[Hidden-tech] OS Security (was Re: Any experience with a Virus that attacksdocuments?)

[Levi Ramsey]

On Sat, Jan 17, 2015 at 8:07 PM, Gyepi SAM
<gyepi-hidden-tec at praxis-sw.com> wrote:

> Yes, part of the reason most virus writers target Windows is because it is
> ubiquitous. However, the other important reason is that Windows has a broken
> security model and it is much easier to write virus software for it.
>
> Conversely, it is harder to write a virus for OSX or Unix and and the payoff
> is considerably more limited (unless you target privileged processes, but
> that's a different kind of attack).

OTOH, for crypto malware, the payoff is basically the same on Unixish
OSs as it is in Windows: if the virus executes under the targeted
user's privileges, then the documents which the user is interested in
can be written to and encrypted.  Bingo, you've got a ransom.  The
threat model of crypto malware is such that it effectively defeats a
user-privilege-based security model.  That said, it may be somewhat
more difficult to propagate such malware on Unixish platforms, but to
the extent that users of such platforms believe that they're not
affected, inadvertent user propagation might be more likely.

> I may sound like a crank but this bears repeating; the simplest solution to
> these Windows problems is to stop using Windows.
>
> Fortunately, there are alternatives. They are not perfect but they are more secure.
>
> I gave up on Windows and switched to Linux 18+ years ago.
> Now, I also use OSX and think it is a fine alternative.

-- 
Levi Ramsey
leviable at gmail.com
lramsey at umass.edu