Freshmeat: Blame the UI: Why Linux is Not Immune to ILOVEYOU-style WormsJun 10, 2000, 16:23 (4 Talkback[s])
(Other stories by Joe Pranevich)
WEBINAR: On-demand webcast
How to Boost Database Development Productivity on Linux, Docker, and Kubernetes with Microsoft SQL Server 2017 REGISTER >
"These days, it seems as if everyone likes a good "Microsoft is Evil" story. I'm not going to agree or disagree with that statement in general, but this recent (and continuing) wave of email worms has given the media and the users plenty of room to criticize. Largely, these complaints have revolved around a general lack of security in Microsoft's products -- a historical truth. Adding to this anti-Microsoft inferno does not improve Linux as a whole and I believe that our time is better spent working towards ensuring that these kinds of attacks can never happen on Linux."
"The Linux kernel has an excellent reputation for security-conscious computing. Security bugs, when found, are squashed exceedingly quickly. Linux's low-level security is based on the classic UNIX model of users and groups. In brief, this ensures that one user can never harm another user's files or any system files without explicit permission. Additionally, Linux ensures that no user is capable of denying service to any other user through crashing the machine, resource depletion, or a number of other more subtle approaches. There is currently work being performed to add a "capabilities" system to the kernel to make it even more fine-tunable. This model is good and very powerful, but it does not and cannot protect the user's own files from himself or application stupidity."
"The security bugs currently being seen in Microsoft Outlook are of the latter variety: application stupidity. One does not necessarily need to be running under a Windows environment to write or use stupid applications. ... Of particular concern are either programs that are regularly granted administrative rights (such as an X Server) or programs that deal with untrusted data (such as your Web browser or email client). As Linux does not have any internal conception of "trusted" vs. "untrusted" data, application programmers must be fairly smart about it. Microsoft's Web browser manages to deal with this dilemma at a high level, but obviously wasn't ingrained enough to uniformly combat the problem. On the Linux side, it will be up to the GNOME and KDE development teams to make sure they deal with this issue, as they will be Linux's flag-bearers into the future."
0 Talkback[s] (click to add your comment)