Weblog:   Linux Users: Welcome to the World of Malware
Subject:   Not Quite
Date:   2004-10-29 16:30:13
From:   riplin
Response to: Not Quite

> 400 major ones (right...)) distributions is in fact a major weakness

No, it is a major strength. For example buffer overflows rely on the overwriting code to be in the exact right place for it to work at all. With Windows all copies of a program are identical, for a particular version.

For Linux the compilation may have different CPU target (386,486,586,etc) and different options and different optimizations which mean that there are 400 different 'right places' to overwrite with a buffer overflow vulnerability, and that does count the variations that may occur if the user has recompiled.

This means that a particular attack that is targetted at, say, RedHat 8, misses the target on Mandrake, SUSE, and all the other hundreds.

The buffer overflow (given one exists) may crash the program, but it most likely won't cause execution of malicious code.

As there is still only one actual source tree the problem may be fixed just once and then each distro, or the user, recompiles. Generally this makes it pointless for the malware writer to even bother trying.

Think of it as shooting a gun randomly in a Zoo. In the Windows Zoo any bullet fired randomly will kill anything it hits. In a Linux Zoo each bullet has to tailored to a particular animal such that a Lion bullet won't kill a chimpanzee, though it may knock him off the tree.