full-disclosure-uk May 2007 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: Re: [Full-disclosure] Linux big bang theory.

Re: [Full-disclosure] Linux big bang theory....

From: Derek Buelna <derekb_at_nospam>
Date: Thu May 10 2007 - 19:55:20 GMT
To: "'full-disclosure'" <full-disclosure@lists.grok.org.uk>


So many people aren't real UNIX sysadmins. Those that are, care about security and do an adequate job of protecting their systems. Give Linux to others and it may be more risky then giving them Windows. With Windows, root kits may be easier for an average user to detect, given the availability of numerous tools. I would assume the novice Linux users are less prone to deploying some sort of protection besides maybe updating it and having a firewall running.

If I was going to have an army of hosts I'd hopefully have a bunch of different kinds, using different kinds of root kits, in order to minimize losses if one kind of setup was discovered.

-Derek

http://www.syrex.com

-----Original Message-----
From: full-disclosure-bounces@lists.grok.org.uk [mailto:full-disclosure-bounces@lists.grok.org.uk] On Behalf Of J. Oquendo Sent: Thursday, May 10, 2007 12:12 PM
To: KJKHyperion; full-disclosure
Subject: Re: [Full-disclosure] Linux big bang theory....

KJKHyperion wrote:
>
>
> why, Windows machines of course, I'm an attacker, not a fool! If you
> were a terrorist, what would you rather do?
>
> Crash the Twin Towers
> Crash the dollar
>
> There is no such thing as an "attacker". All actions, even such an
> individual's, are driven by economical considerations.
With this said, if I were an attacker with economics in mind why would I want to target a machine which has X amount of vendors sifting through the much of malware and viruses when I could spawn off an semi undetectable program and KEEP IT THERE without having to wait for the next best thing.

I don't know about your logics on economics, but if I were the attacker and I was looking for a constant steady stream of revenue, I would go the Linux route. And if you think for a second that "Boohoo Linux users are more inclined to be security conscious" then you are the fool here. Of the couple of thousand of brute force bots I see, none are on Windows.

Whatever though, to each their own mechanisms of thought. If you truly believe its all fine and dandy and things won't get progressively worse by giving Linux to inexperienced users, you are in for a rude awakening. If you haven't stopped to read the facts that malware, *ware creators are getting more savvy, then you seem to be stuck somewhere in a world of fantasy. -- ==================================================== J. Oquendo http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743 echo infiltrated.net|sed 's/^/sil@/g' "Wise men talk because they have something to say; fools, because they have to say something." -- Plato _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/