"Roy Schestowitz" <newsgroups@xxxxxxxxxxxxxxx> wrote in message
news:2367664.Xj8UV4tYgJ@xxxxxxxxxxxxxxxxxx
> The future of malware: Trojan horses
>
> ,----[ Quote ]
> | The stealthy attacks install keystroke-logging or screen-scraping
> | software, and they are used for industrial espionage and other
> | financially motivated crimes, experts said.
> |
> | [...]
> |
> | Most attacks include Office files that use yet-to-be-patched
> | vulnerabilities in the Microsoft application to install malicious code
> | on vulnerable systems. The software giant has patched many such flaws
> | on recent Patch Tuesdays.
> `----
>
> http://news.zdnet.com/2100-1009_22-6125453.html
>
> Such attacks are alleviated in Linux as patches flow in regularly (without
> requiring prompts, reboots, or several weeks of unnerving periods of
> waiting), users are not encouraged/forced to inherit full system
> privileges,
> and Open Office is more secure.
>
> OpenOffice.org Spurns Security Worries
>
> ,----[ Quote ]
> | OpenOffice.org has rejected accusations that its open-source
> | application suite is at least as susceptible to attack as Microsoft's
> | Office in a terse statement posted on its Web site.
> |
> | "The OpenOffice.org community confirms it regards security as of the
> | highest importance and will react immediately to any security issues,"
> | the statement read.
> `----
>
> http://news.yahoo.com/s/cmp/20061003/tc_cmp/193101143
>From your article http://news.yahoo.com/s/cmp/20061003/tc_cmp/193101143:
<quote>
French researchers were particularly concerned with macro security in
OpenOffice.org, and pegged the problems as ones "at the conceptual level" of
the suite.
In early June, OpenOffice.org disputed the use of the term "virus" to
describe a macro exploit against the suite, and said it would not patch the
problem. As far back as 2003, security researchers have warned that exploits
using the suite's macro language were possible, and called the applications'
default macro security settings as "resembling older versions of Microsoft
Office."
</quote>
So if it's true that most trojans infect via the office suite, AND that
Window's larger install base has nothing to do with the prevalence of
security issues, AND that OpenOffice is less secure than Office, then this
is a reason NOT to embrace Linux -- or at least, not to embrace OpenOffice.
Not only are there macro exploits available in OpenOffice, but apparently
the OpenOffice community are refusing to patch it!
That said, I've never heard of an OpenOffice exploit. So I conclude that
Window's larger install base IS a factor in the number of exploits seen in
the wild. There is more security in a heterogenous system (where the system
in this case is the Internet, and the heterogeneity comes from having
different OSes), though hereogeneity itself introduces some problems (such
as introducing crossplatform interoperability issues).
- Oliver
|
|
