I've been thinking some more...
...about the security issue with Windows/Linux.

And I have come to the conclusion that it's not just a game of numbers.

For one thing, if you received an email with an executable in it, as a windows user, you just have to double click it and it runs. Voila, virus installed. I know you can block exes, zips etc...but then there will be times I'm sure when you legitimately want to do that, when you know it's not a virus. In linux, you would have to save the attachment off somewhere, log in as root (or give yourself root access) and then change the file attributes to allow the file to become executable. Not something that can really be done by accident.

Even if the user were stupid enough to do this, then the virus would very likely not be able to spread as fast as windows virii as the next user it was mailed to may well not be as stupid as the last.

Another is the fact that the dominant email client is Outlook or Outlook express. Both of these use IE to display emails, meaning that if there is a security hole in IE (and let's face it, there have been, and will be, plenty), then it affects Outlook and OE as well.

In Linux distros, the email clients differ wildly, I can think of about 4 off the top of my head that are widely used, meaning that a virus writer would have to write the virus to check for all sorts of mail clients to extract contact information etc... whereas in windows, the writer would probably only tarket one - the most popular. Yes, this part I suppose does make it a game of numbers.

As Linux users are not logged in by default as root - unlike windows, where the first user setup has by default admin rights - the only damage a virus *installed* as that user could do, is to that particular users home directory, and thus the system is still stable and safe. The user would simply log in as root and fix the problem.

Even if a program in Windows is installed under a non-admin user, DLLs can still be installed system wide - this is not the case in Linux, meaning that the program (virus) only has access to that users home folder once again. In windows, any user can excecute a program to use those DLLs regardless of who installed them, so the actual user is pretty much moot.

So, even if Linux were the dominant player, virus' would not be able to spread in the same way they do in Windows. The filesystem is much cleverer than NTFS or FAT and it would be extrememly difficult to get anything into the boot sector.

Sorry for the geekiness - I was just thinking out it when people come out and say, "it's because Windows is the biggest that it's targetted more" - yes, that is true, but at the same time, and with the track record of Windows, you'd think that maybe they might implement some very basic security measures to stop this happening. Unless of course, it's good for business - which I imagine it is is many respects.

Regardless of how a file hits the system, in Linux it has to be told manually that it can excecute - in windows, all you have to do is receive it via outlook.
(dchurch bah, Tue 19 Aug 2008, 10:45, Reply)