Re: [News] Another Reason to Embrace Linux

[The Ghost In The Machine <ewill@xxxxxxxxxxxxxxxxxxxxxxx>]

In comp.os.linux.advocacy, Roy Schestowitz
<newsgroups@xxxxxxxxxxxxxxx>
 wrote
on Fri, 13 Oct 2006 22:27:38 +0100
<2367664.Xj8UV4tYgJ@xxxxxxxxxxxxxxx>:
> The future of malware: Trojan horses

Oh puh-leeze.  The Anna K. virus was doing this way back.
Or is this an instance of "what's old is new again"? ;-)

>
> ,----[ Quote ]
> | The stealthy attacks install keystroke-logging or screen-scraping
> | software, and they are used for industrial espionage and other
> | financially motivated crimes, experts said.

IOW, the usual crap.  Amazing that people will put up with Windows
even with all this going around.

(My brain hurts.)

> | 
> | [...]
> | 
> | Most attacks include Office files that use yet-to-be-patched
> | vulnerabilities in the Microsoft application to install malicious code
> | on vulnerable systems. The software giant has patched many such flaws
> | on recent Patch Tuesdays.
> `----
>
> http://news.zdnet.com/2100-1009_22-6125453.html
>
> Such attacks are alleviated in Linux as patches flow in regularly (without
> requiring prompts, reboots, or several weeks of unnerving periods of
> waiting), users are not encouraged/forced to inherit full system privileges,
> and Open Office is more secure.
>
> OpenOffice.org Spurns Security Worries
>
> ,----[ Quote ]
> | OpenOffice.org has rejected accusations that its open-source
> | application suite is at least as susceptible to attack as Microsoft's
> | Office in a terse statement posted on its Web site.
> | 
> | "The OpenOffice.org community confirms it regards security as of the
> | highest importance and will react immediately to any security issues,"
> | the statement read.
> `----
>
> http://news.yahoo.com/s/cmp/20061003/tc_cmp/193101143

There are presumably issues with OpenOffice, but any
compromise thereof is limited to the user's account
privileges.  Keystroke logging and screen scraping are,
however, possible, regardless of privilege level.

The only thing helping one here is the fact that most
Linux-based emailers are going to save the malware script
as a text file without execute privileges.

-- 
#191, ewill3@xxxxxxxxxxxxx
Linux.  Because it's there and it works.
Windows.  It's there, but does it work?