Cyber attack spreads worldwide

[phenest]

Not so closed as one might think and more to answer you questions.

I was going to sign that petition. I feel sorry for people using Windows 10.

[dasein]

Windows' installed user base for desktop machines is 3x the size of all other OSes combined.

What if it was the other way round...[W]ould these viruses/malware/ransomware succeed in the same way they have with Windows users?

The phrase "same way" is an invitation to imprecision and equivocation, so let's focus on the specifics you mentioned.

I guess that's a 2 part question:
1. Would it succeed with the OS?
2. If Linux and BSD was dumbed down more to reduce the learning curve, would it succeed with the users too?

Question 1 comes down to a matter of whether privilege escalation and arbitrary code execution vulnerabilities exist in Linux. They most certainly do. Many of them lie hidden for years before they were discovered. (So much for Linus' Law!) An hour at Google reviewing the history of such security issues in Linux is enough to give anyone pause.

Question 2 is a bit fuzzier. It assumes that Windows is "dumbed down" in some way that Linux is not. Is that perception affected, for instance, by the fact that Windows' default UI is a GUI? If so, then Linux is far more vulnerable, historically speaking, than Windows.

Any *nix GUI has historically required X, and X was applied retroactively and superficially atop existing core components (similar to the way Windows '95 was merely a GUI shell atop a base of largely unchanged MS-DOS). X is fundamentally insecure with a metric crap-ton of vulnerabilities all its own.

The vulnerabilities for which XP was (in)famous came down to a deeply flawed security posture; but every time a newb-ish Linux user talks about wanting to run as root 24/7, or presents "chmod 777" as a "fix" for a problem they encountered, they are actively recreating that flawed posture.

There is an additional layer of analysis available, one that focuses on design principles. But that discussion pretty much inevitably leads down a path directly towards systemd, which is a discussion I refuse to have for reasons I've articulated thoroughly elsewhere. (Some might say "thoroughly" is an understatement )

P.S. You say you feel sorry for Win10 users. Ironically, they are the only Windows users unaffected by WannaCry.

[phenest]

I guess it all comes down to the user again. There are those (I'm one) who would argue that Windows can be used without any antivirus or antimalware protection. I did it successfully myself for many years on Windows XP.

P.S. You say you feel sorry for Win10 users. Ironically, they are the only Windows users unaffected by WannaCry.

That was not about WannaCry. The petition in the video is to do with the telemetry sent to MS which cannot be turned off in Windows 10.

similar to the way Windows '95 was merely a GUI shell atop a base of largely unchanged MS-DOS

That's actually a myth. Windows '95 was not dependent on DOS except for 16bit driver compatibility only. You could not use DOS applications whilst using Windows, and vice versa. Windows '95 had its own set of libraries.

[dasein]

similar to the way Windows '95 was merely a GUI shell atop a base of largely unchanged MS-DOS

That's actually a myth. Windows '95 was not dependent on DOS...

I'm not gonna debate this tangential and utterly unimportant point with you, but I'd suggest that if you're going to go around making claims such as this, you best confirm them for yourself.

[phenest]

similar to the way Windows '95 was merely a GUI shell atop a base of largely unchanged MS-DOS

That's actually a myth. Windows '95 was not dependent on DOS...

I'm not gonna debate this tangential and utterly unimportant point with you, but I'd suggest that if you're going to go around making claims such as this, you best confirm them for yourself.

It's not a claim. If you booted into Windows '95, DOS was demoted to a compatibility layer for 16bit drivers. That's a fact. Perhaps you can show me proof of YOUR claim that it was merely a GUI shell.

[alan stone]

Oops... Microsoft officially confirms the NSA found, exploited and concealed the vulnerability that brought down factories and hospitals.

How are NATO member governments, cronies and the kakistocracy going to put the blame on Russia for this?

[dasein]

I don't think that its origin was ever in question. I think that MSFT's advocacy regarding the sheer stupidity of zero-day stockpiling is exactly on target. Good for them. If WannaCry is what it takes for folks to get that message, then I call "silver lining."

[n_hologram]

What if it was the other way round. What if 3 quarters (or higher) of the world's userbase was using Linux and BSD...

Then I would probably go back to stone-age materials and punchcards.
https://www.linux.com/learn/myth-bustin ... ne-viruses

nearly all malicious email attachments target Windows machines.

https://www.netmarketshare.com/operatin ... pcustomd=0

Windows 7: 48.5%
Windows 10: 26.28%
Linux: 2.09%

Windows is my current antivirus software. I hope the company maintains its market share.
But, as many users have said, *nix isn not immune. Heartbleed, for instance, rendered the whole "encryption obfuscates observation" luxury as an emperor's new clothes story, and that undiscovered vulnerability just lingered for god-knows-how-long. As dasein suggested, consult Google/Startpage for more. Linux receives its share of earth-shattering exploits, just not as frequently as Windows.

[acewiza]

Linux receives its share of earth-shattering exploits, just not as frequently as Windows.

The only thing shattered when this stuff hits from time-to-time is people's false sense of security. That is a good thing.

[ruffwoof]

Linux receives its share of earth-shattering exploits, just not as frequently as Windows.

The only thing shattered when this stuff hits from time-to-time is people's false sense of security. That is a good thing.

Perhaps that's why the likes of Puppy Linux desktop users who run everything as root, whilst oft said to be mad for doing so, are less prone to damage/attack. You can either think you're safe in a unsafe world, or take the complete opposite stance and accept that you're running unsafely and take other measures in awareness of that risk exposure. I guess if you treat your PC/laptop as being little different to a public PC and take appropriate measures that can be safer than thinking your PC is isolated/safe and being more blasé about security. Of the two the one who thinks they're safe is more inclined to the greater negative side.

Desktop PC ... operating system - easily replaced. Personal data/files - potentially invaluable, so keep secure (encrypted) and safe (physically disconnected backups).

[n_hologram]

Perhaps that's why the likes of Puppy Linux desktop users who run everything as root, whilst oft said to be mad for doing so, are less prone to damage/attack...

I guess if you treat your PC/laptop as being little different to a public PC and take appropriate measures that can be safer than thinking your PC is isolated/safe and being more blasé about security. Of the two the one who thinks they're safe is more inclined to the greater negative side.

Wouldn't that be akin to removing the doors in your house and becoming a self-taught Navy SEAL because someone might break in anyway?

[Hallvor]

Oops... Microsoft officially confirms the NSA found, exploited and concealed the vulnerability that brought down factories and hospitals.

Tax money well spent.

[stevepusser]

I guess the NSA really didn't have any secret backdoors built into Windows with Redmond's collusion, despite all the rumors.

Maybe this will quiet down the US government's continual cries to have these backdoors in all software, but I doubt it--many of our representative's heads seem dehyrated-rock-on-Venus dense. If a backdoor exists, it will be found and used for nefarious purposes; history shows that over and over again.

[ruffwoof]

Perhaps that's why the likes of Puppy Linux desktop users who run everything as root, whilst oft said to be mad for doing so, are less prone to damage/attack...

I guess if you treat your PC/laptop as being little different to a public PC and take appropriate measures that can be safer than thinking your PC is isolated/safe and being more blasé about security. Of the two the one who thinks they're safe is more inclined to the greater negative side.

Wouldn't that be akin to removing the doors in your house and becoming a self-taught Navy SEAL because someone might break in anyway?

Do you use a restricted user or sandbox for all web/external activity? If say your browser is breached and enables access to your data files at the same access level as what you invoked the browser with, how secure would your data/system be? One mindset accepts that risk and takes protective measures. The other mindset assumes safety where safety is far from assured.

[n_hologram]

One mindset accepts that risk and takes protective measures. The other mindset assumes safety where safety is far from assured.

I'm fairly certain this doesn't support the idea of running everything as root.

[edbarx]

It is somewhat difficult to avoid the temptation to 'blame' Windows users for using their OS of preference. However, certain circumstances exist which force computer users to use it even though they may prefer something else. Students and users of specialised devices that connect to a computer, cannot always enjoy the freedom of software and OS choice. I can mention my recent experience when I purchased a USB oscilloscope that I couldn't use under Linux. Kernel developers are still unwilling to allow Windows drivers, notwithstanding they know a portion of hardware manufacturers, do not want to write open drivers or publish enough technical data. It seems kernel developers do not want to admit the hard reality, that hardware manufacturers are too powerful to be forced to do what they disagree with.

Someone may mention the ndiswrapper project which aims to use Windows XP Wifi drivers under Linux. Ndiswrapper does not provide support for all kinds of devices. My impression is, ndiswrapper is rather old software that was written when Linux Wifi drivers were difficult to find, but that is only my subjective impression.

EDIT: Edited for grammatical errors.

[Bulkley]

edit: Actually you'r'e both kinda correct. DOS was demoted *after* the shell loaded but was still required to boot. If you disable launching the shell what you're left with is DOS

However it worked, Windows 95 is what drove me to Linux. I was one of those users who played DOS, made my own config.sys, etc. The Win95 shell was an annoyance I never got over.

Back to the theme of this thread, Microsoft might like to blame the NSA and others but the reality is that most Windows installations are terribly insecure and that's a big problem for Microsoft. Windows can be toughened up but generally isn't.

[phenest]

Microsoft might like to blame the NSA and others but the reality is that most Windows installations are terribly insecure

There does seem to be some to and fro between NSA and MS and possibly nations that have been privy to the source code. It seems that, if the NSA found a vulnerability, they didn't tell MS unless it was a big problem for them, so the NSA only created patches for themselves. What's the point of all these extra eyeballs, if they're not willing to share with MS?

[Job]

I still believe that Linux is more secure than windows.

[ruffwoof]

One mindset accepts that risk and takes protective measures. The other mindset assumes safety where safety is far from assured.

I'm fairly certain this doesn't support the idea of running everything as root.

Puppy ... that runs everything as root (but can be set to run the likes of browsers etc as a restricted user) ...

Puppy boots in less than a minute, even in old PCs, and it does not require antivirus software. Administering Puppy is quick and minimal. With Puppy, you just have to take care of your data, which you can easily save to USB flash

It boots a pure read only system contained within a single compressed file (squashed filesystem) and runs everything in ram. If that file is loaded from a readonly CD/DVD (boot disc) and even if you were running a very old browser and as root to go to your bank web site (nowhere else beforehand) ... then that's pretty secure. Or if you booted and went to a virus riddled web site, your data remains out of harms way.

"If you are using the internet for a commercial transaction, use a Linux boot up disk - such as Ubuntu or some of the other flavours. Puppylinux is a nice small distribution that boots up fairly quickly.

"It gives you an operating system which is perfectly clean and operates only in the memory of the computer and is a perfectly safe way of doing internet banking," van der Graaf said.