[OT] iPod virus

[nobody]

http://www.kaspersky.com/news?id=207575511

No, it was not posted on Apr.1st.

<quote>...in order for the virus to function, Linux has to be
installed on the iPod...</quote>

So much for Linux being virus-proof

NNN

 

[The little lost angel]

http://www.kaspersky.com/news?id=207575511

No, it was not posted on Apr.1st.

<quote>...in order for the virus to function, Linux has to be
installed on the iPod...</quote>

So much for Linux being virus-proof

Well, if you setup even the most secured OS to allow programs which
has no business changing other files are allowed to do so, nothing can
be virus-proof. Notice that the article stresses that it requires user
intervention to work? You can make an OS virus-proof, but you can't
make it fool-proof.

 

[nobody]

Well, if you setup even the most secured OS to allow programs which
has no business changing other files are allowed to do so, nothing can
be virus-proof. Notice that the article stresses that it requires user
intervention to work? You can make an OS virus-proof, but you can't
make it fool-proof.

Most of Windows targeting malware also work only when the users open
an attachment they have no business of opening, or get enticed to
visit a page they have no business of visiting. Oh, and also doing it
using an account with full admin rights they have no business of using
for mundane tasks like Web browsing and email reading. Yet somehow
Windows is branded vulnerable, and Linux/MacOS/whatnot is not.

NNN

 

[Jerry Peters]

Most of Windows targeting malware also work only when the users open
an attachment they have no business of opening, or get enticed to
visit a page they have no business of visiting. Oh, and also doing it
using an account with full admin rights they have no business of using
for mundane tasks like Web browsing and email reading. Yet somehow
Windows is branded vulnerable, and Linux/MacOS/whatnot is not.

NNN

Because knowledgable Linux users don't browse arbitrary web sites
as root perhaps?

Take a look at some of the current Windows exploits, many don't
require _any_ user intervention except visiting a compromised web
site (the animated cursor exploit, for example).

Jerry

 

[Del Cecchi]

http://www.kaspersky.com/news?id=207575511

No, it was not posted on Apr.1st.

<quote>...in order for the virus to function, Linux has to be
installed on the iPod...</quote>

So much for Linux being virus-proof

NNN

Only a fool would have ever said that Linux was virus proof.

 

[Alexander Grigoriev]

Only a fool would have ever said that Linux was virus proof.

Too bad too many such fools preach the great hype around. Viva Linux, abat
(down with) MS....

 

[Robert Redelmeier]

So much for Linux being virus-proof

No-one ever claimed that Linux is. To even use the term
"virus" is usually imprecise.

There are two fundamentally different ways undesireable code
gets executed on a machine:

1) The user brings it in, believing it is something
useful. This is called a "trojan" for obvious reasons.

2) The OS or commonly run daemons [services] have some
form of vulnerability that can be exploited by an automated
attack without user intervention. This is called a "worm".

Linux aims to be "worm-proof". It does not aim to be "trojan-proof"
since this would excessively limit the user. Unix and other
Linux-like systems are built with the implied basis that usercode
may be hostile, and damage should be isolated to user data.

Most of the malicious pgms are actually trojans.
The occasional worm [Slammer] pops up.


-- Robert

 

[nobody]

Because knowledgable Linux users don't browse arbitrary web sites
as root perhaps?

Take a look at some of the current Windows exploits, many don't
require _any_ user intervention except visiting a compromised web
site (the animated cursor exploit, for example).

Jerry

Sure in order to just think Linux the users need to have at least some
knowledge. Unlike those, Windows users just get the system from the
store/school/work and start using it without much thinking. While
school/work PC is most of the time set up more or less right - that is
with limited user account, antivirus, firewall, etc., the one that
comes from the store boots up straight to Administrator account, not
even ctrl-alt-del required, and the password is blank. The users that
know change it. However most of the users don't know and/or don't
care. And that kind of user is also the one to most likely install
animated cursors and other crap that oftentimes comes with trojans
attached.
Guess who is more likely to be caught for drunk driving - the ones
coming back from child play date, or the ones coming back from a
football game with usual tailgate beer bash? Maybe not a direct
comparison, but you've got the point.

NNN

 

[Spoon]

[...] Windows users just get the system from the
store/school/work and start using it without much thinking. While
school/work PC is most of the time set up more or less right - that is
with limited user account, antivirus, firewall, etc., the one that
comes from the store boots up straight to Administrator account, not
even ctrl-alt-del required, and the password is blank. The users that
know change it. However most of the users don't know and/or don't
care. And that kind of user is also the one to most likely install
animated cursors and other crap that oftentimes comes with trojans
attached.

It is Microsoft's responsibility to make these users care.

 

[Robert Redelmeier]

[...] Windows users just get the system from the store/school/work
and start using it without much thinking. While school/work PC is
most of the time set up more or less right - that is with limited user
account, antivirus, firewall, etc., the one that comes from the store
boots up straight to Administrator account, not even ctrl-alt-del
required, and the password is blank. The users that know change it.
However most of the users don't know and/or don't care. And that
kind of user is also the one to most likely install animated cursors
and other crap that oftentimes comes with trojans attached.

It is Microsoft's responsibility to make these users care.

.... and with all the bugs, MS isn't doing just that?

IMO, MS has some chosen some _extremely_ bad default options
for many of its' pgms. They could have just incorporated the
NIST settings. They didn't, and not by accident.

AFAICS, MS _chose_ insecurity because it minimizes early tech
support calls (at the expense of later ones due to infections).


-- Robert