At 21:51 18/06/2005, you wrote:
On Sat, 18 Jun 2005, Paul Smith wrote:
On Sat, 18 Jun 2005 17:55:25 +0100, Keith Moore
<moore(_at_)cs(_dot_)utk(_dot_)edu> wrote:
I'd even go so far as to say we're going to continue to have massive
amounts of spam as long as Windows is the dominant PC operating system.
I'm sorry, but that's just ridiculous. The only link between Windows and
spam is that lots of people have Windows, and it's relatively easy to use,
You're missing important point. The reason lots of spam is coming from
windows has a lot more to do with fundamental design flows in the OS
that let to it be vulnerable to various forms of compromises and takeover.
Not really. It's that people use it who aren't security aware, and it's a
popular OS, so it's targetted by attackers.
There are security vulnerabilities in Macs, Linux etc as well. They're just
less popular OSes so they're less targetted by attackers.
There's nothing stopping anyone writing a trojan for Linux which will act
just the same as many trojans for Windows - eg mass mailers that spread
themselves as email worms and then allow the PCs to be used for mailing out
spam. But, no one bothers, because (a) there are less Linux PCs out there,
and (b) Linux users tend to be more security aware than Windows users, so
an attack like this is less likely to work.
If you say 'ban Windows, it's insecure', you'll just move the problem over
to a different platform. The security issues will tend towards the platform
where the least security aware people are. At the moment this is Windows -
but this isn't necessarily because it's that insecure than the other
platforms, just that the USERS are more "insecure". If you could force all
the Windows users to use Linux, for instance, you'd most likely find that
Linux would then be seen as the 'insecure' platform (eg a large number of
users would run Linux as 'root' with a password 'of 'password' or '12345'
etc). This isn't a problem caused by the OS, but by the users that use it.
If what you said was right then proportions of non-spammer use of
windows vs linux would be the same or clos to te spammer use.
Not really - see my argument above. *Currently* most Linux users are
security aware, and most Windows users aren't, so attackers will target
Windows PCs. If you're going to write an email worm/trojan, you'd obviously
prefer to write one which could attack 1 billion PCs where only 50% of them
will have working security protection, rather than one which could attack
100,000 PCs where 95% of them are protected. (The numbers are totally made
up just as an example, but you get my point).
Paul VPOP3 - Internet Email Server/Gateway
support(_at_)pscs(_dot_)co(_dot_)uk http://www.pscs.co.uk/