Quote:
They usually rely on the user playing a big part, ie how is an virus attachment in an email which, when run emails your private documents away anything to do with an OS bug
Sure, if you need to execute the attachment to get infected, I wouldn't blame Windows.
It's a different story, though, if you only need to open the email to get infected. When I open an email, I am not expecting to run anything. It's like you don't expect anything to be run when you enter a drive. Yet, that is what Windows does (autorun).
Quote:
By that theory it's the OS's fault that you can delete the entire thing, ie "rm -rf /" on Linux.
You have to type and run the command.
I only need to insert the USB disk to run whatever is written in autorun.inf.
Quote:
Who said anything about cracking? Windows is targeted because it holds a larger userbase, at least for personal computing. If you're planning to spread ads or havok why would you go for the smaller userbase?
Because you get a bigger prize for cracking a bank server than 100 PCs.
Quote:
And if you're going to get that technical, there is more 3rd party software in Linux than Windows...
Huh?... what does it have to do with this?
Quote:
Virus writers have been targeting Microsoft operating systems for decades since the DOS days. It won't change if the OS becomes more secure... search google for "Linux virus", and you'll see that malware is being written for Linux too and in great part due to the increased popularity of this operating system.
I just googled it. All the virii I found require the user to explicitly run an untrusted binary. Not like just inserting a USB drive. And then the virus would perhaps exploit a bug in Linux to get root access. Yes, it would be a bug of Linux, just as Linux developers would openly admit, and be willing to fix.
Quote:
The Linux operating system, Unix and other Unix-like computer operating systems are generally regarded as well-protected against computer viruses.[1] There have been successful attacks, however, on both Linux and Unix systems, the most notable perhaps being the Cuckoo's Egg attacks on Unix systems in the 1980s.
There has not yet been a single widespread Linux malware threat of the type that Microsoft Windows software currently faces, this is commonly attributed to the malware's lack of root access and fast updates to most Linux vulnerabilities.[2]
The number of viruses specifically written for Linux has been on the increase in recent years and more than doubled during 2005 from 422 to 863.[3]
- Wikipedia
The whole blooming market cannot support the number of threats because of the fundamental design problems in Windows, making it particularly easy to exploit. Both bugs and "features" like autorun.
The Vista attempt at imitating what UNIX has for decades (sudo) has been a step towards the right direction IMHO. I won't comment on the implementation, because I have not used it extensively.
Quote:
I'd prefer to think instead it's an example of the difficulty of Windows to implement a root-like feature.
I think that is because Microsoft is keeping the core design from decades ago, when MS cared nothing about security. I think the only way to make Windows as secure as UNIX would be to rewrite the whole thing from ground up, with security in mind. But of course, that is not possible, as it will break all existing programs, and will be financially suicidal for Microsoft. It's a business afterall. As for why was UNIX designed from day 1 with security in mind, I wouldn't know. I wasn't born at that time.
As for the future, I haven't lived long enough to know. However, as of now, in UNIX/Linux, every exploit is considered a bug, and is fixed by the respective software developer. This approach has been working fine for Linux, and I am sure people want to break into UNIX systems (due to them being mission critical servers) as badly as they want to break into personal computers running Windows.