oldtimer said:
Explain to me how Linux/BSD negate the need for an AV.
ok.
lets use a couple examples:
1. you go on download.com and grab a free cd ripper and a new desktop theme. unbeknownst to you, the theme contains a rootkit. you are then used as part of a ddos attack, as a proxy, or a file server etc etc.
does linux have rootkits? there have been some yes. last i checked, there were exactly 4 working trojans for linux. i would bet, in all honesty, that bsd doesnt even have that. so even if youre using older software, you have maybe 8 things youre vulnerable to.
how do you get them?
not easily. as a matter of fact in all my years learning about and using linux, i have yet to find someone who was infected. the most likely way is a local infection, that is someone finding an exploit that works on your system, then introducing it via cd or floppy. this requires some research or blind luck, so as you can see its not easy.
repositories like debians apt-get, which is what simplymepis uses as well, are throughly checked and rechecked. unless you add a repo thats set up to be a trap, youre very unlikely to get it this way.
as i said, ive never ran into anyone who was ever infected.
but, being conscience of the very remote risk, i do have a firewall and an AV, as well as 2 rootkit programs. just in case my box ever acts funky, i could run those. it just never has.
linux is open source software. the linux kernal has less than a fifth of the bad code than does a fully patched windows xp pc. its mainly those flaws that enable many of the problems of windows. these flaws arent as pronounced in linux because of the 10000 ppl that maintain the linux kernal. i didnt typo, i said 10 thousand.
2. Linux has no spyware.
you can surf all the porn sites you want. you will never get spyware. the worst thing you might get is a tracking cookie, and even that isnt a regular occurance. same goes for BSD as far as i know.
3. the linux/bsd desktop market is about 2%.
and that 2 percent is split up over RPM based distros, deb distros, whatever slackware uses and whatever gentoo uses. then on the bsd side, you have 3 different types of bsd. each of the types have at least 6, and some several dozens, of distros underneath the top hierarchy.
its simply not worth the time of a hacker to set up a trap for something that might have an actual userbase of .25 percent worldwide. additionally saying that theres a likelyhood that only a couple hundred of that type might ever come to the website. for those like lop.com who sell there spyware, it still doesnt make sense. windows dominates, so windows gets nailed. dont use windows, dont get nailed.
4. what are the most common vulnerabilities for bsd/linux?
programs. this goes for windows, unix, bsd, mac osx etc. i cannot recall of a case that it took more than 2 days for a given vendor to repair a vulnerabilty that was serious. i say serious, because the cross platform firefox browser has a couple code flaws that make it a memory hog is left running for long periods. simple to take care of and not a threat.
5. so youre saying linux/bsd cant be hacked?
not at all. but good luck with linux, and forget bsd.
most ppl out there doing port scans are looking for windows OS. theyre easier to work with, and theres hundreds of millions of them out there. of a port scan returns a result of a linux/bsd platform, most ppl will keep on going.
basically the ppl who can hack linux/bsd wont. either there security testers or other professionals. or theyre looking to hit corporations and govts, not home users.
the most common way to get linux hacked is through social engineering. and thats not a fault of the software, thats yours.
also, every linux distro ive ever tried almost forces you to make a user account so you dont run as administrator [root]. what little can be done as root is even less as user.
whoever said linux isnt user friendly is wrong, to a large degree. alot of ppl get told dumb shit advanced distros, jump in, and cant even get on the internet. NO ONE should ever use straight debian, gentoo, or slackware to start off on. and no one should ever, IMO, use any of the BSDs to begin with. thats asking for a broken keyboard.
as a matter of fact, i dont see why anyone would need an advanced distro just to putter around the internet on. or play music or movies, emulation etc.
if youre used to windows, there is a slight learning curve for linux. however, the reverse would be true too.
but, spend about a week with linux and youll have it almost entirely figured out for bbasic needs.
i dont have to hunt around for drivers. my pc doesnt slow down the fuller my hard drive gets. never need defragmentation. upgrades are free. no registration. no denial of services for a bogus registration number. no DRM [digital rights management] which means i can almost always do what the hell ever i want to any cd or dvd.my distro comes packaged with a cd ripper and burner. it has the option of a dvd burner too, if i had a dvdr drive. office software. built in games. etc etc. all free.
i never even have to hunt down a program. i open up synaptic and search from over 18 thousand programs right there. i can upgrade from there too.
theres very very little i cant do that windows can, but theres a whole lot i can do that windows cant.
the only time i would warn against jumping to linux is if youre a PC gamer. there are a couple pc games that have linux versions, or can be otherwise played on linux. but thats not many. but if you dont play pc games on your pc....
are you an snes/genesis/nes/sms/tg16/neogeo/etc emulation fan? there are emulators for linux, most of them copies of the windows versions youve played. some of them actually started out on linux lol.
linux, and as far as i know, bsd, also have no intent on going along with the trusted computing movement.
