From owner-freebsd-questions@FreeBSD.ORG Thu Jul 14 16:19:01 2005 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7EBCD16A41C for ; Thu, 14 Jul 2005 16:19:01 +0000 (GMT) (envelope-from tedm@toybox.placo.com) Received: from mail.freebsd-corp-net-guide.com (mail.freebsd-corp-net-guide.com [65.75.192.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id AF06F43D46 for ; Thu, 14 Jul 2005 16:19:00 +0000 (GMT) (envelope-from tedm@toybox.placo.com) Received: from tedwin2k (nat-rtr.freebsd-corp-net-guide.com [65.75.197.130]) by mail.freebsd-corp-net-guide.com (8.11.1/8.11.1) with SMTP id j6EGKIb46408; Thu, 14 Jul 2005 09:20:18 -0700 (PDT) (envelope-from tedm@toybox.placo.com) From: "Ted Mittelstaedt" To: "Gayn Winters" , Date: Thu, 14 Jul 2005 09:18:57 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) In-Reply-To: <01cd01c587ca$bbfc12d0$c901a8c0@workdog> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1478 Importance: Normal Cc: Subject: RE: Spyware on FreeBSD? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jul 2005 16:19:01 -0000 >-----Original Message----- >From: owner-freebsd-questions@freebsd.org >[mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Gayn Winters >Sent: Wednesday, July 13, 2005 9:49 AM >To: questions@freebsd.org >Subject: Spyware on FreeBSD? > > >I was wondering if anyone had had any trouble with spyware on their >FreeBSD systems, or if we are too small a group of consumers for the >spyware vendors to attack? > we are too small a group of consumers for the spyware vendors to attack. Keep in mind that spyware only works if you have a critical mass of systems that are configured absolutely identically, with the same software. However, UNIX systems are vulnerable to custom attacks by crackers, if you are running versions of software that have been found to be insecure, that is why there are CERT advisories all the time on UNIX software. But, while a cracker could break into a system that was running an insecure version of Apache, for example, there simply are not enough UNIX servers on the Internet for an automated cracking program, like a typical Windows virus, to propagate. Also, you cannot depend on the same versions of software being present even on UNIX hosts that are running the same insecure version of Apache, so a successful crack almost always requires an actual live body. Things are much more divergent than in the days of the Morris Internet Worm. This is one of the areas that diversity = strength. The fundamental downfall of Windows systems have always been that any attacker can assume that the Windows system he is attacking is configured the same as 10,000 other Windows systems out there, running the same software. Ted