Simple question about Windows .......

Oliver Wong · External Since: Apr 27, 2006 Posts: 1398

"Kelsey Bjarnason" <kbjarnason.TakeThisOut@ncoldns.com> wrote in message
news:pan.2006.09.28.15.57.25.728254@ncoldns.com...
>
> On Thu, 28 Sep 2006 06:29:39 -0700, dsteel0 wrote:
>
>>> My understanding is that very few AIDS sufferers actually die of AIDS -
>>> my
>>> understanding is that they tend to die of other things. These other
>>> things
>>> tend (I understand) to be diseases which the rest of of just
>>> "shrug-off",
>>> or which can be treated with antibiotics etc.
>>> Why is this?
>>
>> Because the "I" and the "D" in AIDS stand for "immune" and "deficiency"
>> (or Immunodeficiency)
>>
>> Not quite sure I see your point, unless you are trying to say that
>> users are not affected by viruses, but by the effects of viruses...
>
> I believe the point is, if your immune system is healthy, you fight off
> most diseases. Once it's compromised, however, the common cold can kill
> you. Which, by analogy, means Windows has AIDS by design; its immune
> system is very unhealthy.

The problem with this reasoning is that there are very few
"crossplatform" viruses, i.e. viruses which, unaltered, could run on both
Windows and *NIX. Otherwise, it implies that Windows and *NIX are affected
by the same set of virii, but *NIX is able to fight them off and Windows
isn't.

Virii (both biological and computer) and their siblings (bacteria,
parasite, etc. in biology; trojans, worms, etc. in computers) are adapted to
their target hosts. That's why most non-human animals are unaffected by
certain virii which affect humans, and vice versa. Why are insects (flies,
maggots, etc.) able to live in and eat rotten food, and survive just fine,
whereas when humans live in or eat rotten food, they become seriously ill?
Because the virus and other microorganisms in the rotten food target humans
and not insects.

- Oliver

Kelsey Bjarnason · External Since: Sep 12, 2006 Posts: 1022

[snips]

On Thu, 28 Sep 2006 19:26:08 +0000, Oliver Wong wrote:

>> I believe the point is, if your immune system is healthy, you fight off
>> most diseases. Once it's compromised, however, the common cold can
>> kill you. Which, by analogy, means Windows has AIDS by design; its
>> immune system is very unhealthy.
>
> The problem with this reasoning is that there are very few
> "crossplatform" viruses, i.e. viruses which, unaltered, could run on
> both Windows and *NIX. Otherwise, it implies that Windows and *NIX are
> affected by the same set of virii, but *NIX is able to fight them off
> and Windows isn't.

No, it merely means they are both affected by virii; not necessarily the
sames ones. However, even the most cursory examination of how Windows
handles things compared to *nix is sufficient to show why, exactly,
Windows is such a fertile breeding ground for them - and it has nothing to
do with popularity of the OS.

Oliver Wong · External Since: Apr 27, 2006 Posts: 1398

"Gordon" <gbplinux DeleteThis @gmail.com.invalid> wrote in message
news:4o270fFch1isU1@individual.net...
> Hadron Quark wrote:
>
>
>> Let me explain : if a user is *tricked* into executing a file as root or
>> as administrator then that program can do *anything* it
>> wants.
>
> But surely the point here is that the VAST majority of Windows users run
> with an Administrator account - purely because they can't be fagged to log
> out and log on as an Administrator - so there's no dialog box for a
> password (in fact the numbers of Windows users in the MS Newsgroups who
> keep asking how to auto log-on is frightening) whereas in Linux/Unix
> almost
> every user is NOT running as root, and so would be asked for a password
> before being able to execute a potential system-damaging operation....

Probably they would not need to enter in a password if the payload of
the malicious program were to delete all files that the user has write
access to. Personally, I think this latter payload is a bigger problem. If
the program renders my system unbootable, but leaves my data file alone,
then it's not a big deal, I can't just reinstall. But if they delete all my
files, then I've lost everything since the previous backup (which for most
users I'd assume was "never").

- Oliver

Jim Richardson · External Since: Jan 15, 2005 Posts: 1227

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 28 Sep 2006 18:11:22 -0500,
Erik Funkenbusch <erik RemoveThis @despam-funkenbusch.com> wrote:
> On Thu, 28 Sep 2006 09:30:31 -0700, Jim Richardson wrote:
>
>> Unfortunately, that does nothing for the "click the attached jpeg to see
>> the nekkid chick" problem, since the attachment isn't on the filesystem
>> in that sense yet. The windows shell "helpfully" executes whatever you
>> throw at it.
>
> The shell cannot execute something if it's not on the filesystem.

incorrect, the app can hand off the data (which is code) without
downloading it to the disk. Consider a webbug. It *may* be cached on the
FS, or entirely in RAM, it's an implementation issue, not an
architecture one.

Unless you wish to claim MS-Windows uses NTFS for stuff stored in RAM?
Or swap?

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFHJUSd90bcYOAWPYRAnFIAKDx0Az58bzxwcWm3g5RlqLmFiykugCdFtoW
thALXn71cNU70DEXkti5Nzo=
=n9XA
-----END PGP SIGNATURE-----

--
Jim Richardson http://www.eskimo.com/~warlock
If you think education is expensive, try ignorance.

Peter Kai Jensen · External Since: Oct 23, 2006 Posts: 202

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hadron Quark wrote:

>> To excuse Microsoft through historical baggage and a lack of
>> foresight isn't valid. They had two major opportunities to beef up
>> security, the release of Windows 95 and the release of NT4, or
>> perhaps even NT3.51.
>
> Users running executables can have no "security" defense.

Mount /home/ with noexec. That should take care of most of the
problems.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (GNU/Linux)

iD8DBQFFHEazd1ZThqotgfgRAnPSAJ9B16ApmpMSVbFUqZYUAYgX0VrlqwCfQMvJ
eYamdTfUeXg9bZ6My9RIPIM=
=ZozA
-----END PGP SIGNATURE-----
--
PeKaJe
He left the unspoken question hanging in the air. How /did/ one
annoy a two-kilometer-long black rectangular slab? And just
what form would its disapproval take? -- 2010, Arthur C. Clarke

Mathew P. · External Since: Feb 27, 2006 Posts: 277

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2006-09-28, Hadron Quark spake thusly:
> JDS <jeffrey.TakeThisOut@invalid.address> writes:
>
>> On Thu, 28 Sep 2006 15:28:25 +0200, Hadron Quark wrote:
>>
>>> Its fundamentally flawed when the end user must compile HW drivers in root
>>> mode from the command line shell.
>>
>> And when is that?
>
> When I have to. Dont believe me? NVidia and truecrypt. Why do you ask?

It's got nothing to do with the question. Why did you go off on the tangent?

Stop hijacking the thread, and attempting to divert attention away from the
question. You *have not* provided an answer. You *have* tap danced around it.

At least Eric is having a go at it.

Let's review:

Why:

######################
Why do rapid spreading, self replicating, successful viruses and
other malicious code exist for the Windows operating system?
######################

Why?

Why is a simple request for information and you either have the answer
or a reasonable theory *that addresses the why? or logically refutes it* ,
or you don't. It's OK to admit you don't know the answer to a question if
you don't. "I don't know but I'll find out", is a very good mental notation
if it applies.

Regards,

Mathew

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)

iD8DBQFFHF7XlkJ5K/IU2ToRAuH3AJ9x4+qY20oYO5z/HzichOD839bTYACgnlzI
sJUsg8XAm6tt9U+qJvbK3aI=
=hDG0
-----END PGP SIGNATURE-----

--
"Always do the right thing: It will delight / Aluminum Foil Deflector Beanies
some and astound the rest" - Mark Twain / Psychotronic protection, low prices

Erik Funkenbusch · External Since: May 27, 2005 Posts: 2404

On Thu, 28 Sep 2006 23:46:37 GMT, Mathew P. wrote:

> Let's review:
>
> Why:
>
> ######################
> Why do rapid spreading, self replicating, successful viruses and
> other malicious code exist for the Windows operating system?
> ######################
>
> Why?

The same reason they exist for virtually *EVERY* major platform, because
it's possible. And lots of people like to do whatever is possible, because
they can.

Do you not recall the Morris Worm? Not a windows box in sight, but it took
down the entire internet.

The question is not why they exist. Of course they exist. They exist for
every major platform, and even minor ones (Psion anyone?). The question
is, why are there so many of them on Windows, which is a completely
different set of issues which we've been talking about.

Your premise is flawed.

Sinister Midget · External Since: Jun 17, 2006 Posts: 746

On 2006-09-28, Erik Funkenbusch <erik.DeleteThis@despam-funkenbusch.com> posted something concerning:

> And what makes you think that the users who execute attachments on Windows
> wouldn't jump through those hoops EACH AND EVERY TIME on any other OS?

Because the users doing it on Windows often aren't even aware they're
executing anything. That's because Windows executes things without
asking.

Linux users are going to have to take affirmative actions (plural) in
most cases to execute things. Windows users can execute things without
doing anything more than mouseovers or clicking URLs which download
things which the OS(sic) executes..

--
Windows: The OS that forces you to delete things to make them work.

The Ghost In The Machine · External Since: Aug 04, 2005 Posts: 3878

In comp.os.linux.advocacy, ray
<ray.RemoveThis@zianet.com>
wrote
on Thu, 28 Sep 2006 16:15:24 -0600
<pan.2006.09.28.22.15.23.218320.RemoveThis@zianet.com>:
>
>>>
>>> IMHO it's irrelevant 'why'. The fact is that MS systems are highly
>>> vulnerable whereas others are not.
>>
>> I must disagree. The reason for the problem is the beginning to finding
>> a solution, and is therefore, *extremely* relevant. The fact is that
>> the question remains a valid one:
>>
>> ######################
>> Why do rapid spreading, self replicating, successful viruses and
>> other malicious code exist for the Windows operating system?
>> ######################
>>
>> This question addresses multiple issues in one sentence, and, as I
>> said, is really the bottom line.
>
> This is a Linux Advocacy group. It is not our responsibility to fix MSs
> shortcomings.

No, but we do probably need to advocate a solution that
might eliminate or work around them for the user. Smile

Fortunately for us (and for the users), Linux and many
Linux distros do exactly that. How many viruses have
infected Linux machines?

I can count three:

- Bliss
- a derivative of Bliss
- Li0n

and none really propagated all that much -- if at all.

http://www.viruslibrary.com/virusinfo/Linux.htm

does list a few, however.

Linux.OSF.8759 is a true virus; it infects ELF executables. For
some reason it skips all files ending in "ps" (not ".ps").

Linux.RST is another such virus.

The rest are various flavors of worm, attacking system daemons.

A scan using the builtin search engine uncovers a few more, a total of
20 in all. One of the more interesting ones is Linux.Zipworm, which
searches for zip archives and inserts itself thereinto. This is why
md5sums are so important. Smile

Yep, better patch our Linux systems. Those 20 viruses
look extremely dangerous.

Now...

Clicking on "Virus Information" suggests 5505 highly active
viruses. Three guesses which system, and one *knows* it's
bad when one has names such as 92_69.1148, 33.525, AAA.807,
I-Worm.NetSky.y, Bleah.c, and Backdoor.Win32.AckCmd
through Backdoor.Win32.XRat.j.

(There's even two entries for Bagoes. This could be a bug in the
information sytem.)

Amazing. 20 versus more than 5000. And Winvocates such as
http://www.vnunet.com/vnunet/news/2116855/linux-lined-virus-target
have the nerve to call Linux unsafe.

http://www.theregister.co.uk/2003/10/06/linux_vs_windows_viruses/
calls him on it. Smile

(Of course there will be more *attempts*, human nature
being what it is. I for one don't see them being all
that successful.)

[rest snipped]

--
#191, ewill3.RemoveThis@earthlink.net
People think that libraries are safe. They're wrong. They have ideas.
(Also occasionally ectoplasmic slime and cute librarians.)

Erik Funkenbusch · External Since: May 27, 2005 Posts: 2404

On Thu, 28 Sep 2006 20:37:54 -0700, Jim Richardson wrote:

>>> Unfortunately, that does nothing for the "click the attached jpeg to see
>>> the nekkid chick" problem, since the attachment isn't on the filesystem
>>> in that sense yet. The windows shell "helpfully" executes whatever you
>>> throw at it.
>>
>> The shell cannot execute something if it's not on the filesystem.
>
> incorrect, the app can hand off the data (which is code) without
> downloading it to the disk. Consider a webbug. It *may* be cached on the
> FS, or entirely in RAM, it's an implementation issue, not an
> architecture one.
>
> Unless you wish to claim MS-Windows uses NTFS for stuff stored in RAM?
> Or swap?

No, it has to store a file to a temporary file before the shell can execute
it. I'm not sure what you mean about Webbug's, they're just 1 pixel img
tags that point to non-existent images in a web page, but contain unique
urls that allow for tracking.

Jim Richardson · External Since: Jan 15, 2005 Posts: 1227

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 29 Sep 2006 00:14:58 -0500,
Erik Funkenbusch <erik DeleteThis @despam-funkenbusch.com> wrote:
> On Thu, 28 Sep 2006 20:37:54 -0700, Jim Richardson wrote:
>
>>>> Unfortunately, that does nothing for the "click the attached jpeg to see
>>>> the nekkid chick" problem, since the attachment isn't on the filesystem
>>>> in that sense yet. The windows shell "helpfully" executes whatever you
>>>> throw at it.
>>>
>>> The shell cannot execute something if it's not on the filesystem.
>>
>> incorrect, the app can hand off the data (which is code) without
>> downloading it to the disk. Consider a webbug. It *may* be cached on the
>> FS, or entirely in RAM, it's an implementation issue, not an
>> architecture one.
>>
>> Unless you wish to claim MS-Windows uses NTFS for stuff stored in RAM?
>> Or swap?
>
> No, it has to store a file to a temporary file before the shell can execute

and there's no reason said temporary file can't be in RAM, or on
swapspace.

> it. I'm not sure what you mean about Webbug's, they're just 1 pixel img
> tags that point to non-existent images in a web page, but contain unique
> urls that allow for tracking.

webbugs might point to images, or to code, to fire up an activeX object.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFHMZVd90bcYOAWPYRAjfpAJ9yyjYAdQgVC5ByXxuipb8CT6b29gCfSR5J
VskpgMMX6h4N6uze/gWT0zs=
=fhis
-----END PGP SIGNATURE-----

--
Jim Richardson http://www.eskimo.com/~warlock
Fornication, n.:
Term used by people who don't have anybody to screw with.

Hadron Quark · External Since: Sep 10, 2006 Posts: 1621

Peter Kai Jensen <usenet.DeleteThis@pekajemaps.homeip.net> writes:

> Hadron Quark wrote:
>
>>> To excuse Microsoft through historical baggage and a lack of
>>> foresight isn't valid. They had two major opportunities to beef up
>>> security, the release of Windows 95 and the release of NT4, or
>>> perhaps even NT3.51.
>>
>> Users running executables can have no "security" defense.
>
> Mount /home/ with noexec. That should take care of most of the
> problems.

What part of "users executing program" seems to be flying over peoples
heads here?

And, sudo still gets around everything does it not? If there is a build
script which compiles & installs and is advertised to the user as
legitimate he must

"sudo sh ./myscript" or something.

Disabling exec on /home is nothing more than smoke & mirrors over the
original meaning.

--
"I would rather spend 10 hours reading someone else's source code than
10 minutes listening to Musak waiting for technical support which isn't."
(By Dr. Greg Wettstein, Roger Maris Cancer Center)

Hadron Quark · External Since: Sep 10, 2006 Posts: 1621

Erik Funkenbusch <erik.DeleteThis@despam-funkenbusch.com> writes:

> On Thu, 28 Sep 2006 13:52:49 +0100, William Poaster wrote:
>
>> On Thu, 28 Sep 2006 07:39:06 -0500, chrisv wrote:
>>
>>> Erik Funkenbusch wrote:
>>>
>>>>> Um, there is quite a bit the OS *can* do without overly restricting users;
>>>>> inmy opinion, the most important one is the x-bit, where files received
>>>>> via e-mail can't possibly be executed unless the user jumps through
>>>>> several hoops to make them executable.
>>>>
>>>>And what makes you think that the users who execute attachments on Windows
>>>>wouldn't jump through those hoops EACH AND EVERY TIME on any other OS?
>>>
>>> Idiot.

Wrong.

>>
>> And one major difference is, that in linux it would *only* corrupt the
>> user's home partition & not the *whole* frekin' OS, unlike windows.

Wrong.

>
> That's not all it can do. For instance, it could send out spam to millions
> of users, or it could replicate itself, or cause a DDoS. It can steal
> passwords, harvest email addresses, and a whole host of other tasks... none
> of which require one iota of special privilege.
>
> Of course, that's not taking into account that such viruses or trojans can
> try to exploit any known local privilege elevation vulnerability as
> well.

The nutjobs are forgetting that magic word "sudo" which accompanies just
every single "How to get Linux Working howto" out there.

--
Anyone who thinks UNIX is intuitive should be forced to write 5000 lines of
code using nothing but vi or emacs. AAAAACK!
(Discussion in comp.os.linux.misc on the intuitiveness of commands, especially
Emacs.)

Rick · External Since: Aug 02, 2004 Posts: 954

On Fri, 29 Sep 2006 01:32:26 +0200, Hadron Quark wrote:
(snip)
>
> The nutjobs are forgetting that magic word "sudo" which accompanies just
> every single "How to get Linux Working howto" out there.

You're the freaking nut job. Sudo does NOT accompany
just every single "How to get Linux Working howto" out there.
--
Rick

Jim Richardson · External Since: Jan 15, 2005 Posts: 1227

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 29 Sep 2006 01:32:26 +0200,
Hadron Quark <qadronhuark DeleteThis @geemail.com> wrote:
> Erik Funkenbusch <erik DeleteThis @despam-funkenbusch.com> writes:
>
>> On Thu, 28 Sep 2006 13:52:49 +0100, William Poaster wrote:
>>
>>> On Thu, 28 Sep 2006 07:39:06 -0500, chrisv wrote:
>>>
>>>> Erik Funkenbusch wrote:
>>>>
>>>>>> Um, there is quite a bit the OS *can* do without overly restricting users;
>>>>>> inmy opinion, the most important one is the x-bit, where files received
>>>>>> via e-mail can't possibly be executed unless the user jumps through
>>>>>> several hoops to make them executable.
>>>>>
>>>>>And what makes you think that the users who execute attachments on Windows
>>>>>wouldn't jump through those hoops EACH AND EVERY TIME on any other OS?
>>>>
>>>> Idiot.
>
> Wrong.
>
>>>
>>> And one major difference is, that in linux it would *only* corrupt the
>>> user's home partition & not the *whole* frekin' OS, unlike windows.
>
> Wrong.
>
>>
>> That's not all it can do. For instance, it could send out spam to millions
>> of users, or it could replicate itself, or cause a DDoS. It can steal
>> passwords, harvest email addresses, and a whole host of other tasks... none
>> of which require one iota of special privilege.
>>
>> Of course, that's not taking into account that such viruses or trojans can
>> try to exploit any known local privilege elevation vulnerability as
>> well.
>
>
> The nutjobs are forgetting that magic word "sudo" which accompanies just
> every single "How to get Linux Working howto" out there.
>

namecalling doesn't help your cause. That aside.

Sudo is relatively recent as a tool used by the distro. It's been around
for a while yes, (17-18 years IIRC) but it's use was quite uncommon as
part of a distros tool set before Ubuntu. That's the first distro I
recall using sudo as part of the admin stuff. All the others had you su
to root using su or the like.

Sudo offers many advantages of course, the ability to limit in a finely
grained way, the tasks a given account can perform as another user.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFHJXld90bcYOAWPYRAnm7AJ4xzp95Wn2iOhc1EiGi8riFLatRZwCfbHcP
PYi1X287CWrVKSZpcjd94U8=
=Wfuz
-----END PGP SIGNATURE-----

--
Jim Richardson http://www.eskimo.com/~warlock
Caesar si viveret, ad remum dareris.
<If Caesar were alive, you'd be chained to an oar.>

Hadron Quark · External Since: Sep 10, 2006 Posts: 1621

"Mathew P." <Mathew.DeleteThis@COLA.com> writes:

> On 2006-09-28, Hadron Quark spake thusly:
>> JDS <jeffrey.DeleteThis@invalid.address> writes:
>>
>>> On Thu, 28 Sep 2006 15:28:25 +0200, Hadron Quark wrote:
>>>
>>>> Its fundamentally flawed when the end user must compile HW drivers in root
>>>> mode from the command line shell.
>>>
>>> And when is that?
>>
>> When I have to. Dont believe me? NVidia and truecrypt. Why do you ask?
>
> It's got nothing to do with the question. Why did you go off on the tangent?
>
> Stop hijacking the thread, and attempting to divert attention away from the
> question. You *have not* provided an answer. You *have* tap danced
> around it.

I already answered that : its because windows is there and commands the
market.

There is nothing stopping the same happening to Linux if the writers
turn their gaze towards it.

We have been through the "conning people" part : then its just a matter
of accepting that people *will be conned* into running programs which
may be malicious under the power of the sudo command.

>
> At least Eric is having a go at it.
>

And yet everyone is constantly ignoring what he is saying.

Peter Köhlmann · External Since: Jun 27, 2005 Posts: 1500

Hadron Quark wrote:

> Erik Funkenbusch <erik.DeleteThis@despam-funkenbusch.com> writes:
>
< snip >

>> Of course, that's not taking into account that such viruses or trojans
>> can try to exploit any known local privilege elevation vulnerability as
>> well.
>
>
> The nutjobs are forgetting that magic word "sudo" which accompanies just
> every single "How to get Linux Working howto" out there.
>

Interesting. Tell us more about this "magical" sudo
Whenever I try to use it on a SuSE box, I fail so miserably without setting
it up (having to resort to root, naturally)
How can that be, given that you, the profound linux expert, tell us that it
solves all linux problems
--
Only two things are infinite,
the Universe and Stupidity.
And I'm not quite sure about the former.
- Albert Einstein

Mathew P. · External Since: Feb 27, 2006 Posts: 277

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2006-09-28, Erik Funkenbusch spake thusly:
> On Thu, 28 Sep 2006 09:41:31 +0100, [H]omer wrote:
>
>> They are more prevalent on Windows than any other platform because:
>>
>> 1) ... The default Windows account privileges for users is superuser
>
> This is not a reason why they are more prevelant. Superuser is not
> required for a virus to infect a machine, nor is it needed to replicate
> itself. Certainly, superuser helps make them harder to discover and
> recover from, but that's really a different argument.
>
>> 2) ... Windows has disproportionately more vulnerabilities
>
> I don't see how you can prove that.
>
>> 3) ... MS have a slow patch release cycle
>
> This too is a fallacy. Open Source coders have simply been better at
> hiding when the patches were actually discovered and reported. I've proved
> time and time again in this newsgroup that virtually EVERY TIME someone has
> claimed a fast patch cycle, it's really been weeks or months.
>
>> 4) ... As a commercial entity, Windows is a better target for profit
>> motivated scams
>
> I doubt that. It's just that these scams target gullible people.
>
>> 5) ... And yes, there are more Windows machines = bigger target
>
> Ding Ding Ding.
>
>> However, El Reg seems to have disproved theory No5 with their piece on
>> Apache, some time ago.
>>
>> http://www.theregister.co.uk/2004/10/22/linux_v_windows_security/
>
> That article is severely flawed in many ways.
>
> For example, Apache is *NOT* more prevelant on the net than IIS. IIS runs

Yes Eric, it is.

> on more physical servers than Apache does, that makes it a larger target
> for infection. Apache merely has more *hostnames* running on Apache
> servers, not more physical servers themselves.

And why do you think that is, Erik? It's because most commercial servers
set up clients through virtual servers, and Apache is the prevalent system
running those virtual servers. But which one is more prevalent,
which you have been selective in presenting, is irrelevant to the real
issue which is whether or not a system is secure against attack to the fullest
extent possible. Apache is. IIS is not.

_________________8<________________

Regards,

Mathew

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)

iD8DBQFFHIMflkJ5K/IU2ToRAtLFAJ9hvqXhvwH59l+Yf8RhNnwdYZtS6gCgmDLA
XYAPUqeBKpuweUjcRI5DzFE=
=lEAr
-----END PGP SIGNATURE-----

--
"Always do the right thing: It will delight / Aluminum Foil Deflector Beanies
some and astound the rest" - Mark Twain / Psychotronic protection, low prices

Mathew P. · External Since: Feb 27, 2006 Posts: 277

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2006-09-28, Erik Funkenbusch spake thusly:
> On Thu, 28 Sep 2006 23:46:37 GMT, Mathew P. wrote:
>
>> Let's review:
>>
>> Why:
>>
>> ######################
>> Why do rapid spreading, self replicating, successful viruses and
>> other malicious code exist for the Windows operating system?
>> ######################
>>
>> Why?
>
> The same reason they exist for virtually *EVERY* major platform, because
> it's possible. And lots of people like to do whatever is possible, because
> they can.
>
> Do you not recall the Morris Worm? Not a windows box in sight, but it took
> down the entire internet.
>
> The question is not why they exist. Of course they exist. They exist for
> every major platform, and even minor ones (Psion anyone?). The question
> is, why are there so many of them on Windows, which is a completely
> different set of issues which we've been talking about.
>
> Your premise is flawed.

No, your understanding of the question is not complete. I intentionally left
it a bit vague for the sake of discussion. Study the question again.

Asking why malicious code exists for the Windows operating system is to say
that the platform provides an environment that supports and propagates
viral code, and to ask why it has been designed in such a way that viral
code *is* propagated and supported. Thus it actually is the same question
"why are there so many of them on Windows", which, as you point out is the
heart of the issue(s) being discussed.

It's not a completely different set of issues.

Regards,

Mathew

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)

iD8DBQFFHInUlkJ5K/IU2ToRAqYNAJwPNNAUQjjx/p0gUhGmgjUtyu5KbQCgqUZ7
WPdR5mCNBJgasTyBWNM2hOI=
=XcdP
-----END PGP SIGNATURE-----

--
"Always do the right thing: It will delight / Aluminum Foil Deflector Beanies
some and astound the rest" - Mark Twain / Psychotronic protection, low prices

Erik Funkenbusch · External Since: May 27, 2005 Posts: 2404

On Fri, 29 Sep 2006 02:49:57 GMT, Mathew P. wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 2006-09-28, Erik Funkenbusch spake thusly:
>> On Thu, 28 Sep 2006 23:46:37 GMT, Mathew P. wrote:
>>
>>> Let's review:
>>>
>>> Why:
>>>
>>> ######################
>>> Why do rapid spreading, self replicating, successful viruses and
>>> other malicious code exist for the Windows operating system?
>>> ######################
>>>
>>> Why?
>>
>> The same reason they exist for virtually *EVERY* major platform, because
>> it's possible. And lots of people like to do whatever is possible, because
>> they can.
>>
>> Do you not recall the Morris Worm? Not a windows box in sight, but it took
>> down the entire internet.
>>
>> The question is not why they exist. Of course they exist. They exist for
>> every major platform, and even minor ones (Psion anyone?). The question
>> is, why are there so many of them on Windows, which is a completely
>> different set of issues which we've been talking about.
>>
>> Your premise is flawed.
>
> No, your understanding of the question is not complete. I intentionally left
> it a bit vague for the sake of discussion. Study the question again.

Your question is quite simple and to the point. I don't misunderstand it.
Perhaps you failed to communicate your point. You asked, very simply, why
viruses exist on Windows. The answer, as I said above, is because it's
possible for them to, the same as on virtually any other platform,
including Linux and MacOS.

> Asking why malicious code exists for the Windows operating system is to say
> that the platform provides an environment that supports and propagates
> viral code, and to ask why it has been designed in such a way that viral
> code *is* propagated and supported. Thus it actually is the same question
> "why are there so many of them on Windows", which, as you point out is the
> heart of the issue(s) being discussed.

Then why did you twist and shout that nobody was addressing your question
when we WERE addressing that point.

You should make up your mind.