Hi there, On Sun, 21 Jul 2013, Greg Folkert wrote:
... Rootkits almost *ALWAYS* take stupid user interaction to fulfill their destiny. In other words, they MUST BE purposely installed by a user. that is on the system. Unlike being able to do it without breaking a sweat in Windows.
(1) Don't be too dogmatic about this. Many *nix exploits rely on little more than that the victim's system be running a particular(ly outdated) version of some particular software. Tools exist which can automate scanning for likely targets, but it's a numbers game and the probability of a successful attack on a randomly discovered victim is more or less proportional to the number of target systems running the vulnerable software. No matter what kind of vulnerability we consider (direct attack on a daemon, user interaction, whatever), the numbers of vulnerable Windows systems are likely to be orders of magnitude greater than the numbers of vulnerable *nix systems. Attackers know this, and they're in it for the money, so they tend not to waste their time attacking *nix boxes randomly. Specifically targeted attacks are in a different league, and unless you're running the IT services for a high-value target you're unlikely to come across them, but there's no doubt that they happen. Under some circumstances, the compromise of one target can enable the compromise of many others. See for example http://www.theregister.co.uk/2011/01/25/fedora_server_compromised/
Yeah. What is the threshold for Human ignorance and trojans/virus/etc...
(2) "No one in this world has ever lost money by underestimating the intelligence of the great masses of the plain people." [http://thinkexist.com/quotes/henry_louis_mencken/]
... But the Unix separation of Privileges model can mitigate much or most of the issue.
(3) Windows 7 and later don't do as bad a job as earlier versions, but there's still the pop-up box asking if it should do it, plus (2) above. -- 73, Ged. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
