Mexico, using Linux.

..----
| To test her concept, Forrest experimented with a version of the
| open-source operating system Linux. She altered the system to force
| programs to assign data to memory locations at random. Then she
| subjected the computer to several well-known attacks that used the
| buffer-overflow technique. None could get through.
|
| ...
|
| Linux computer-security experts quickly picked up on Forrest's idea.
| In 2003 Red Hat, the maker of a popular version of Linux, began
| including memory-space randomisation in its products.
|
| ...
|
| ####################
| # Also of interest #
| ####################
|
| Memory scrambling isn't the only way to add diversity to operating
| systems. Even more sophisticated techniques are in the works. Forrest
| has tried altering "instruction sets", commands that programs use to
| communicate with a computer's hardware, such as its processor chip or
| memory.
|
| Her trick was to replace the "translator" program that interprets
| these instruction sets with a specially modified one. Every time the
| computer boots up, Forrest's software loads into memory and encrypts
| the instruction sets in the hardware using a randomised encoding key.
| When a program wants to send a command to the computer, Forrest's
| translator decrypts the command on the fly so the computer can
| understand it.
| "The program turns malicious code into digital gibberish and it
| vanishes on reboot"
|
| This produces an elegant form of protection. If an attacker manages
| to insert malicious code into a running program, that code will also
| be decrypted by the translator when it is passed to the hardware.
| However, since the attacker's code is not encrypted in the first
| place, the decryption process turns it into digital gibberish so the
| computer hardware cannot understand it. Since it exists only in the
| computer's memory and has not been written to the computer's hard
| disc, it will vanish upon reboot.
`----

- http://tinyurl.com/jrnbv (publicenemy.com) [New Scientist Article]

--
K.
http://slated.org - Slated, Rated & Blogged

..----
| L.A. town is falling down, while the ground moves around.
| We won't let it get us down; we're Californians!
`----
- Animaniacs ( http://youtube.com/watch?v=XKcgTnfoM9Q )

Fedora Core release 5 (Bordeaux) on sky, running kernel 2.6.16-1.2133_FC5
22:46:04 up 104 days, 23:02, 2 users, load average: 0.00, 0.00, 0.00

Richard Rasker · External Since: Jul 27, 2005 Posts: 170

Op Sat, 30 Sep 2006 13:05:16 -0500, schreef Erik Funkenbusch:

> On Sat, 30 Sep 2006 19:30:21 +0200, Richard Rasker wrote:
>
>> Apart from the fact that these people appear somewhat detached from
>> reality, I found that they're actually digging their own grave.
>> It's quite simple, really:
>
> ...
>
>> Microsoft's market share must be cut down drastically, by forced
>> government measures if need be.
>
> Ahh... the cutting off one's nose to spite the face argument.
>
> How pedestrian.

Don't you think that a smaller market share for Microsoft would be a Good
Thing? By your own logic, it'd be the only solution to current problems.

Or do you propose we just "learn to live" with these problems - and ever
increasing ones, at that, as Microsoft wrestles, buys, undercuts and
bribes its way into new markets?

Richard Rasker

--
Linetec Translation and Technology Services

http://www.linetec.nl/

Linonut · External Since: Mar 31, 2006 Posts: 3492

After takin' a swig o' grog, Richard Rasker belched out this bit o' wisdom:

> Op Sat, 30 Sep 2006 13:05:16 -0500, schreef Erik Funkenbusch:
>
>> On Sat, 30 Sep 2006 19:30:21 +0200, Richard Rasker wrote:
>>
>>> Microsoft's market share must be cut down drastically, by forced
>>> government measures if need be.
>>
>> Ahh... the cutting off one's nose to spite the face argument.
>> How pedestrian.
>
> Don't you think that a smaller market share for Microsoft would be a Good
> Thing? By your own logic, it'd be the only solution to current problems.

Like Microsoft, Erik thinks the world cannot do without Windows.

After a brief period of conversion, the world could well do without
Windows.

--
Don't flip the Bozo Bit.

Erik Funkenbusch · External Since: May 27, 2005 Posts: 2362

On Sun, 01 Oct 2006 10:32:11 +0200, Richard Rasker wrote:

>> Ahh... the cutting off one's nose to spite the face argument.
>>
>> How pedestrian.
>
> Don't you think that a smaller market share for Microsoft would be a Good
> Thing? By your own logic, it'd be the only solution to current problems.

No, it's not "by my own logic". It's better to be a target, with the
largest market share than to be safe in obscurity.

> Or do you propose we just "learn to live" with these problems - and ever
> increasing ones, at that, as Microsoft wrestles, buys, undercuts and
> bribes its way into new markets?

Are you still beating your wife?

Richard Rasker · External Since: Jul 27, 2005 Posts: 170

Op Sun, 01 Oct 2006 11:38:03 -0500, schreef Erik Funkenbusch:

> On Sun, 01 Oct 2006 10:32:11 +0200, Richard Rasker wrote:
>
>>> Ahh... the cutting off one's nose to spite the face argument.
>>>
>>> How pedestrian.
>>
>> Don't you think that a smaller market share for Microsoft would be a Good
>> Thing? By your own logic, it'd be the only solution to current problems.
>
> No, it's not "by my own logic". It's better to be a target, with the
> largest market share than to be safe in obscurity.
>
>> Or do you propose we just "learn to live" with these problems ...

I guess that's a resounding "yes", then.

Richard Rasker

--
Linetec Translation and Technology Services

http://www.linetec.nl/

Erik Funkenbusch · External Since: May 27, 2005 Posts: 2362

On Sun, 01 Oct 2006 18:52:03 +0200, Richard Rasker wrote:

> Op Sun, 01 Oct 2006 11:38:03 -0500, schreef Erik Funkenbusch:
>
>> On Sun, 01 Oct 2006 10:32:11 +0200, Richard Rasker wrote:
>>
>>>> Ahh... the cutting off one's nose to spite the face argument.
>>>>
>>>> How pedestrian.
>>>
>>> Don't you think that a smaller market share for Microsoft would be a Good
>>> Thing? By your own logic, it'd be the only solution to current problems.
>>
>> No, it's not "by my own logic". It's better to be a target, with the
>> largest market share than to be safe in obscurity.
>>
>>> Or do you propose we just "learn to live" with these problems ...
>
> I guess that's a resounding "yes", then.

No, that's a "the entire industry needs to work on a solution that WORKS".
The current "solution" only works if you're obscure enough to make it too
much work to create an exploit.

Yes, Windows is easier to compromise, and by definition hackers will take
the easiest route, but that doesn't make Linux immune. It just makes it
more obscure because the techniques to attack it are less mature.

Security is one of those funny things. You can talk about being "more"
secure, but there's no such thing. A vulnerability is a vulnerability, and
even one makes you just as insecure as anyone else. Security is a binary
condition, either you are or you aren't.

10 years ago, talking about exploiting buffer overflows was laughed at. It
was too difficult for any but the most advanced guru. Then a few tools
were produced that made the job ridiculously simple, and suddenly buffer
overflow exploits were everywhere.

Handover Phist · External Since: May 04, 2005 Posts: 504

Erik Funkenbusch :
> On Sun, 01 Oct 2006 18:52:03 +0200, Richard Rasker wrote:
>
>> Op Sun, 01 Oct 2006 11:38:03 -0500, schreef Erik Funkenbusch:
>>
>>> On Sun, 01 Oct 2006 10:32:11 +0200, Richard Rasker wrote:
>>>
>>>>> Ahh... the cutting off one's nose to spite the face argument.
>>>>>
>>>>> How pedestrian.
>>>>
>>>> Don't you think that a smaller market share for Microsoft would be a Good
>>>> Thing? By your own logic, it'd be the only solution to current problems.
>>>
>>> No, it's not "by my own logic". It's better to be a target, with the
>>> largest market share than to be safe in obscurity.
>>>
>>>> Or do you propose we just "learn to live" with these problems ...
>>
>> I guess that's a resounding "yes", then.
>
> No, that's a "the entire industry needs to work on a solution that WORKS".
> The current "solution" only works if you're obscure enough to make it too
> much work to create an exploit.
>
> Yes, Windows is easier to compromise, and by definition hackers will take
> the easiest route, but that doesn't make Linux immune. It just makes it
> more obscure because the techniques to attack it are less mature.

Eric, I find it somewhat disturbing when we agree. I think, as far a
Linux Advocacy goes, we as an Industry should be looking at Linux based
solutions because the development model seems to work better in terms of
development of code. Not only that but because of the architecture of
the OS, I find it more flexible than Windows and requires less wandering
around in the dark to implement a solution to a given problem.

But no, it isn't invulnerable. It's just _less_ vulnerable.

--
YOU'RE A SEXIST

http://www.websterscafe.com

Linonut · External Since: Mar 31, 2006 Posts: 3492

After takin' a swig o' grog, Erik Funkenbusch belched out this bit o' wisdom:

> Security is one of those funny things. You can talk about being "more"
> secure, but there's no such thing. A vulnerability is a vulnerability, and
> even one makes you just as insecure as anyone else. Security is a binary
> condition, either you are or you aren't.

Not really. First, the more vulnerabilities a system has, the more
likely one will be found. I'd hardly call that "binary".

Second, there are various levels of access, and this adds to the
difficulty of exploiting a path into the depth one desires.

--
"I think we're all Bozos on this bus." -- The Firesign Theatre

Jim Richardson · External Since: Jan 15, 2005 Posts: 1227

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, 1 Oct 2006 13:19:22 -0500,
Erik Funkenbusch <erik DeleteThis @despam-funkenbusch.com> wrote:

> No, that's a "the entire industry needs to work on a solution that WORKS".
> The current "solution" only works if you're obscure enough to make it too
> much work to create an exploit.
>
> Yes, Windows is easier to compromise, and by definition hackers will take
> the easiest route, but that doesn't make Linux immune. It just makes it
> more obscure because the techniques to attack it are less mature.
>

yes, Windows is easier to compromise. Which was the whole point. Glad
you finally agree.

> Security is one of those funny things. You can talk about being "more"
> secure, but there's no such thing. A vulnerability is a vulnerability, and
> even one makes you just as insecure as anyone else. Security is a binary
> condition, either you are or you aren't.
>

You are 100% wrong here. Security is a scale, from 0-100%. Nothing's at
100%, few things come close. Linux comes closer than MS-Windows.

> 10 years ago, talking about exploiting buffer overflows was laughed at. It
> was too difficult for any but the most advanced guru. Then a few tools
> were produced that made the job ridiculously simple, and suddenly buffer
> overflow exploits were everywhere.

hence pointing out that security is *not* a binary value.

Seriously Erik, that's one of the stupidest things you've said on COLA
to date.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFIChEd90bcYOAWPYRApyJAKC8KZXs9GQvt9dtMvifRcYS0KVdZQCgiF5/
lZavghFekS+zGu+p1qImZ0o=
=O5PF
-----END PGP SIGNATURE-----

--
Jim Richardson http://www.eskimo.com/~warlock
It's psychosomatic. You need a lobotomy. I'll get a saw.
-- Calvin

Sinister Midget · External Since: Jun 17, 2006 Posts: 746

On 2006-10-01, Erik Funkenbusch <erik RemoveThis @despam-funkenbusch.com> posted something concerning:

> Yes, Windows is easier to compromise, and by definition hackers will take
> the easiest route, but that doesn't make Linux immune.

Stop right there. Here and now: show where a linux user in COLA
said/says linux is immune from attack.

And for every one you can show (that should be right around zero, give
or take zero) I can show you 1000 where the opposite was said. many of
them TO YOU when you made the same specious strawman claims as you did
above.

--
Microsoft's relationship to its users is that of the blue whale to
krill. Our only purpose is to breed, feed and get squeezed against its
giant tongue until every last drop of money is released.
-- Rupert Goodwins, ZDNet(UK)

DFS · External Since: Jun 07, 2005 Posts: 3293

Sinister Midget wrote:
> On 2006-10-01, Erik Funkenbusch <erik.TakeThisOut@despam-funkenbusch.com> posted
> something concerning:
>
>> Yes, Windows is easier to compromise, and by definition hackers will
>> take the easiest route, but that doesn't make Linux immune.
>
> Stop right there. Here and now: show where a linux user in COLA
> said/says linux is immune from attack.

Each of the following lying cola idiot posts make no qualification
whatsoever, so they are claiming Linux is 100% secure, invulnerable and
immune from attack.

=====================================================================

"Linux is secure, stable and fast."
http://groups.google.com/group/comp.os.linux.advocacy/browse_thread/th...d/7e604

"And linux is secure."
http://groups.google.com/group/comp.os.linux.advocacy/browse_thread/th...d/520ae

"Linux is secure, stable and probably the best operating system ever
invented."
http://groups.google.com/group/comp.os.linux.advocacy/browse_thread/th...d/a64f0

"Proof that Linux is secure!!!"
http://groups.google.com/group/comp.os.linux.advocacy/browse_thread/th...d/a6507

"Mandrake Linux is secure as distributed."
http://groups.google.com/group/comp.os.linux.advocacy/browse_thread/th...d/9a7fb

"Linux is secure."
http://groups.google.com/group/comp.os.linux.advocacy/browse_thread/th...d/508c2

"GNU/Linux is secure by design"
http://groups.google.com/group/comp.os.linux.advocacy/browse_thread/th...d/286c0

"also, linux is secure & easy to use."
http://groups.google.com/group/alt.online-service.webtv/browse_thread/...ead/eab

"Linux is secure as long as you stay current."
http://groups.google.com/group/comp.os.linux.advocacy/browse_thread/th...d/5ab4f

=====================================================================

Now you'll be a good little "advocate" and claim 'that's not what they
meant' or 'secure doesn't mean immune from attack' (so what exactly does it
mean?)

Tim Smith · External Since: Apr 26, 2004 Posts: 2610

In article <t0h5v3-hqp.ln1.DeleteThis@clark.harry.net>,
Sinister Midget <phydeaux.DeleteThis@manly_mail.net> wrote:
> Stop right there. Here and now: show where a linux user in COLA
> said/says linux is immune from attack.

Explicitly, or is implicitly OK?

--
--Tim Smith

Erik Funkenbusch · External Since: May 27, 2005 Posts: 2362

On Sun, 01 Oct 2006 19:21:51 GMT, Sinister Midget wrote:

> On 2006-10-01, Erik Funkenbusch <erik.TakeThisOut@despam-funkenbusch.com> posted something concerning:
>
>> Yes, Windows is easier to compromise, and by definition hackers will take
>> the easiest route, but that doesn't make Linux immune.
>
> Stop right there. Here and now: show where a linux user in COLA
> said/says linux is immune from attack.

How else can one interpret the comments questioning the existence exploits?

You know, "where's the one click exploit"? That kind of "begging the
question" is either saying that they can't exist, or else being very
dishonest by implying it.

Erik Funkenbusch · External Since: May 27, 2005 Posts: 2362

On Sun, 01 Oct 2006 14:58:07 -0500, Linonut wrote:

> After takin' a swig o' grog, Erik Funkenbusch belched out this bit o' wisdom:
>
>> Security is one of those funny things. You can talk about being "more"
>> secure, but there's no such thing. A vulnerability is a vulnerability, and
>> even one makes you just as insecure as anyone else. Security is a binary
>> condition, either you are or you aren't.
>
> Not really. First, the more vulnerabilities a system has, the more
> likely one will be found. I'd hardly call that "binary".

That's a probability of finding an attack vector, not whether or not you
are secure. If the vector exists (whether anyone knows about it or not)
you're unsecure. It's just waiting to be found. Security through
obscurity and all that.

And, I doubt highly that Linux, in all it's 10's of thousands of beta apps,
maintained and patched by 400 different distro maintainers, that there are
fewer potential vulnerabilities lying in wait.

> Second, there are various levels of access, and this adds to the
> difficulty of exploiting a path into the depth one desires.

Levels of access are largely irrelevant, since vulnerabilities can be
blended to take advantage of different levels.

Peter KÃ¶hlmann · External Since: Jun 27, 2005 Posts: 1500

Sinister Midget wrote:

> On 2006-10-01, Erik Funkenbusch <erik RemoveThis @despam-funkenbusch.com> posted
> something concerning:
>
>> Yes, Windows is easier to compromise, and by definition hackers will take
>> the easiest route, but that doesn't make Linux immune.
>
> Stop right there. Here and now: show where a linux user in COLA
> said/says linux is immune from attack.
>
> And for every one you can show (that should be right around zero, give
> or take zero) I can show you 1000 where the opposite was said. many of
> them TO YOU when you made the same specious strawman claims as you did
> above.
>

Just note the next sentence:
"It just makes it more obscure because the techniques to attack it are less
mature."

Implying, that when attackers get "more mature" techniques, linux would be
as easy to attack as windows

Erik "FUDdingmuch" Funkenbusch at his finest
--
Failure is not an option. It comes bundled with your Microsoft product.