On Tuesday 31 August 2004 13.30, Volker Tanger wrote: [spyware/adware/trojans/...:] > Yes and no. When surfing as normal user *ware programs cannot install > themselves as system services or overwrite programs simply as you/they > do not have the (file) permissions to do so. Technically, for most purposes, malware installing itself into an unprivileged user account and automatically starting itself through ~/.bashrc or whatever is entirely possible, especially since most malware these days seems to be used only as a base for DDOS attacks (including sending spam), so no special privileges are necessary here. (And KDE and Gnome are currently catching up nicely in the number of little useful (?) daemons that are started on a desktop machine.) Windows currently having >90% of the desktop market protects Linux and other systems currently: malware could not propagate fast enough. Also, most email clients don't offer to execute arbitrary email attachments. OTOH, I wouldn't trust the Javascript implementations in the Linux browsers any more than I trust the Javascript implementation of IE. Another thing that protects Linux systems: heterogenity. Binary exploits usually only work properly when a program is compiled and linked with specific compiler and library versions -- with different versions, all you get is a crash (which does no real harm in most cases). I think there are far more different Linux versions out there than there are Windows versions, so I *think* that even with Linux becoming a more attractive target, you'll never get a single malware spreading with a speed comparable to what's happening in Windows today. greets -- vbi -- According to my calculations the problem doesn't exist.
Attachment:
pgpaL_nUD146c.pgp
Description: PGP signature