Archive of UserLand's first discussion group, started October 5, 1998.

Re: Unix and Email Viruses

Author:Sidney Markowitz
Posted:6/16/1999; 10:10:26 AM
Topic:Unix and Email Viruses
Msg #:7444 (In response to 7409)
Prev/Next:7443 / 7445

The Robert Morris, Jr. worm just about brought down the Internet, years before Melissa. The 'net was a lot smaller then, but in terms of percent of machines affected, the Morris worm was a lot more devastating than Melissa.

If I were to be kind to Gosling I would guess that he made a reasonable statement about Unix being more virus-resistant than Windows and the journalist did the usual garbling that one sees in news articles. The less kind interpretation is that Gosling stretched the truth to take an opportunity to flame Windows in public.

True, Unix is less vulnerable than Windows to security exploits that take advantage of Windows lack of sandboxed user processes and separation of administrative level and user level access to resources. But all that means is that one uses different methods to mess with a Unix system.

There are a whole bunch of Unix systems sitting on the Internet running server processes that are listening for input. That's a potential vulnerability that most people's Windows systems do not have. There are a whole bunch of security alerts and patches that many sysadmins have not bothered to read and install. There is free security software to test one's own systems for these vulnerabilities -- Or that someone else can use to search the Internet for systems that have not been secured.

I see no technical reason why someone has not released another Internet worm at least as bad as Melissa -- Not an email attachment, but some other exploit of known server software bugs. Gosling gets to be smug about the antiviral advantages of Unix only because Windows has the market and therefore the bulk of the attention of people who release the worms and viruses.

There are responses to this message:

This page was archived on 6/13/2001; 4:50:50 PM.

© Copyright 1998-2001 UserLand Software, Inc.