[Hidden-tech] OS Security (was Re: Any experience with a Virus that attacksdocuments?)

[Robert Heller]

At Sun, 18 Jan 2015 06:46:04 -0500 Levi Ramsey <leviable at gmail.com> wrote:

> 
> 
> 
> 
> On Sat, Jan 17, 2015 at 8:07 PM, Gyepi SAM
> <gyepi-hidden-tec at praxis-sw.com> wrote:
> 
> > Yes, part of the reason most virus writers target Windows is because it is
> > ubiquitous. However, the other important reason is that Windows has a broken
> > security model and it is much easier to write virus software for it.
> >
> > Conversely, it is harder to write a virus for OSX or Unix and and the payoff
> > is considerably more limited (unless you target privileged processes, but
> > that's a different kind of attack).
> 
> OTOH, for crypto malware, the payoff is basically the same on Unixish
> OSs as it is in Windows: if the virus executes under the targeted
> user's privileges, then the documents which the user is interested in
> can be written to and encrypted.  Bingo, you've got a ransom.  The
> threat model of crypto malware is such that it effectively defeats a
> user-privilege-based security model.  That said, it may be somewhat
> more difficult to propagate such malware on Unixish platforms, but to
> the extent that users of such platforms believe that they're not
> affected, inadvertent user propagation might be more likely.

Part of what is going on is: how to get the target user to:

download, install, and run the malware?

With Linux, there are many more 'barriers' to this.  Part of MS-Windows's 
security problems is the 'self-extracting' installer: you download an 
executable and when run it installs itself (possibly invoking whatever 
priviledge escalation needed to do that).  MacOSX has *some* of that also.  
Linux generally does not.  For the most part Linux users make use of 
'repositories' accessed by package management software.  These repositories 
are maintained by people who use QA methodologies to insure that the software 
there works as it should.  What this means is the *Linux* users are extremely 
*unlikely* to download, install, or run the malware, *even if such malware 
were possible* under Linux.  Yes, one of the 'complaints' from people moving 
from MS-Windows to Linux is how 'hard' it is to just download and install 
extra software ('Why do I have to go though all of this rigimerrole with the 
package manager thingy? Why can't I just download the software then just 
double click on it to install it?').

In many ways the 'self-extracting' installer is itself a bad idea and is a big 
part of the spread of MS-Windows (and to a lesser extent MacOSX) malware.

> 
> > I may sound like a crank but this bears repeating; the simplest solution to
> > these Windows problems is to stop using Windows.
> >
> > Fortunately, there are alternatives. They are not perfect but they are more secure.
> >
> > I gave up on Windows and switched to Linux 18+ years ago.
> > Now, I also use OSX and think it is a fine alternative.
> 

-- 
Robert Heller             -- 978-544-6933
Deepwoods Software        -- Custom Software Services
http://www.deepsoft.com/  -- Linux Administration Services
heller at deepsoft.com       -- Webhosting Services