Cisco Working to Block Viruses at the Router 369
macmouse writes "The San Francisco Chronicle has an article about Cisco and Anti-Virus companies working together to block viruses at the ISP (Router) level. It sounds like they will be using traffic shaping to block malicious traffic. Looking at it in an negative light however, it might mean that your required to have anti-virus software installed in order to use the internet. This can be a *big* problem for *nix/mac users which normally don't need or use AV software. Not to mention, being forced to purchase software from 'company x,y or z' in order to get online, regardless of platform. Hopefully, this is not going to happen."
And you though the internet was slow now (Score:2, Insightful)
Re:And you though the internet was slow now (Score:3, Informative)
http://www.cisco.com/warp/public/63/nbar_acl_co
Of course, given enough traffic you could become CPU bound. Then you'll have to buy a Juniper
Re:And you though the internet was slow now (Score:4, Informative)
NBAR Restrictions
When using NBAR with the methods in this document, note that the following features are not supported by NBAR:
More than 24 concurrent URLs, HOSTs or MIME type matches
Matching beyond the first 400 bytes in a URL
Non-IP traffic
Multicast and other non-CEF switching modes
Fragmented packets
Pipelined persistent HTTP requests
URL/HOST/MIME/ classification with secure HTTP
Asymmetric flows with stateful protocols
Packets originating from or destined to the router running NBAR
The worst virus is the antivirus software itself (Score:5, Funny)
I have a much more comprehensive scheme for identifying viruses anyway. I have modified my OS to pop a dialog for each incoming letter and verify if I want to accept it or not:
You have received the letter "G" from IP address 192.132.54.99 on port 492.
Some viruses are known to have the letter "G".
Would you like to accept it?
Yes No
You have received the letter "r" from IP address 192.132.54.99 on port 492.
Some viruses are known to have the letter "r".
Would you like to accept it?
Yes No
You have received the letter "e" from IP address 192.132.54.99 on port 492.
Some viruses are known to have the letter "e".
Would you like to accept it?
Yes No
Re:impossible to stop viruses on windows for idiot (Score:3, Funny)
Re:And you though the internet was slow now (Score:3, Informative)
Re:And you though the internet was slow now (Score:5, Informative)
"Traffic shaping" is a fucking joke right now. It's just a half-ass measure to get the low hanging fruit only. You don't know anything about protocols. Each OSI LAYER, eh? Who cares. How are you going to distinguish the individual files infected with viruses being transmitted if they use a proprietary protocol or compression or encryption of any kind.
Simple. According to the article, and the post you replied to, they are not even going to try something as incredibly stupid as that. Instead, they will require authentication according to their own protocol which will allow them to determine whether you have antivirus software. Traffic from hosts without virus protection can then be treated differently than traffic from host which have it.
As to Michael's comment about this requiring people to use Windows on every host, that's just silly. Cisco themselves use BSD and their customers are heavy into real OSs like Solaris, etc. They are not going to stop traffic from such hosts, even by default. I would be willing to bet that they are going to work in some way of identifying the type of host that they are getting the traffic from, and therefore allowing the administrator of the firewall to give Linux, Solaris, et al a pass in such cases.
Cisco firewalls are not your little linksys router from Fry's or that 386 running OpenBSD over in the corner. They have pretty powerful hardware and very flexible software. You can construct some pretty neat rulesets and do very clever things, so this kind of thing is honestly not a surprise and certainly not beyond their capabilities.
Hard to take hold (Score:2)
For the simple reason that the average Joe would be forced to at least consider security or not get online, this is helpful.
Re:You cannot possibly keep up (Score:2)
by making clever rulesets for the thousands of new viruses every month. The virus would have already infected your network by the time you handcraft one rule. Look at the shortcomings of the Cisco router rulesets. It's a joke. They only catch the low hanging fruit at best.
No, again, that is not what they are doing. Why don't you try reading the posts you are replayiung to, or maybe the article?
They are not trying to filter the viruses. They are authenticating host traffic by checking whether they hav
Re:You cannot possibly keep up (Score:3, Informative)
real great solution, what happens when i get that user that has win95 and a version of norton just as old. Your computers says "Hey big boy I have some super spanky AV installed. Let my mail through!"
"Duh! ok boss"
Great that they're tying something new, this just doesn't seem to hard to circumvent.
Win95's old Norton will not be able to authenticate to this system. You will have to buy the brand new sofware that ties into teh validation system. If they do this the smart way, that will include checking
question (Score:4, Insightful)
xao
Re:question (Score:4, Informative)
"The system under development will allow a computer network to check the safety of incoming traffic. Any device trying to connect to the network will be checked to see whether it has security measures already in place. Those that don't can be denied access, shunted off into a quarantined segment of the network or forced to download a security program. "
Re:question (Score:2)
You know, they might just be checking for various exploits. For example, it might detect your version of IE and railroad your TCP request if you have the DSO exploit, or it might let you know if you have a vulnetable version of MSRPC. Similarly, it could check your OpenSSH version. Though I doubt it will.
Uh (Score:2)
Re:Uh (Score:4, Interesting)
Speaking as someone who was nearly infected by a Linux worm through a BIND exploit, I can confirm that such things do exist and are in the wild.
The worm in question attempted to install a back door into my machine and was foiled by the greatest security measure ever taken: not having a LF on the end of
Re:question (Score:2)
http://yro.slashdot.org/comments.pl?sid=86514&cid
Re:question (Score:2)
http://yro.slashdot.org/comments.pl?sid=86514&cid
Re:question (Score:2, Insightful)
The submitter is interpretting this to mean router will block any computer that can't say "I'm secure," But I think in reality it means that router will block any computer that seems to be doing bad thing.
Re:question (Score:5, Insightful)
I wonder if this is the next step in the "Trusted Secure Computing" world? Routers won't accept traffic from non-trusted computers?
Re:question (Score:2)
I suspect these companies wouldn't be so foolish to make it that simple (but you never know). Off the top of my head, I was thinking they could do something like:
1)When a first request is received from a computer, the router sends a random challenge text to the computer on the port where the AV should be listening.
2)AV software forwards this challenge text on to the AV company's website (here the router would have to be able to ide
Here's a much simpler system: (Score:2)
Anyway, how would the AV company even know if the machine was running the "real" software in your scenario? It wouldn't anymore then the router. The entire concept of checking for AV software is rediculous. They only mentioned "security mesures", they probably consider running Linux or MacOS a security mesure in and of itself like most people do. Only the most deranged person in the world would consider restricting a network to windows machines would be a g
Re:question (Score:2)
I think the more correct term would be stateful packet inspection [webopedia.com] whereby the contents of packets are checked, rather than shaped. This would allow the router to see if there was "phone home" software on the client attempting to do somethign nasty.
:)
However, I am likely to be corrected
Re:question (Score:2)
You don't normally want routers to be doing that too much due to overhead. More likely, this will be some bullshit idea that makes the machine attempted to obtain an IP address provide some type of cookie-like mechanism or some type of challenge-response handshake to indicate to the router that IP W.X.Y.Z has been Ok-ed.
It won't solve the problem.
More likely, this is a trial ballon to judge level of opposition to the entire idea. Personally, it fucking sucks to
TRUSTED COMPUTING ALERT! TRUSTED COMPUTING ALERT! (Score:4, Insightful)
However, the technology won't work unless security software can tell the Trusted Agent application the current state of security on the computer or mobile device.
"This important problem can't be addressed individually," said John Thompson, CEO of Symantec. "Collaboration is a must."
The technology might also spur sales of PCs and devices that use trusted-computing hardware--controversial technology that uses encryption, special memory and security software to lock away secrets on a PC from prying eyes.
To lock away secrets on a PC from the OWNERS eyes! &%^#@! Trusted Computing!
Symantec Corp. (Nasdaq:SYMC), today announced that it has joined forces with Cisco Systems to provide solutions that restrict network access to only compliant and trusted client machines including personal computers and PDAs.... Out-of-compliance machines may be denied access, quarantined, or sent to a separate location for remediation, while machines in compliance with the organizations' set policies will be granted access to the network. [businesswire.com]
Trend Micro, Inc. (TSE:4704) (Nasdaq:TMIC), a leader in network antivirus and Internet content security software and services, today announced its support of the new Cisco(R) Network Admission Control Program [businesswire.com]
THREE major router companies, Cisco, Symantec, and Trend Micro, are ALL supporting this inititave to lock non-TCPA computers out of the internet! #@%^$!
If you are running Microsoft Windows you will be locked out of the internet unless you are running Palladium. If you are running Mac or Linux or anything else, you will be locked out of the internet unless you are running a Mac or Linux version of Palladium.
I have repeatedly said in Trusted Computing discussions that sooner or later people not using it would start getting locked out of parts of the internet. Silly me, I thought that more and more websites would start using it and simply not serve you a page unless it was encrypted. I never considered that the basic internet hardware itself would deny you any connection at all! This is INSANE!
The problem with Turusted Computing is easy to fix. There is absolutely nothing wrong with new hardware, but the owner has to have actual control over his machine. The owner MUST have his key. He could receive that key on a printed peice of paper, or he could get it somehow during the Take_Ownership command. There is no POSSIBLE justification to deny the owner this information. There is no POSSIBLE way that the owner could lose any protection. The hardware could be identical, therefore the hardware can do everything it could before. The only difference is that the computer can no longer be hijacked as a weapon against it's owner.
This trivial difference preserves EVERY claimed benefit of Trusted Computing and eliminates EVERY possible abuse of TCPA. Those backing Trusted Computing will NEVER permit such a change in the system because the very purpose of Trusted Computing is to enforce DRM and other abuses.
-
nmap on a router? (Score:5, Interesting)
If it finds issues then it will drop you from the network or block that port / problem.
Rather than check if you have the latest version of norton installed..but perhaps I read it wrong?
This is nothing new (Score:5, Informative)
The way I read it, their marketing department has just found out that LinkSys (now Cisco's subsidiary) has had this functionality for years now, where the cheapo firewall routers can be configured to not give access to the outside unless certain AV software is installed on the host. So it's marketed as a new innovation -- there's probably half a dozen patents filed for it already, plus a bunch of different names under which this can be marketed.
Problem is, it doesn't work except in very specific and small homogenous installations.
Regards,
--
*Art
Re:nmap on a router? (Score:2, Interesting)
No, desktops would have SW agents (Score:2)
Re:No, desktops would have SW agents (Score:2)
Re:nmap on a router? (Score:3, Interesting)
From what I've heard, it's some kind of 802.1x extension which takes the patch status of the system into account. It requires a fair deal of cooperation from the host, and we'll see if it makes a difference. I'm sure malware will be adapted accordingly if there's widespread use of this functionality.
The "scan before connect" idea has already been implemented by the NetReg [netreg.org] p
Implications? (Score:5, Interesting)
Re:Implications? (Score:4, Interesting)
Then again, that might be just "Doesn't this shiny metallic hat look good on me?" talk.
Re:Implications? (Score:3, Insightful)
As for already compiled files ? We'll need a bit more information about what this AV will do, but I rarely send just one simple
Re:Implications? (Score:2, Insightful)
Re:Implications? (Score:2)
Router/ISP-level virus blocking should only apply to themost prolific virii, which would probably have self-executing code in them..
LAN Systems (Score:4, Interesting)
Re:LAN Systems (Score:5, Insightful)
"Access to 'HP LaserJet 8000' on 10.16.2.88 denied. The Cisco DRM system has determined that this host listens to ports (80/tcp, 135/tcp, 515/tcp), but does not run approved virus protection software." Yes, I can imagine explaining that to a vice president at 7am...
Regards,
--
*Art
Questions (Score:2, Insightful)
Protection by proximity (Score:2)
Mac users and *nix users need not worry as long as enough routers are configured and maintained to filter viruses
We kinda do this at Rutgers (Score:5, Interesting)
Use a Blackhole Router (Score:3, Informative)
Re:Use a Blackhole Router (Score:2)
uRPF was originally designed to prevent IP spoofing by attaching it to edge interfaces. It can then be crowbared with the blackhole system to also drop traffic to and from a specific IP.
email me at rhayden@nospam.geek.net and
Why not just stop people using their own PCs (Score:2)
machines have been set up correctly. Computers are not (yet) such a vital tool at uni that students need to be online 24/7, in fact I did a comp sci degree and didn't even OWN a computer
much less have one plugged into the internet in my friggin room!
Perhaps no software needed... (Score:5, Insightful)
However, if this original check is just done by some network secutiry checking (ie. looking to see if there is a vulnerable version of SSH or a misconfigured IIS etc) then all that would needed to be done would be to fix the potential exploit rather than install a piece of client software.
Potentially, this would just be like running nmap and other similar tools against the machine in question to test it out fot net-worthiness.
It could also check for open mail relays, which could help in the Fight Against Spam (tm).
D.
Re:Perhaps no software needed... (Score:2)
What I imagine that they are tackling is the problem of people connecting to the network without the latest patches and virus definitions installed. New installs and laptops tend to bite you.
The way I would implement it would to have a server machine sitting on the network, providing
How about DOS attacks? (Score:2)
Routers are transparent to end systems (Score:4, Interesting)
End systems are not affected by routers dropping IP packets with harmful content. All what end systems see are IP packets. They may see less of them, if filtering is enabled on the router, but the packets have nothing special about them that would need AV software on the clients.
But, a router doesn't always have to drop packets. It could tag them with a special marker, and clients could then react accordingly, e.g. by dropping them in their TCP/IP stack.
This could be somewhat similar to what SpamAssassin does, when tagging spam mail with an X-Spam header. It's up to the mail user agent to decide what to do with mails tagged that way.
WHAT?!? (Score:2)
WHAT?!?
I'll give someone a few bucks to help rid the entire planet of the crap that's out there. I don't know about you, but I'm sick and tired of ridding my clients (and freinds, family, etc.) of all the bugs they get. If the ISP's can stop this crap at the routing level, man, I'm there. I'll happily pay the extra few bucks a month/year to make EVERYONE'S life easier.
Yes, I use Linux (Gentoo represent!), but what's your point? I got a great OS for 100% fr
I work for an ISP... (Score:5, Insightful)
Re:I work for an ISP... (Score:3, Insightful)
I work for a private university and during the luvsan outbreak even with all the interdepartment routers blocking it's traffic we still ended up with rampant infections.
The PHBs wondered how on earth that could happen... come to find out it was one of them... with their laptop and wireless card. They weren't even using the network at each location they went to
Re:I work for an ISP... (Score:2, Interesting)
Re:I work for an ISP... (Score:2)
Re:I work for an ISP... (Score:2)
Re:I work for an ISP... (Score:2)
But you can argue the other way.
All a router does is inspect a level of the network layer, pulls out some data, and pushes the traffic depending on that layer. So what's wrong with a router or switch inspecting one layer more? Routers and switches already do it on the mac and ip level. Nothing wrong w/ inspecting the applica
Re:I work for an ISP... (Score:3, Interesting)
Agreed, but I don't think we'll get a *complete* solution to this until MS un-activates all of their APIs and rolls new ones out to the existing 9x-XP desktops. I think they can see the handwriting on the wall about this (and that's really why Linux and DRM are so important to them right now) but they are slow to implement the changes, let's face it, their entire corporate business model is strategerized around making it easy for developers to script, code and remotely activate EVERYTHING, and this is a con
Lame (Score:2)
Secondly, this is a good idea, so long as it's implemented only at gateways to private networks. Signature based filtering is bound to block some legit traffic, and network admins need to keep that in mind when implementing this kind of functionality.
Third, Cisco routers already do this to some extent. You can bl
different approach that may just work (Score:3, Interesting)
Would never work. (Score:2)
Possibly Misleading Headline (Score:2)
Not a well written article though. Quite short on technical details; my interpretation could be wrong too.
Cleetus
Security measures (Score:5, Interesting)
I just gotta wonder if this is going to look for any response on certain ports like 135-139, or if Cisco is specificly going to check for a proprietary response from the products of Network Asc, Symantec and Trend Micro?
What it ought to do is a TCP fingerprint and look for any Microsoft Windows operating system.
Re:Security measures (Score:2)
QED
Re:Security measures (Score:2, Insightful)
From what I've heard from Cisco (yesterday), it sounds like it is probably a proprietary response from the specific applications-- including Cisco's Security Agent, too, so you can't let the unprotected users get on (and infect) your internal network.
I don't think Cisco's dumb enough to set it up so the response could be so easily faked. So it will take time to figure out how to, er, emulate those proprietary responses (*grin*).
The OS fingerprinting is coming, too, a little further down the roadmap-- a
VPNs & encrypted email a risk? (Score:2)
VPN and encryption users could protect themselves with other virus filters (or virus filtering on internal routers that handle plaintext). But, we all
I don't mind this (Score:4, Interesting)
Would make computing much more secure.
It's still annoying for Mac/nix users to get thousands of annoying virus emails from their windows friends (if you can call them friends).
Every product normally starts out with 1 company producing it... if it's good, normally clones come about.
RTFA: This isn't about blocking traffic... (Score:5, Insightful)
That is way veeery different. Stations will be ENFORCED to have installed this software in networks with this scheme. WTF???
It might even work. (Score:5, Insightful)
It's entirely possible this article and the security program is directed at Windows users only. Neither Cisco or the Anti-virus vendors are malicious enough (IMHO) to block Unix/Mac boxes because they don't need the anti-virus software the companies sell. The wild internet frontier of email-address-confirming porn and Gatorware is probably here to stay.
It's also possible they might figure out a way to block certain version of programs, say WuFTPd, from having an unsecured link to the outside world. This could help prevent a university network being used as a DDOS tool because a student didn't upgrade his ftp server. Or a mail server which doesn't smart-relay through an authenticating server to stop student PC's spamming.
It's not always a virus that brings a network down. But when a university is forced to print 10,000 CDs with anti-virus and windows worm-removing tools to give to new students (who aren't allowed access to the university network if their box looks active on port 137) this might look like an alternative.
The evil that it does bring is in the form of anti-Free networking, where Linux boxes are used to form cheap routers and gateways, without a Cisco(R)-Symantec(R) licensed monitoring system, your access to the larger internet may be limited by your upstream provider, ala Verisign certs.
This system is probably for the intranet users to stop an OE/ IE virus bringing down their system before the poor tech guy patches the boxes.
Evil Bit (Score:2, Funny)
issue by appending the "Evil bit" to the
virus packets
DRM ? (Score:2)
Cisco, Network Associates, Symantec and Trend Micro will develop a new system for protecting networks against infection. The system, which the four firms hope to start selling early next year, will be able to block network access to any computer or device that doesn't have its own security measures in place.
Isn't this sort of DRM related ? "it's own security measures in place". Don't like the sound of that...
Anti-Virus software cuts the speed of your system. (Score:2)
Anti-virus software cuts the speed and responsiveness of your system when starting processes in HALF. As a person who is always starting and stopping tools and utilities and apps, putting in AV would be a big no-go for me.
I have a real firewall and a DSL Router, I don't use Outlook nor IE, my systems are patched, and I know how recognize the trust level to place in places I visit on the web and to scan every single thing I download from the net and save to my HDD before I toy with them.
I've been on the n
Good idea.. (Score:2)
And no reason I can see why every one should have AV software because of this..
This is targeted at corporations (Score:2)
It seems more like
- It is targeted at corporations who need to deal with more than just one entry point to their network, some of which are currently hard to deal with (VPNs from badly-secured home PCs, legacy dial-up access, laptops that have connected to other corporate networks and/or the Internet).
- The idea seems more like having some sort of automated verification
If a site is so MS-centric (Score:3, Insightful)
Cisco NAC (Score:2)
This systems used a piece of code called the "Cisco Security Agent", in standalone, or as part of certain AV software, to check the configuration of the pc, prior to authenticating to the switch, for access to the network. Port authentication is already available today, so this is a natural extension of the 802.1X technology.
Once the 802.1
This is actually a BAD thing. (Score:2, Insightful)
As soon as that model is compromised, you have a new source of uncertainty every time you have to debug a network problem. When packets don't make it to their destination, is the problem a firewall at this end? Or at that end? OR - new possibility - funky anti-virus software o
Not quite... (Score:2)
Stupid. (Score:2)
I'll say it again. A router's job is to ROUTE PACKETS. Nothing more, nothing less. If you want a firewall to keep virii out, get one. If your ISP wants a firewall to keep your virii off the net, TH
Ummm, no. (Score:2)
Ummm... no. YOU won't have to have any installed, your ROUTER will. And, of course, that is IF somehow they make it manditory for routers to contain some sort of an anti-virus protocol, which in my opinion and probably many others will never be manditory.
For the Confused or Speculative . . . (Score:2)
Cisco's new offering serves as a checkpoint at the router or L3 switch level. Hosts incoming must pass a certain set of criteria (MD5 hash of approved AV running, sig file at certain level, hotfix X installed) before they are allowed to pass. While previously used to protoct remote users (Aventail [aventail.com] and Checkpoint [checkpoint.com] are good examples), Cisco is moving to
No AV on max/*nix? (Score:2)
Prediction... (Score:2)
In the future, ISPs will no longer sell "Internet connections", they will instead sell AOL'esque access to the web and email. The access will be filtered against viruses, SPAM and will include parental controls and complete usage monitoring (which will deter kids from circumventing parental controls).
People will pay money not to be SPAM'ed and not to have to worry about protecting their machine all the time. This will protect the net from most unprotected Windows machines.
For home-workers, Cisco and s
Problems... (Score:2)
> This can be a *big* problem for *nix/mac users which normally don't need or use AV software.
I don't think most major ISP would leave Mac users out in the cold, but I could easily see where they would give two rips about Lunix users (or require they upgrade to a "business" account which support such operating systems that were design to be used as "servers"). What I am more concerned with is freedom of choice:
> In an unusual alliance among staunch competitors, Cisco Systems will collaborate w
Only "appoved" Systems (Score:2)
Be it hardware, OS, App software, tools.. your TV....
And if you even TRY to run something else, your connection is severed, and the proper authorities are notified of the then illegal act...
Yes, you will call me paranoid, just remember this in 5 years when it takes place... 10 Years ago people scoffed when I suggested 'data police'.. Now look, people are jailed for
This is called client compliancy.... (Score:3, Interesting)
Saying that ISPs will start requiring it is purely speculation and sensationalism.. Oh wait, I am on Slashdot.
Anyhow, just because a Mac doesn't get targetted for viruses much doesn't mean you shouldn't run antivirus software. What happens the day a Mac virus DOES get out in the wild? The same goes for *NIX systems.
And, umm, yes, a Linux machine can be susceptible to Windows viruses. Think about a MS Word macro virus if you're using CrossOver Office and happen to have an infected file...
Disclaimer: I work for a major antivirus company. If you don't use our product, you should atleast have some sort of protection on your machine. There are some free alternatives, too.
yet another wrong approach (Score:3, Interesting)
I keep saying, the best way to reduce worm propagation is through a sanctioned smtp whitelist [slashdot.org] since most compromised systems use smtp as the transmission vehicle, and most originate from spontaneous, unauthorized mail relays that the worms themselves introduce.
As for other means of worm propagation, a compromised server would easily generate a typical DOS profile that a well-configured network should already identify and deal with, regardless of this client-server-extra-software provision Cisco is trying to impose, which would require constant updating and more money to maintain.
Eh? (Score:3, Informative)
The only way this does any good is if the Cisco has the *nix box prove that it is running AV software doing content analysis on the stream from the Windows box, or else software that relays to the Windows box the demand to show credentials. Either way this means that there will likely be a necessary licensing fee for AV or credentials checking software for whatever router you want to have talk to a Cisco.
Very clever. Cisco doesn't take the load on their hardware (except for the trivial task of demanding your licensed credentials), and forces you to license software from one of its partners, and to take the load on your hardware.
This is sort of like the police responding to a burglary epidemic by requiring all homeowners to install lead shielding on their doors and windows, with a kickback to the police atheletic fund for each shielding installation.
This is what we do at work: (Score:3, Interesting)
So that's our corporate customers. We also have qmailscanner filtering all our mail using F-prot (they have per-server licenses for decent rates, not the retarded per-client ones that would quickly bankrupt any ISP), which cuts problems on our ADSL network by about 75% or more. It's worth noting however that even with a 2.3 Ghz CPU, the server load is typically about 2.5 or 3.0 at any given time. This kind of scanning for the 150,000 messages a day we get would have been impossible only three years ago.
Would we start using a router like the one Cisco came out with? Hell no. 10% of our customers actually have a clue, and they usually pay for a more expensive internet account. To lose hundreds of our best customers over something like this would be stupid. As well, if we used a router that required a specific virus scanner (like our corporate customers have), it could alienate as much as 60% of the people who have already bought a virus scanner that *isn't* the virus scanner the router requires.
No. This is not something you subject the general public to.
Re:great (Score:3, Insightful)
To me the suprising thing are all the antivirus companies chipping in to this project. They have a huge industry based on Microsoft's poor coding and won't give it up. This will (may?) slow down current viruses but there will be new types appearing. These companies have shareholders to appease.
Re:great (Score:2)
To the extent that attitude exists (and it's not really as universal as you seem to think), it's because that's the only viewpoint that is productive. In the real world, who is "wrong" is less important than "who could have prevented it".
Blaming virus-authors won't help prevent viruses. Blaming someone for exploiting a vulnerabili
Re:great (Score:2)
It is Microsoft's fault for producing poor code. It is not Microsoft's fault for producing viri. Its seems to me -- honestly -- that there is a prevasive thought in the Slashdot community that it's the product's fault, not the exploiter's. Could any clearify this for me? The virus writer is more at fault right? I mean, Bill Gates may be the biggest bastard ever, and he may have even broken anti-trust laws, but does that mean that virus writers aren't equally or even more so wrong?
You have it there, bud
Re:Huh? (Score:2)
this will help with dealing with the large scale problem, you still have viruses that will get around these.
Corks in a Dam. (Score:2, Insightful)
Re:The reason... (Score:5, Insightful)
Bullshit. Could you describe how this would be possible? Is Pine or Balsa or [your email application here] integrated into the OS and have full access and scripting ability on your machine? Does it automatically run code and have the ability to add services to your computer that run automatically on startup? If this is possible I'd like to know how.
Re:The reason... (Score:2)
On the Linux desktop there is no software monoculture - not even close, and the important players are in general security concious, and thier source is open.
Re:The reason... (Score:2)
Just look at the Lindows [walmart.com] style of running everything as root!
(And, if Microsoft is wise, they could find ways to preserve application monoculture even if Linux displaces Windows on desktops. It's concievable that in a decade they might willingly retreat from the OS business and just write applications, which is where the big money is anyway)
Re:The reason... (Score:3, Insightful)
Granted there are security flaws in Linux, and they have been exploited, and there are probably vulnerabilities that noone has seen as of yet.
That being said, one of the distinct OS differences is that windows as an operating system that is homogenous by design, allowing a single worm to infect in a pre-determined way so that the likelyhood of mass infection is very high. Linux, on the other hand is heterogenous, I defy you to find identical email clients/serv
Re:The reason... (Score:5, Insightful)
Why the hell is this classical moronic Windows-astroturfer-tripe moderated as insightful?
Let me tell you something: we don't have to speak in what-if's; we can look at an actual situation: Web server market.
According to netcraft, the most widely used Webserver is Apache. Now, do you see any Code Red worms on Apache? No.
Do you see any Nimda worms on Apache? No.
Do you see any other kind of worm on Apache? No
So there goes this nice theory. Next time a windows user trots out the old line of "windows is the primary target of viruses because of market penetration", smack him right into the face!
Re:The reason... (Score:2)
But even if the argument were valid, it still speaks ill of Microsoft, or at least their customers. Customers should know better than to create a monoculture enviroment, if they want to be more virus-resilient.
If you only have WinXP computers, and someone discovers a bad XP exploit (XPLoit???) then of course every single machine in your organization is going to be toast.
Still, thanks for reminding me of Apache/IIS... I'm ashamed I didn't realize it myself.
Re:The reason... (Score:3, Insightful)
No, Windows(r) truely is less secure. Not for the reason many people think, though.
Windows is insecure because the OS developer is also the #1 applications developer. Most Windows exploits are from apps like IIS, Word, IE, and especially Outlook. But since Microsoft(tm) blends the applications into the OS, application exploits become equivalent to OS exploits.
Re:The reason... (Score:2)
No, No, NO.
The reason is NOT because Windows is more insecure, or easier to write viruses for, even if that is the case. The reason is the market saturation. 90% of the worlds desktops are running some 32-bit version of Windows, that's a helluva lot of machines to infect. People who write viruses with malicious intentions do it to bring down major infrastructure, and they can do this easily if they infect a few hundred thousand Windows boxes. And the more people that use Windows, the more viruses there w
Re:Censorship in the Router? (Score:2, Interesting)
How long before libraries are forced to use scary, sealed products with cuddly names like RouterNanny or RightRoute or PopCop? Where librarians can't adjust or override those kill lists?
Speare's right because the only way "virus scanning in