14 March 2009

Not Every PC is at Risk!!!

I'm publishing what BBC failed to publish.

-------- Original Message --------
Subject: Did you watch the video?
Date: Fri, 13 Mar 2009 00:48:17 -0400
From: Fred A. Miller
To: undisclosed-recipients:;

WELL written by a buddy of mine.



Did you watch the video?

In almost ALL of these kinds of "reports" they refer to "PC"s as being
at risk. That implies that EVERY PC is at risk. Every PC is NOT at risk.
About 99.999% of all spam comes from hijacked PCs running Windows
because Windows is SO EASY to break into, even when you are running
protection software.

What they should say, if they were real reporters and not wanting to
avoid harming their Microsoft ad revenues, is that the risk is entirely
in the WINDOWS OS that these "PC"s run, not the PCs themselves.

If the PC were running Linux it would be virtually impossible to quickly
accumulate a few thousand "bots" (robots) by merely mailing out an
infected email.

Why? Because Linux does not use Window's "ActiveX" or similar technology
and won't automatically run an email attachment when it arrives at your
inbox, or when you click on the email header in order to read it.

To run a virus on Linux the user has to :
1) manually save the viral attachment as a file, then
2) manually mark as executable (IF it is an executable binary or script
file), then
3) manually run it.

In other words, a PC which is at risk running Windows is entirely safe
running Linux. On Windows the malware is automatically run WITHOUT user
help. On Linux it is impossible to run an email attachment WITHOUT user
help. The user has to be persuaded to perform those three steps. This
persuasion is called "social engineering". The content of the email has
to persuade the reader to do those three steps. Usually the email claims
the attachment is a pornographic picture to increase the probability
that some immature teenager or adult will want to view it. The HTML
protocol normally displays pictures arriving in emails, which is not the
same as executing an attached binary file, so it is pretty difficult to
convince a Linux user that an attachment is a picture.

About the only way a PC running Linux can be hijacked is if the hacker
manually attacks the PC through its Internet connection. A remote
attack. That is very risky. The hacker can be detected and tracked
before he does his stuff, or he can be interrupted before he can clean
his tracks, leaving a trail back to the computer he is using.
So, what usually happens is that the hacker easily captures 50,000 or so
Windows PCs using a SINGLE infected email, and then manually hacks into
ONE Linux PC. The Windows PCs are the "bot farm" and the Linux PC is the
master controller. Because Linux computers are generally immune to
automatic email attacks he knows his controller won't be the victim of
another hacker. The hacker, or course, owns NONE of them and none of
them are at his place of work or residence. He communicates to the Linux
PC from an Internet Relay Chat channel (IRC), a sort of live character
based chat box on a public Internet server somewhere in the world. The
Windows bots have been set to listen on a particular port for a
particular string of characters, which includes what Internet address
(web server) to attack and how to attack it. The Linux controller is set
to listen on one of its ports for a signal sent to it from the IRC by
the hacker, who usually signs on to the IRC with a fictitious name
through an anonymous server, which generally leaves no traceable trail.
When the hacker sends the string of characters out of the IRC to the
specific IP address of the Linux controller, via commands that are part
of the IRC software, the Linux controller immediately relays the message
on to the 50,000 bots, which began flooding one or more computers hooked
to the internet with spam. Focused at one computer it can shut it down,
making connections to it from other computers around the world
impossible. If it is a business web server it is like a member of the
Mafia padlocking the doors and standing guard until the store owner pays
up or fights back. Either way it can cost money...lots of money.

Windows fan boys like to fill the air with smoke claiming that Linux can
be just as easily infected as Windows can. But, how many Linux bot farms
have you read about in the news or seen on TV reports? There hasn't been
a single one. IF they existed you can bet your last dollar that
Microsoft would make that news public on as many informations channels
it owns or can buy off.

When that argument fails the fan boys counter that there are not that
many computers running Linux. This, of course, is total nonsense.
Linux is currently around 8-10% (not 0.8% as some claim) of the RETAIL
PC market in the US, which doesn't count the FREE copies of Linux
downloaded and installed on one or more computers. This laptop, for
example, is running Linux (only) and the Kubuntu 9.04 CD which was used
to install it was used on two other computers, too. ALL three of these
computers WERE running Windows. Now, NONE of them are. In China the
Linux desktop market share is over 15% and climbing. Russia's leaders
have decreed that its entire country is switching to Linux, as are the
government of several other countries. The US military is switching to
Linux, as are the militaries of MANY other countries. Hollywood's
graphics are done almost entirely on computers running Linux. John
Dvorak, the noted PC columnist at PCMagazine recommended in his latest
column that Windows users abandon the hopeless task of trying to keep
their VISTA computers free of malware and simply switch to Linux. He
recommends the cousin to Kubuntu, called Ubuntu. Together, they are the
two MOST popular versions of Linux.

What's nice about running Linux is that there is NO need to maintaining
anti-virus software subscriptions and there is little chance that your
personal information or financial data can be stolen, unless the online
vendors you do business with are running Windows. This is the story that
BBC SHOULD HAVE published.

The problem with socialism is that you eventually run out of other
people's money.
- Margaret Thatcher

No comments: