elfick said:
CrazyLarry said:
Completely agree, in a similar vein but in the other direction there is the almost blind faith in apple immunity to malware whilst pointing a finger at all things MS when in fact that's really mostly down to being a small herd of not particularly appetising apples living amongst countless millions of juicey sitting pcs! It's simply not worth the time and effort to write malware for something you'll only come across every 20th or 50th connection.
I've heard this argument before and find it doesn't hold a bit of water from a technical aspect. The bottom line is that any system in which the user runs with superuser access is more susceptible than one that doesn't. For a long time, the default windows user was a "power user" which gave an infection all the access it needed. That ease of access is what made MS such a juicy target.
I wasn't a mac user until after OS X so I can't speak about prior systems, but since I've been using it mac has been using a 'wheel' system similar to what is used in many linux distros.
MS has made great strides in security in recent releases but there are still many users running with a superuser account.
As a bit aside, I'm a *nix trained admin that prefers mac over windows and Linux over all. I use windows daily at work. Mac daily at home. And Linux daily at both.
-Lee
Wheel is just a group (comes from OSXs FreeBSD heritage) not really relevant just as root is an account unless you use tripwire or similar membership or not may not mean a think to a determined attacker. The level of access you need to a host is determined by the type of compromise not the other way round...
From a broader view such as large scale malware (think street mugger not skilled bank vault heist) it's the numbers that count, pure and simple, a lot of very successful attacks don't care in the slightest what user or group they are run under once you get past the security of a system it's of no consequence. ( think grabbing a handbay / purse from a moped / bike they don't care if its a gucci bag or a nylon wallet cards / cash / id it's all good)
OS9 mac's were no more secure than win95 boxes just rare by comparison just as NT3.5 boxes in a corporate environment were just as secure from a user context as an early NeXT / OSX system. Good malware doesn't have to rely on superuser rights anyway but even if we assumed it did there's no fundamental difference because of this:
Worm attacks machine A under a restricted non admin user K, immediately has access to all files over the network that user can access on numerous systems, 2 of those files are accessed by another user P on machine B so the worm has access to everything that user P can access, different groups different hosts different domains different rights,
Note in the 20 seconds so far you have lost lots of important business files maybe corrupted or maybe just have macro code inserted in them, no system files but then where's the cost that speadsheet of customer contacts, those invoices or the system files you could recover from dvd with a reinstall - yes that costs time / money but you see the point; damage still done no special rights needed.
In any case a decent bit of malicious shell code -> stack broken -> root rights assumed superuser irrelevant.
This applies to linux just as much to windows / OSX, debian is a lot better but really only OpenBSD comes close to genuinely secure and even then you need a raft of restrictions to keep it that way. Might be practical for you or I but there is no way average joe will wade through configurations and logs or even use sudo all the while. OSX still has loads of holes (not quite as many as M$ but then how many backdoors can you walk though at once? it's just not worth it numbers wise.
To show just how much it's all about attack frequency / result frequency consider spambots.
A few years ago (nearly ten!) ! set up a 21 system mail infrastructure (debian / redhat (licensing reason) / OpenBSD) including 3 dedicated inbound relays which handled just spam, two are a live failover pair and the third a hot spare activated if a live machine drops out. So an inbound connection is made by a spambot mimicing a normal mailhost which attempts an EHLO the relay looks up the host: if white listed it says carry on if blacklisted it says wait if neither it's told to wait 20 the spambots more often than not don't even wait the required time before moving on. If they don't wait their ID triplet is added to the greylist speeding up the look up. If the spamassassin hosts (next set of relays) detect spamhosts with their bayesian filters or spamhaus look ups then it graduates to blacklist.
First month it was implemented there was a 96% drop in total inbound mail ... almost spamfree, over 100,000 users.
Also if you look at current trends by volume of mail rather than number of senders recently compromised Linux machines have over taken windows ones and again, if a machiine's an 'open enough' relay a simple user account or even no account is enough to make the most of it, no admin / superuser / wheel required!
The same goes for malware I've experienced major attacks in 3 large corporations, one conventional virus, one a macro worm and one a binary worm they were stopped by a smart user, good policy and a quick witted admin respectively. Almost all the damage was to shared access low security non admin files, if I recall correctly the one ran to hundred's of thousands of infected files and the company I was working for got off lightly, there were others in a much worse state. All the companies were heterogeneous environments with NT / Mac / Unix internal and external vendor machines.
Security is not a windows problem it's quite possibly not even a computer problem it's a people problem.
