Nigel Goodwin said:
A webserver running on a Windows machine (and there are plenty of those) wouldn't catch a virus either - that's NOT how you catch them. To catch them you have to run an infected program, and doing so under Linux would be no different than doing so under Windows.
To catch a virus maybe, but a worm... that relies on a vulnerability existing within an application and if said application was running and it was connected to the net with a program flying around that can exploit that then BOOM you have it!
remember the MSblaster virus/worm that hit a few years back? it exploited a SERIOUS flaw in how MS coded their RPC stack (effecting all MS operating systems to that date). The worm used a buffer-overflow technique to gain a root-shell to which it then downloaded the main payload virus from the host machine to now infect a new machine. The now downloaded virus would then run and search out other machines.
This effected web-servers running windows, data servers running windows, home PC's running windows.... so you see it ain't a simple case of "run an infected program"
Nigel Goodwin said:
I doubt Linux's 'virtually virus free' status, but many Linux based machines aren't at risk - because they are running servers etc. Another obvious advantage is that Linux users (on average) are probably far more 'geeky', and have more sense about what they do or don't run. Plus Windows is an easier target - many more machines out there, mostly in the hands of computer novices.
again not true!. Linux is virtually virus-free, in fact at this moment there is no virus's documented that can infect a linux machine. Even if one was because linux is designed to be a multi-user OS and a network OS (multi-user & network was bolted onto Windows and its only with Vista & active-directory that MS finally have an almost multi-user OS). It means that a user can run as a restricted user an if they were to get a dodgy program (I can write a virus for linux in a few min in: bash,python,C,...) it is limited to their home and NOT the system and also can't spread
Then we come to the server
Code:
jrb@Fluid-Server ~ $ ps axu | grep httpd
nobody 5066 0.0 2.2 22176 10788 ? S Sep04 0:00 /usr/sbin/httpd -k start
nobody 5068 0.0 1.8 20924 8928 ? S Sep04 0:00 /usr/sbin/httpd -k start
nobody 5069 0.0 1.8 20924 8928 ? S Sep04 0:00 /usr/sbin/httpd -k start
nobody 5070 0.0 1.8 20924 8916 ? S Sep04 0:00 /usr/sbin/httpd -k start
nobody 5089 0.0 2.2 22048 10732 ? S Sep04 0:00 /usr/sbin/httpd -k start
nobody 5313 0.0 1.8 20924 8768 ? S Sep05 0:00 /usr/sbin/httpd -k start
nobody 5314 0.0 2.1 22056 10628 ? S Sep05 0:00 /usr/sbin/httpd -k start
nobody 5315 0.0 1.8 20924 8760 ? S Sep05 0:00 /usr/sbin/httpd -k start
nobody 5318 0.0 1.7 20788 8540 ? S Sep05 0:00 /usr/sbin/httpd -k start
nobody 5319 0.0 1.7 20788 8544 ? S Sep05 0:00 /usr/sbin/httpd -k start
jrb 5507 0.0 0.1 3184 796 pts/2 R+ 13:19 0:00 grep httpd
THIS is the output of doing a process search for the Apache binary (httpd) as you can see there are multiple instances and they are all run as user
nobody
The thing is "nobody" has less then no rights on my server. If some hacker managed to over-ride my apache to get a root prompt they would end up with a shell of: /bin/false... ie none (not to mention apache also runs in a chroot)
On a windows server IIS (or Apache) runs as Administrator, and thus if an exploit is found a hacker can gain a console prompt as... you guess it Administrator BOOM!!!
Linux is suseptable to worms (since these rely on flaws in applications) and one of the biggest worms to hit the net was one that attached apache-linux servers (it exploited a flaw in openssl). This was patched very quickly, but still the worm got far!. There have been something like 5 worms in linux operating systems (one taking advantage of a flaw in the 2.0 kernel years ago) and all patched very quickly due to it being open-source.
Also the statement abt "more geeky" would be using linux and thus they have more sense is a load of bull! some of the worst security oversights have been done by "geeky ppl" who were being to clever.
Linux by default is locked down. BUT you can open it up
Windows by default is open. BUT you can lock it down
Likewise the whole "many more machines "is a load of BS! Windows is a target cause it is an easy target. In 2005 >70% of the internet ran on Apache+Linux (as opose to ~20% windows) so are you telling me that 50,000,000 machines isn't a viable target.
These days the share has evened out a bit with
Apache having 65,000,000 and MS having 43,000,000
But still 65million linux machines is NOT an insignificant number, throwing your "many more machines out there" out the window