[clue-tech] Linux vs. Windows security

Bruce Ediger bediger at stratigery.com
Fri Jan 22 07:04:13 MST 2010 

On Thu, 21 Jan 2010, Jason Ash wrote:

> My fiancee, Lisa, and I were discussing the security of Linux vs.
> Windows tonight. Not to drag you into it, but my position is that *nix
> operating systems are more secure by design and she (a Windows
> aficionado) just says it's security by obscurity. I tried to explain

The first wide-spread MS-DOS virus appeared in 1988, "Brain".  The number
of MS-DOS machines in '88 was almost certainly way, way less than the number
of Linux desktops today.  Also, Apache web server has always had something
like a 2:1 advantage over IIS, yet IIS has had a larger number of worms than
Apache.  Something else is at play besides "market share".

The ubiquity of Windows malware probably has more to do with some arguable
social and technical factors than any market share.

For instance "Word" macros: probably due to "Word" keeping macros in the same
file as the document, not separate.  Vesselin Bontchev himself came out in
the lauded "Virus Bulletin" saying that the reason macro viruses ceased being
a problem was due to Word 2003's dialog box "OK" button being to *not* run
the macro, rather than running it on "OK".

Making "documents" executable is probably the biggest reason for wide-spread
file-infector viruses and trojans.  Only Windows and MacOS treat documents as
"executable" and they both have had plagues.  Passing around executables in
grossly buggy email clients like "Outlook" makes Melissa and "ILOVEYOU" and
Klez and ... possible.  Somewhere, I read that before Outlook, if you'd mentioned
making email content executable, people would have looked at you like you
had a hole in your head.  And that's very true.

Some other technical things that Windows has that aid malware: the way you
mark a file "executable" is by giving it a special "extension". You know,
".exe" or ".com" or ".bat" or ...  No official enumeration of executable
extensions exists.  Every once in a while, some fool comes up with a way
to use an odd extension (.pif, for example) that's executable at least under
some circumstances, to spread stuff.  I think the old Nimda worm used this
sort of thing.  Infected ".emf" files have also been used.

More information about the clue-tech mailing list