Boscoe <laughingboy47@hotmail.com> wrote in
news:GEtZn.6586$mv6.1300@newsfe25.ams2:
> On 08/07/2010 43 PM, Alias wrote:
>> http://www.zdnet.com/blog/security/report-48-of-22-million-
>> scanned-computers-infected-with-malware/5365
>>
>>
>> Gosh, that's almost 1 out of every 2 Windows computers.
>>
>
> You are a little troll... get your knackers around this...
> <http://blogs.computerworld.com/16316/think_linux_is_free_fr
> om_malware_think_again_its_been_hacked>
>
Old news. And completely misrepresentative of what transpired.
Instead of repeating what was commented, I'll just post this
reply from the comment sections.....
-----------------------------------------------------------
"For several hours, I've been trying to find something nice to
say about this article. It is so full of factual errors and
deceptions that it is hard to understand how it ever made it
to publication.
Start with the title. Both premises are wrong. Nobody thinks
Linux is "free from malware" and it has NOT been "hacked." A
lot of us put a lot of energy into maintaining pristine
repositories, specifically because we are aware that malware
is ever-present. Linux includes many defenses against
unauthorized intrusions in recognition of the ever-present
danger. These defenses were NOT subverted in this case. Linux
was NOT "hacked."
This was an example of a tiny, unknown application group
irresponsibly failing to maintain its database. Infection
could only occur if the end user trusted UnrealIRDd and
deliberately installed the infected program. That is an
example of "social engineering" of the vector of malware
distribution - it is not a susceptibility of the OS. Just this
year, the Olympus Stylus Tough 6010 digital camera shipped
with Windows autorun malware on the memory card. Autorun
malware installs without any authorization from the user
whatsoever. That is a true breach of operating system
security. Does that mean that all shrink-wrapped, commercial
software for Windows cannot be trusted?
The author claimed a hacker would have "absolute control" over
a computer which became infected with this trojan. Wrong
again, of course, but kudos to the author for acknowledging
that error, at least.
The author cites Ed Bott in claiming that a similarly-infected
Windows file would have been caught by an anti-virus program.
Wrong again. As a zero day trojan, no anti-virus program on
Earth could have caught this - regardless of how much the end
user was paying to keep up the viral definitions.
About the only true statement in this article is the claim
that it is remarkable that no one at UnrealIRCd caught this
mistake in seven months. That, at least, is correct."
--------------------------------------------------------