Lets Suppose !

[D_block]

Now i may be wrong but.. there are 3 different breeds of OS's

(1) Microsoft Windows

(2) Apple Mac

(3) Linux

well this is the three we are dealing with for now in a little proportion ..

Now as we know Windows OS's and Virus go hand in hand , nice like a marriage " make you wanna throw rice "

For Mac virus is a hardly issue and for linux apparantly no one is that bored yet to really start writting them ( they may have , who knows ) .

Now so if we are supposing that these three Breeds got the same feed or load of virus to affect the same parts of the OS , ( which ever way it be ) . What do you think would be the turn out ?

would ppl still stick to windows or jump ship to Mac or just use a free open source build ?

Now i pose this for you guys you obviously have ran atleats 2 or all three different breeds mentioned above .....

Whats your thoughts ? Just Supposing ?

[herbalist]

Assuming that they're all equally vulnerable, equally attacked, and that the tools to secure each are equally available, people will use what they're comfortable with. BSD is more secure than Windows, but I stay with Windows because it's more comfortable to use. It's what I'm used to. People will use what fills their needs and runs the software they use. I have 4 operating systems installed on a multiboot setup. On each one, something I use is installed that won't run on the others, so they all get used. My browser of choice and related software is also installed on each OS so all of them would work equally well for casual use. But whenever I'm just casually on the web, I'm always using the same OS, not because it's the most secured, but because it's the one I find most comfortable to use. I'd expect that to be true for most people.

Rick

[cluberti]

Depends on which versions of Windows, Mac, etc. Windows gets viruses because it's the biggest target (ask Mozilla and Apple what happens when you start to get marketshare... it's just that simple, people will not waste time writing viruses/malware that will infect 5% of the internet population when they can instead bother to waste the time to infect the other 95%).

I smell a troll....

[Zxian]

Let's not forget... it took Apple a month and a half to fix the recent DNS vulnerability that was discovered in August (system independent). Most Linux repositories had fixed packages available within a week, and Patch Tuesday came shortly after the vulnerability was discovered.

Mac and *nix exploits have been found before, and taken advantage of. We just don't hear about it since, as cluberti pointed out, they're such a small portion of the market that, frankly, nobody really cares.

[Tarun]

Sure, there aren't any major viruses going around on Mac/*nix; but that's because people with virus programming skill are usually in it for the money. And if they're in it for the money that means they're too skilled to waste their time on 1% of 1% of the computing population. If someone is that skilled it may very well be embarrassing to them to some degree.

[D_block]

yes yes , you guys are stating the obovious, but, put all on an equal playin feild market share wise 33.3 % each. do you think it would be any easier to fix or troubleshoot a MAc or Linux ..

ive barely touched Mac's but as for linux the most times i get problem with that "thing" i see my hairs greying !!

[nomadturk]

Well, MAC's are BSD based. Thus there's not much of a difference between MacOSX and any GNU/Linux or BSD computer.

The thing is, it's not that "no one is bored enough to write a virus". These operating systems doesn't have viruses, or let's say too few of them, because of high security measures. Even if they get infected by a virus, it won't affect any system files and by removing the user with root account, the virus may be cleansed. (mostly, i think)

(Well, maybe for ubuntu it will be different because any virus who executes commands by adding sudo to the front will succeed)

I assume it is the same case for Mac's too.

But, in case of Windows, it's vulnerable to anything. Thus, in case of a virus attack it may destroy the whole system

Anyhow, i think most people, especially newbies, will prefer using Mac's afterwards since it requires less struggle than any GNU/Linux / BSD does. Rest will be divided in to hundreds of linux distros and bsd's.

[CoffeeFiend]

The thing is, it's not that "no one is bored enough to write a virus". These operating systems doesn't have viruses, or let's say too few of them, because of high security measures.

That's where you're completely wrong. It is primarily because of the way too low market share not to bother. Those OSes don't offer anything magic to protect against viruses. 99% of their "protection" is either:

1. it doesn't run 99% of apps/executables out there (not compatible with Windows binaries)
   
2. most people aren't logged in as root
   

First is directly due to their low market share, and that can be "fixed" easily. As for #2, that's no advantage over Vista with UAC (main diff: one asks for a password, the other only needs a click)

Even if they get infected by a virus, it won't affect any system files

False. Viruses could infect anything too (every single binary on the box -- there's nothing special preventing that) given the proper permissions (no difference at all!)

by removing the user with root account, the virus may be cleansed.

Nope. The viruses could be installed anywhere, just like on Windows. Removing a user won't fix everything magically. And with anything UNIX-y, you can still have rootkits and such (hiding any process/malware and such).

It sounds like you don't understand how viruses fundamentally work. Linux/BSD/Macs main advantage is that they're not targeted yet. Cluberti/Zxian/Tarun are totally right.

Besides, don't underestimate the amount of people who will gladly type in their password to install "shiny cursors 2009 pro" or whatever such garbage. There's enough of those people around to create HUGE a market for Linux/BSD anti-malware apps.

Anyways. Malware aside (it's really not much of an issue these days), where people would go is really simple: they'll go where the software is. And people make software for the platform with the most users. There's more software for Windows because there's more users, and the users keep using Windows because that's where the software is. That's pretty much it in a nutshell (but there's a LOT more reasons why people will keep using it anyways, just too long to list 'em all)

Edited December 20, 2008 by crahak

[nomadturk]

The thing is, it's not that "no one is bored enough to write a virus". These operating systems doesn't have viruses, or let's say too few of them, because of high security measures.

That's where you're completely wrong. It is primarily because of the way too low market share not to bother. Those OSes don't offer anything magic to protect against viruses. 99% of their "protection" is either:

1. it doesn't run 99% of apps/executables out there (not compatible with Windows binaries)
   
2. most people aren't logged in as root
   

First is directly due to their low market share, and that can be "fixed" easily. As for #2, that's no advantage over Vista with UAC (main diff: one asks for a password, the other only needs a click)

Even if they get infected by a virus, it won't affect any system files

False. Viruses could infect anything too (every single binary on the box -- there's nothing special preventing that) given the proper permissions (no difference at all!)

by removing the user with root account, the virus may be cleansed.

Nope. The viruses could be installed anywhere, just like on Windows. Removing a user won't fix everything magically. And with anything UNIX-y, you can still have rootkits and such (hiding any process/malware and such).

It sounds like you don't understand how viruses fundamentally work. Linux/BSD/Macs main advantage is that they're not targeted yet. Cluberti/Zxian/Tarun are totally right.

Besides, don't underestimate the amount of people who will gladly type in their password to install "shiny cursors 2009 pro" or whatever such garbage. There's enough of those people around to create HUGE a market for Linux/BSD anti-malware apps.

Anyways. Malware aside (it's really not much of an issue these days), where people would go is really simple: they'll go where the software is. And people make software for the platform with the most users. There's more software for Windows because there's more users, and the users keep using Windows because that's where the software is. That's pretty much it in a nutshell (but there's a LOT more reasons why people will keep using it anyways, just too long to list 'em all)

Well well well...

I admit, i'm not a guru of linux. And i mainly use WinXP. But i used many different linux distros and i feel i must defend it. (:

1- The reason why Linux viruses won't be affecting the whole machine and won't be able to affect the system files is that no linux user is stupid enough to login as root. Having a root user is one security step over windows xp.

2- Windows applications are indeed windows applications, therefore should only run at windows systems. Which they do it right. They mostly don't even work properly different windows releases! But, having WINE, BSD and GNU/Linux OS'es can run their applications, though not all of them and not too good.

3- Any windows release can not be compared to any BSD or GNU/Linux by any msecurity we're talking about.

4- Let's say... The majority of Web servers are running Linux and Unix. This alone is enough a reason to "bother" with writing viruses.

5- Also, about the people part... Luckily majority of Linux/Unix/Bsd/Mac users are clever enough to not to let a virus spread itself to their system. The rest, those who'll gladly type in their password to install "shiny cursors 2009 pro" can't bother using such an operating system that'll ask passwords at so many stages and require custom driver editings, long command line installations and such.

[CoffeeFiend]

1- The reason why Linux viruses won't be affecting the whole machine and won't be able to affect the system files is that no linux user is stupid enough to login as root.

You're SERIOUSLY mis-underestimating the average user. As soon as most people would use Linux, you'd have millions of users who would gladly do just that, or enter their admin pwd at any and every prompt.

Having a root user is one security step over windows xp.

Nope. Windows has just the same. And with the current version, you're not running as admin by default, and even if you went and made yourself an admin, there's still UAC on top (unless you go disable that too). You can use both as a normal user just fine. Windows actually has the advantage here.

Any windows release can not be compared to any BSD or GNU/Linux

Yeah, a not tageted OS at all with no market share, and without all the n00b users doing everything in the big book of "things not to do" everyday. Of course it can't be compared!

Point #3 doesn't really mean anything when it comes to security.

Let's say... The majority of Web servers are running Linux and Unix. This alone is enough a reason to "bother" with writing viruses.

Not at all! First of all, it's not that big of a majority in the first place. Secondly, there is no user logged in on those boxes executing programs, so viruses wouldn't ever have a chance to run (same applies to a Windows box w/o ever a user logged on). And those DO get attacked and rooted routinely. In fact, insanely high numbers of them do get hacked just because of the software they run, just for example, the recent-ish phpbb exploits. There's just WAY too much garbage php "code" out there to even bother writing anything fancy to attack them. Just about any script kiddy with 5 minutes of time to waste can PWN a lot of websites with the first thing they read from "SQL injection 101"...

Luckily majority of Linux/Unix/Bsd/Mac users are clever enough to not to let a virus spread itself to their system.

Yeah, the sub-1% of geeks who run it now don't. But move half of the Windows users to Linux overnight, and you'd clearly see LOTS of that. What you're saying, is that the OS is too hard to use, so nobody else "normal" will use it -- that's not saying much in favor of the OS being secure (i.e. the users are merely more knowledgeable -- not that the OS is actually any better protected or secure!)

[jaclaz]

Generally speaking , it is not correct to "generalize", mixing Linux with BSD and even talking of "Linux" or "BSD" is incorrect.

It would be just like saying "Windows", which one?

Windows 3.0

Windows 3.1

Windows NT 3.51 (Workstation OR Server)

Windows NT 4.00 (Workstation OR Server)

Windows 95

Windows 95 OSR2

Windows 98

Windows 98 SE

Windows 2000 (Workstation OR Server)

Windows XP Home

Windows XP Professional

Windows Server 2003

Windows Vista (name any of the umphthh versions)

Windows Server 2008

Windows 7

A virus may (ab)use of something that is peculiar to the specific "edition" or "distro" or "branch", besides attacking a certain "core".

OpenBSD as an example:

http://www.openbsd.org/security.html

is much more focused on security, particularly:

"Secure by Default"

To ensure that novice users of OpenBSD do not need to become security experts overnight (a viewpoint which other vendors seem to have), we ship the operating system in a Secure by Default mode. All non-essential services are disabled. As the user/administrator becomes more familiar with the system, he will discover that he has to enable daemons and other parts of the system. During the process of learning how to enable a new service, the novice is more likely to learn of security considerations.

This is in stark contrast to the increasing number of systems that ship with NFS, mountd, web servers, and various other services enabled by default, creating instantaneous security problems for their users within minutes after their first install.

Other versions of BSD, like FreeBSD are a little more "open" in the number of default settings, but still it has a very good security response:

http://www.freebsd.org/security/

http://www.freebsd.org/security/advisories.html

Linux, unfortunately has far less effective security means, not because of anything "wrong" in it's core, simply because there is so many different distros that range from the "script kiddie project" all the way up to "Corporate International", you cannot put in the same basket distros like Knoppix, Debian, Gentoo, Mandriva, Red Hat, and Ubuntu (to name a few) together with a mis-known new "one man show" one.

And as well you cannot compare a "security oriented" distro with a "multi-media oriented" one.

It is also to be taken into account the kind of "activities" the user of a OS carries on.

Usually BSD users are computers experts that use the OS as Server, know perfectly the innards of the system and do themselves security auditing.

As well most Linux users (some kids excluded, the ones that use it just because it's a "hacker thing" ) have a more than average knowledge of the system, know about the dangers you are confronted with when surfing, etc.

Just like the BSD ones, users of the "Server" editions of the various Windows are knowledgeable network administrators and it's unlikely that they are running a not-up-to-the-latest patched version and go clicking senseless on whatever is moving on a web page.

On the other hand a large part of Windows XP Home/Pro and Vista (all versions) users, which are the more popular OSses currently, probably are people with a less than average technical background, largely unaware of the risks of clicking without thinking, likely to fall prey of spammers/phishers, etc.

Thus it does not make much sense to compare an OS with another without any information on the capabilities of it's users, what they actually do with it, how many hours a day they are running/connected to the net, and so on.

On the other hand, BSD and Server 2003/2008 machines are a much better "target" for malicious intruders, I mean who cares to put a trojan or backdoor that allows you to download all the personal files (possibly a few hundreds of family photos) of a John Doe?

Whilst getting your hands on the archives of a Corporation or a Government Agency may be considered worth the risk.

jaclaz

[cluberti]

5- Also, about the people part... Luckily majority of Linux/Unix/Bsd/Mac users are clever enough to not to let a virus spread itself to their system. The rest, those who'll gladly type in their password to install "shiny cursors 2009 pro" can't bother using such an operating system that'll ask passwords at so many stages and require custom driver editings, long command line installations and such.

I think we must understand - assuming that all 3 OSes are on "level" playing fields with 33.3% of the computing population, that means that the share of the 90%+ computer users using Windows that *would* get infected by wanting to install the 45 toolbars and games and "shiny virus but plays games app 2009 Pro Ultimate Virus version" (which you KNOW they're gonna install somehow) will now be using (at least 66.6% of them) Mac OS X and Linux, at relatively equal share. You move the sheeple to these platforms, and they'll be targeted. Period. No amount of kernel security short of not allowing people to have root, ever, for anything will keep the base OS secure. And, technically, simply infecting user-level apps is good enough to spread malware and viruses anyway - they don't always need kernel or root access.

[D_block]

i think we still thinking in the box here ppl, now facts mentioned above while may or may not being accurate ..

Look at it from the standpoint of say a web browser for instance : windoes=IE , MAC=safari, Linux=Firfox ..

now basically these 3 have there own which basically allows you to do the same thing, browse, download ,etc.

Now just as M$ issues its copies of office for both windows an MAC , if the virus of today basically came in three flavours to cause the same noted behavior patern, weather it is to slow down, or restart or crash.....

As a technician which would you probably think would be the easiet or atleast the prefered OS type that you would deal with , fresh install being your last option

think of it as , there are 10,000 virus for windows , linux and MAC , which basically cause them to do the same thing, like a ferrari with a flat tyre and a nissan sunny with a flat tyre !!

[cluberti]

As a technician which would you probably think would be the easiet or atleast the prefered OS type that you would deal with , fresh install being your last option.

Honestly? Windows. It's easier to repair, has FAR better logging functions, and is easier to back up and restore if the options leave you with no other choice.

[CoffeeFiend]

Look at it from the standpoint of say a web browser for instance : windoes=IE , MAC=safari, Linux=Firfox ..

Nah. Not everyone on Windows uses IE. IE has a < 70% market share by this month's stats while Windows has like 90% of the market. People aren't forced to use the default apps shipping with the OS.

now basically these 3 have there own which basically allows you to do the same thing, browse, download ,etc.

At the fundamental level perhaps. But 1 app alone having a few somewhat equivalent apps on other platforms means nothing at all about anything.

As a technician which would you probably think would be the easiet or atleast the prefered OS type that you would deal with , fresh install being your last option

Easiest or preferred? Hmm, I'd go with the one that runs the software I want & need, and today that's Windows, by far.

Also, I find it far better to fix Windows as well (like cluberti said). From the startup options (safe mode, last good known config, etc), various tools built-in (from regedit, to system restore, to command line utils), very handy options for when something breaks (e.g. the driver rollback), easy to use debugging tools (windbg and various tools), having WinPE and such discs available, top of the line tools like the Sysinternals suite, logging and tracing tools, etc...