Tony [EMAIL PROTECTED]@Mon, 28 Jan 2002 22:16:12 +0100: > "In other words, users who are taking standard security > precautions (such as running the current operating system and > *not running code they don't know about*) won't be infected." > *eg* Good one! Reminds me of the following story:
(It's quite a read, but I really do think it's worth it!) --- The Ultimate Anti-Virus Software: Linux Solving the Security Issues in Windows: Replace It! Paul Ferris Editor's note: In light of the wackiness surrounding the ILOVEYOU virus, Paul Ferris's look at viruses and Linux seems especially prescient. Enjoy, knowing that you were invulnerable to the ILOVEYOU virus. Spring was in the air finally as I rolled back into town and into my favorite hangout, the Beer & Bytes. For those of you who've never experienced it, the Beer & Bytes masquerades as a bar, but it's really kind of a geek coffee house. Computer parts adorn the walls and Monty Python episodes and movies play on the TVs instead of sports channels. The experiences there are usually only the kind a geek could love: things like debates over object-oriented programming and operating-system design. Linux, BSD, and Unix lovers abound. But every once and a while a buddy of mine shows up with a tale to tell or a problem to solve, and it makes for an interesting day from the human perspective. Once again, my good old buddy Slots Globnick rolled in with--lo and behold!--a laptop computer running Windows 98. Usually if Slots shows up the day is guaranteed to take an interesting twist. No one really took notice at first, until Ratz came over and asked, "Hey Slots, what'll it be?" Slots was kind of engrossed with something on the screen, but he peered up for a second and mumbled something about "the usual" and returned to the screen. Ratz reached around and turned the laptop to his face momentarily. "Windows 98!" The tone of voice suggested something out of a Western movie, whereby the next line from the bartender is something along the lines of "We don't serve your kind here, hombre!" That didn't happen, but someone did turn down the TV and attentions shifted. I decided to belly up to the bar and see what was cooking with the laptop. "Whatcha doing, Slots?" My curiosity, like the rest of the people in the room, was mounting. "Got a virus, and I'm trying to get rid of it. Plus, I think somebody hacked into my laptop the other day while I was surfing the net. I'm not sure, though," he said, still working the mouse pointer and running some kind of virus utility. I looked at the laptop and the anti-virus scan. "Hard to tell with some operating systems," I said, "whether it's a virus or just plain normal operation." I used the word normal at this point, like what we in the Free Software community mean as fubarred, but that's beside the point. "What makes you think you have been hacked?" I asked casually. Slots turned and shifted around a bit, taking a sip of latte. "Well, for one thing, all of my personal Web pages now start with the phrase: '1'V3 H4X0RR3D Y0UR S1T3 U L4M3R, 1 0wn U'." Slots looked troubled. I had to admit at that point that it looked like someone had broken into his computer. Likely some script kiddie with too much time on his hands. "Man, we've been working on you for months to switch to Linux." I said. "Why didn't you do it, and lock your security down. This wouldn't have been a problem." "Linux?" Slots laughed and shook his head. "Why, Linux is less secure than Windows. Everybody knows it's by hackers for hackers. The stuff practically has 'hack-me' written all over it!" I have to explain at this point that a lot of drinking establishments have rules, and some of them are unspoken ones. You're free, for example, to bring a laptop running Windows 98 into the Beer & Bytes--no one will care. You're even free to turn said laptop on and run some kind of bullet-proof Windows application, like Solitaire. Again, no one will care. But you cross the line at repeating marketing ideas that have no basis in reality, and especially among the people who have spent a good deal of their days trying to stomp out the real problems. Bad ideas are bad enough, but wrong and bad ideas? It's hard to be tolerant of them, and the technical issues at the Beer & Bytes are kind of in the same category as religious issues would be in a church. And everyone knows that Linux is high on security--you have the tools to check and monitor your security and more. We all began explaining this to Slots, but he would hear none of it. It didn't matter in the slightest that all the while he was doing this, his infected laptop was churning away attempting to fix a new virus. It didn't matter that recently his Web pages had been altered, likely by some teenager with too much time on his hands. "You got your list of security holes, and I got mine. I've been to some of the Linux security sites--there are holes found in Linux all the time." He looked around. No one was arguing this point with him. "I was hoping that someone here could find something to wipe this virus off my laptop for me, and that's why I stopped here. I guess that I was mistaken. I'll be on my way." At that point, Tiny seemingly appeared out of nowhere. This was a dramatic moment. Saying that Tiny appeared out of nowhere, well, it's kinda like saying the Titanic appeared out of nowhere. Tiny is anything but tiny. He's well over 6 feet tall and he's got this tattoo on his chest "Born to Code Free." And he's often very helpful in situations where Slots needs help. But helpful at this point was using the definition like Bill Gates used in his trial defense: "We weren't trying to crush Netscape, we were just being helpful.?" Slots sat back down. Tiny held out a black CD-ROM by the edges. There was no writing visible on the CD itself. It looked rather new, and the underside was a bluish color. It was something that somebody had either copied or burned. "Here," he said slowly, "Load my anti-virus software on your computer. That should take care of all of your," he paused tilting his head ever so slightly and squinting his eyes a bit, "security issues." Slots looked about for a hole in the crowd. There wasn't one. He looked at his laptop, where the CD-ROM tray was open--ready for the CD that Tiny was offering. He looked back at Tiny. "What's on that CD?" Tiny grinned and spoke slowly in a low voice: "Anti. Virus. Software". There was a pregnant pause. Slots looked at the CD with some trepidation. "No," he finally spoke, "I mean, what kind of anti-virus software is it? I'd like to know what kind of software I'm loading on my laptop. It's kind of important, see?" The smallest hint of a grin began to form on Tiny's mouth. "Trust me. It's real good Anti. Virus. Software." The tone suggested that Tiny had all the faith in the world that it was good. It also suggested that maybe, possibly, it was good for Tiny, or it might be good for Slots. No one, not even I at that point was sure which one. I thought it was odd though, because I knew Tiny really well, and he's a pretty nice guy. It takes a lot to get him riled up, and a script kiddie, or cracker, well he's not one. I waited along with everyone else for some kind of outcome to make it clear what Tiny was up to. Slots finally relaxed a bit. "Look, I don't know what's on that CD! It could be anything!" He quickly held up his hands. "Don't take this the wrong way or anything, Mr. Tiny, but I can't be sure of what you're offering me there! It could be another virus, it could be some kind of destructive program, it could be a Trojan horse even. It doesn't have a label on it or anything. What kind of idiot do you take me for?" Tiny broke into a full grin. "Well, I hate to be so precise. But I take you to be the kind of idiot that loads software that has known back doors and privacy compromising mechanism in it. You'll load software that is essentially an unknown, all the time. Why you're having a problem with my CD, I can't figure out." Slots looked at Tiny questionably. "When? I've never loaded anything on here that I wasn't absolutely sure of! Why, I've got all the latest service packs installed and I purchased this laptop with a certified version of Windows 98! I don't know what you're talking about." Slots was waving his hands over the laptop the way a priest might refer to a Bible. I broke in, because now I knew why and what Tiny was up to. "You mean, you know all of the backdoors in Windows 98? Why just recently they found what looks to be another backdoor in Windows NT, which is supposed to be even more secure than Windows 98. The point Tiny is making, rather has made, and he's right, is that you've loaded a proprietary operating system, with God knows what under the hood." "Look," I said. "Open-source software may be made by a lot of people that are unknown--but it's used by a lot of people that care about what's under the hood. There are no back-doors in Linux, because it's an operating system that bares all for anybody who wants to look." The gears began to mesh in Slots head. He was finally nodding. "You have to see what Tiny is saying to you." I said. "His CD could be just about anything--without you seeing the code itself, you don't know if it's really secure, or if it's got back doors or anything." I looked at Tiny. He smiled at me, nodding his head. "That's the point that Tiny is trying to make. That's the point that you've missed here." Slots looked around, seeing the room and its occupants now in a different light. I looked at Tiny. "What's on that CD, anyway?" I asked, smiling. Tiny grinned and put the CD back in his coat. "It's a copy of Debian. I used it last night on my home computer. The best anti-virus software that money can't buy!" he said. "But I wouldn't have installed it, at least, not without your permission man." He patted Slots on the back and laughed. He wasn't alone; everyone had a good laugh. Slots stopped laughing and looked doubtful. "You sure?" Tiny grinned. "Trust me." he said, nodding. --- -- *=-+-______________________ |lintux-@t-lintux-d0t-cx: _ Ugh! Nio2f says something: ______ : http://www.lintux.cx/ | / code on a laugh about what re c.. \ ~~~~~~~~~~~~~~~~~~~~~~-+-=-+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+-=* -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
