CyberKnights Logo, click for background info Random banner image

CyberKnights

Modern tools.
Traditional dedication.

Previous page Home | Purpose | Linux | Products | Legality | Special | Downloads | Articles | Contact Next page

Virus!

Viruses! Hah! What are they good for?

We all know the answer to that!

Anyone not living under a technical rock also knows that Linux is also pretty much immune to viruses - yet at Linux-based CyberKnights, we filter our email anyway. Why?

Until filters were installed, CyberKnights (like everyone else) was bombarded with spam & viruses. It got so bad that our managing director was seeing up to a thousand junk mails in his oldest account, per day, about a third of them viruses on bad days. Since these same viruses began establishing a global network of spam “zombies” as part of their payload, both spam & virus messages have flooded in. Despite being a small company, our main mail server sees a spam message every few seconds & several viruses a minute.

Even just deleting all of that junk takes time, to say nothing of the risk of deleting some vital message smothered in the rubbish. There’s also the risk of someone in your staff actually responding to one of those messages.

No individual spammer is going to give up his money-making habit. After the flood, no raindrop will admit responsibility. We could find & sue them one by one (it seems likely that in some places people just visit such sociopaths with a baseball bat), but that’s too expensive & slow. We needed another method.

So we installed AMaViS, SpamAssassin and ClamAV on that Mandriva Linux mail server. Instant farewell to about 95% of the spam, & 100% of the viruses! SpamAssassin learns when we send it the few spam which escape, so that 95% is constantly improving. Would you like your business to be as safe? Join our growing community of defended sites.

Viruses & Microsoft’s Windows

One thing which becomes painfully obvious in the lists of viruses, worms & their capabilities is that they practically all run on Microsoft Windows.

In fact, the few CyberKnights customers who have had major issues with viruses, spyware & the like have all run MS-Windows workstations & in every case either one of their staff visited a dodgy web-site with MS-Internet­Explorer or read an unfiltered email with MS-Outlook. CyberKnights can add virus filters to email servers we set up & can arrange for a filtering web proxy at sites we set up, but the most effective basic defence is to use different programs.

An argument has been made that this is simply because MS-Windows is the most common desktop platform, but if the argument had any merit the Apache web server, which caters for over two thirds of all web sites in the world, would surely be attracting the most worms. Yet day after day your webserver (or intelligent firewall) logs will be showing attacks aimed at Microsoft’s IIS web server (which supports less than one quarter of the number of sites) not attacks aimed at Apache.

Similarly, Microsoft & their fellow travellers argue that since Linux (& Mac OS X) account for only 5% of all desktop systems (each) they attract hardly any viruses. This at least sounds reasonable until you discover that Linux has something like 0.05% of the number of viruses & worms attacking it, & all of those are obsolete. Worse than that, most Linux systems do not have per-seat or per-machine licence costs, so many more Linux systems are installed than sales figures might suggest, perhaps as many as three times the official installed base.

Viruses & the Linux community

So why is Linux so much stronger in the face of viruses?

There are several factors involved, but three of them stand out: motivation, robustness & diversity.

Linux & motivation

When Microsoft write email clients, a significant part of their motivation is to make them attractive & simple to use for the purposes of leading more customers into their fold, & another is to lock people in to using them, with the idea of making it difficult to switch to or interoperate with a competing product.

Such interoperation as exists is geared towards making the adoption process easier, not the abandonment process.

When an Open Source author contributes to an email client project, they typically do it to make the product more effective for themselves, & to make it interoperate better with other software.

Since many of the authors have to defend systems against attack & repair systems which have already been attacked, security is forefront in their thoughts.

The same people often have to spend their days answering inane questions about obscure or broken features of other people’s software, so they are also motivated to produce a product which is obvious & reliable in its operation.

Finally, these people are often called upon to solve interoperation problems, so they not only know how it’s done, they also have a reason to adhere to well established standards so that at least their product’s side of any conversion is straightforward & surprise-free.

Linux & robustness

If it doesn’t break, the author doesn’t have to fix it.

Linux & diversity

Within the realm of file & protocol standards there is room for an enormous amount of diversity. Because a typical Open Source contributor is not being employed by a company with uniform policies, their self-expression is much more able to come out in their work. The corollary is that there is more variety available for users to select from, & they will.

A virus author facing not one or two ways of breaking out of his email universe & taking over a system, but scores of them, will with good reason throw their hands up in despair & retreat to a more vulnerable system.

In addition to great variation among individual programs, a Linux-based virus-exposed network application of any kind is more likely to be running on a less mainstream processor, such as a PowerPC derivative, a Sparc chip, or one of the 64-bit x86-ish processors in 64-bit mode. This does not bode well for a virus aimed at only one processor.

Summary

If you want to be effectively immune to viruses, run Linux on your desktop. If you don’t want to even be bothered deleting them, run Linux on your servers, & feed your email etc through one of the many purifiers available.

If you want to avoid contributing to the huge collection of machines being used as spam-relay “zombies”, run Linux instead. Contact CyberKnights & talk to us about how.

There is sufficient light for those who desire to see,
and there is sufficient darkness for those of contrary disposition.
— Blaise Pascal, Pensees 149

Last changed: 09-Sep-2008 10:29:31  Find out who links to this page. Verify for yourself that this page is pure, standard HTML, not Ruby.

[Powered by QWant]   Translate into     Linux™ Powered

No software patents! If you would like us to read email for USD$1000 per page, payable in advance, send it here.