From owner-freebsd-questions Thu Aug 2 9:49:10 2001 Delivered-To: freebsd-questions@freebsd.org Received: from imf02bis.bellsouth.net (mail102.mail.bellsouth.net [205.152.58.42]) by hub.freebsd.org (Postfix) with ESMTP id 12DC237B401 for ; Thu, 2 Aug 2001 09:49:07 -0700 (PDT) (envelope-from jmurdock@itraktech.com) Received: from dc12 ([208.61.51.225]) by imf02bis.bellsouth.net (InterMail vM.5.01.01.01 201-252-104) with SMTP id <20010802165000.FGSX4013.imf02bis.bellsouth.net@dc12>; Thu, 2 Aug 2001 12:50:00 -0400 Message-ID: <004201c11b73$057aafc0$0201a8c0@bellsouth.net> From: "Jerry Murdock" To: "Ted Mittelstaedt" , "Matthew Hagerty" , "Patrick Simon" , References: <004501c11b1c$88ac1de0$1401a8c0@tedm.placo.com> Subject: Re: just how many known viruses are there for FreeBSD? Date: Thu, 2 Aug 2001 12:47:41 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2479.0006 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2479.0006 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG ----- Original Message ----- From: "Ted Mittelstaedt" To: "Matthew Hagerty" ; "Patrick Simon" ; Sent: Thursday, August 02, 2001 2:29 AM Subject: RE: just how many known viruses are there for FreeBSD? > This is NOT the reason that people don't waste their time writing UNIX > worms. There's 2 reasons that the crackers don't write them: > > 1) Most UNIX systems are run by administrators that have a brain and as a > result when security holes are discovered, everyone patches almost > immediately. By contrast, most NT servers are run by morons who can't > even patch their own servers even when Microsoft puts a link on the front > of their website to the patch. > > As a result a Windows virus will live for years because there's always more > systems available that haven't been patched. UNIX viruses, like the > Internet Worm, have a life of perhaps 2 days tops before the holes that > they exploit are closed. > > 2) Writing UNIX code takes someone with at least half a brain. The crackers > writing stuff like Code Red don't have the intelligence to write a UNIX > virus. > Actually Code Red is one of the more clever ones. It is not a simple VBScript hack. If a new unchecked buffer/remote execution exploit was found in an Apache module then something similar could be constructed without need for root access, using many of the same concepts. But, I would add two more reasons to the above: 3: Windows is the biggest, most homogenous target out there, largely because of M$ enable everything by default install practices. I am willing to bet 90% of the Code Red victims out there should not have had the .ida filter enabled at all. Code Red wasn't an issue for my boxes with or without the patch. It would be hard for a *nix virus to proliferate and find an opening was as widely installed. About the only thing that would be comparable is if an Apache exploit was found that was present in all versions of Apache, and on all platforms. The *nix world is too diverse for that to happen very often if at all. 4: Everyone loves to hate M$. Jerry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message