03.03.09
Why Conficker is a Blessing to GNU/Linux
Summary: Windows security menace makes a good reason to make the move
THE Conficker worm is a subject that we’ve already covered in (reverse chronological order):
- Microsoft’s Blame-Shifting Strategy Precedes More Trouble
- Leave Microsoft Alone
- Never Blame Microsoft, Blame Users and Exploits
- Botnets and Bounties Versus Real Security
- Is Windows to Blame for Cracking of Federal Aviation Administration (FAA)?
- Windows Problems Take Down Airplanes, JFK Airport, Houston Municipal Courts
- Turkey, France, United Stated Under Attack by Microsoft Windows Insecurities
- Microsoft Adopts Malware Techniques to Advance .NET
- Windows Botnets Go Out of Control, Obama Web Site Delivers Windows Malware
- One Windows Worm, One Week, and Possibly 250,000,000+ New Windows Zombies
- Death by Microsoft Windows
- UNIX/Linux Offer More Security Than Windows: Evidence
- US Army Becomes Zombies Army; London Hospitals Still Ill (Windows Viruses)
- Eye on Microsoft: Another Messy Week for Security
The bad news is that Conficker causes great harm to the Internet that we all share. In some cases, even DNS goes down as a result. Some companies may be losing business, based on the following new report.
Conficker may bring commercial web sites to their knees
[...]
One of the most notorious pieces of recent malware is set to cause collateral damage to commercial web sites.
[...]
In practice, security researchers are able to analyse this function as easily as any other. And a coalition of ISPs and other players has been registering the domains Conficker will try to use before the worm’s backers can get hold of them.
The good news is that better reasons are now being given for companies to migrate to GNU/Linux.
As the Conficker worm continues to burrow into more Windows systems, it’s become apparent that not only are many users failing to keep up with their patching, but many others are running older versions of Windows for which patches aren’t available.
Cash-strapped companies are unable to buy new computers and they surely have no interest in the Fiasco of the Year which is saddled onto them. The natural step forward would be to convert existing PCs to a modern, secure operating system. GNU/Linux is a perfect fit. █
The 11th plague said,
March 3, 2009 at 12:51 pm
Hum, I don’t think so. People who get infected by worms are people who usually don’t care about security as they don’t even patch their OS.
If they don’t want to “waste” time patching their OS, probably they will not want to learn how to manage a totally new OS. That’s why botnets are so wide.
Balrog said,
March 3, 2009 at 4:41 pm
Except that Linux is inherently more secure than Windows. True, there may be some flaws in Linux as well, but it’s clearly more secure.
And Linux is becoming easier to manage … it still has room for improvement in that regard though.
Needs Sunlight said,
March 4, 2009 at 6:01 am
It’s not just that people who run Windows just don’t care about security, they don’t have much of any interest in technology at all, even in areas directly affecting their profession.
There are always exceptions, those pushing Windows because of some kind of personal agenda, but by and large it seems that it is the apathy which allows security problems like Windows to spread. That apathy could be leveraged for good, just as it is currently leveraged for harm. The OEMs have tried on and off for a long time to break free of MS grip. Once, if, the OEMs start shipping Linux, BSD, OpenSolaris, or anything else, then it’s game over for Windows.
Give them pimped KDE, XFce, Fluxbox, IceWm or even FVWM (such as fvwm-crystal) and they’ll go happily about their business. Windows will be gone and no one will notice or care.
There’s still the lobbying and political aspects of the MS movement to contend with then, but the hard part would be over.
Ian said,
March 4, 2009 at 8:09 am
It’s not just that people who run Windows just don’t care about security, they don’t have much of any interest in technology at all, even in areas directly affecting their profession.
That’s an incredibly dim generalization. What’s your basis for such a claim?
Roy Schestowitz said,
March 4, 2009 at 8:11 am
True. A lot of the same could be said about Mac users.
David Gerard said,
March 4, 2009 at 9:27 am
At this point I’m past caring about Windows users getting their machines eaten by viruses and can only say “What did you expect, running Windows?”
Brian Assaf said,
March 5, 2009 at 3:49 pm
Windows, security, and those who use a computer as an appliance. These people that don’t care nor have an interest in security, should be running Linux, not Windows.
For Windows to be remotely secure, you have to care about security. Leave a Windows machine connected to an internet connection without a router/firewall in between, it will get exploited. If you use Internet Explorer at the very least you will get tracking cookies. If you install apps willy nilly from the internet, you will get viruses or malware. Tack on a few backdoors, and you have an OS that strikes fear in my heart.
With Linux, you can apply most updates without a reboot, and patches are distributed ASAP. Not every Tuesday of each month. Out of the box (at least on Ubuntu Linux) there are no open ports by default. One has a huge repository easily accessible via Add/Remove, or Synaptic to install cryptographically signed apps. With an OS upgrade, all these upgrade too.
Ultimately though, what bothers me more is that these viruses and malware, are purely for things like spamming and just “using” the machines. They don’t want the Windows box to stop running, so the zombied machines can be used for whatever purpose…
If a virus were to actually cause the machine to shut down or just stop working (you know, like Windows Genuine Advantage or the forced reboot rather than BSOD.
) Rather than “getting slow” or “why is the hd led on all the time, and the drive whirring” or “why does it take 10 minutes to boot” and polluting the Internet with bogus traffic.
It would send a clear message. Don’t use Windows if your data is important, if security is important, etc. Right now it seems to work well enough, and I think people expect mediocrity from Windows. If that isn’t the case, proponents love to apologize for it, and love to point out how much 3rd party application support there is (which frankly, is independent of Windows, time to port or make friends with wine.)
So will things like conficker get people to switch. I would hope those in mission critical situations would. For example Governments and Military where this virus spread. Windows should have no place there, no money should be invested in it, and solutions that can be independently verified like GNU/Linux would be much much better, no?