I use a PC. Actually, I use several PCs. My small business has 5 tower PC systems and 1 laptop PC system. All of these are what is called a PC. Any computer that can be purchased by an individual and used by said person for personal "stuff" is by definition a Personal Computer also known as a PC. That includes Apple Computer Systems Personal Computers known as "Macs". All of these devices are PCs.
So, we all can agree that all of these devices are PC systems. The fact that malware are written primarily for PC systems is a given and is well reported in the news. The fact that malware are written primarily for Microsoft Windows based PC systems is often not reported. When such a connection is made in the press or on a Microsoft friendly web site then the caveat is often added that Microsoft Windows suffers from popularity. The argument is that because Microsoft Windows is so ubiquitous it gives a good "Return On Investment" to malware writers. Supposedly these malware writers do not target other operating systems because they want to get the most bang for their buck. I call that hogwash. The reason Microsoft Windows is so often successfully attacked is because of its flawed security design. I run FreeBSD Unix and Mandriva GNU/Linux on my PC systems. I keep my systems patched with up to date bug fixes and security fixes. I will not install software that I do not know from whence it originates. I do not run any anti-virus software and yet I will never get a "PC Virus" on these systems. There is no such thing as a "PC Virus", call them "Microsoft Windows Viruses" or "GNU/Linux Viruses" or "Apple OS X Viruses" depending on the operating system which they successfully attack. Don't call them "PC Viruses".
What is a Virus? I refer people to this definition when asked: The Difference Between a Computer Virus, Worm and Trojan Horse. So, a Virus must be able to be shared and operate easily by user to user transfer to be successful.
All PC systems are targeted for attacks regardless of the operating system. Do not believe any person who says otherwise. The only difference is that some systems are attacked successfully more easily than others. Those more easy systems are almost all Microsoft Windows based PC systems. Anyone who has monitored an internet facing server of any type knows that systems connected to the internet are constantly probed for weaknesses in their open services. (Thank you China, may I have another?) These probes are often looking for unpatched services with known flaws that can be exploited. This is true of Unix, including OS X, GNU/Linux and Microsoft Windows based servers. Any of these open services that are not kept up to date can potentially be exploited. The only mitigating factor would be the underlying operating system on top of which the services are running.
If an attacker can get a root shell prompt, root being the "administrator" account, by exploiting a service flaw on a Unix or GNU/Linux system then the game is over, the attacker basically owns the system at that point. Further, since internet facing systems are often servers that handle traffic for a handful of users up to thousands of users these would be a cherry to pick that is much more "tasty" than some lone PC or even dozens of PC systems.? So why do we read so much about successful Microsoft Windows based malware attacks yet read so little about malware exploits of internet facing servers? Well, most of these are running some form of Unix or Unix-like operating system, such as GNU/Linux. The security by design nature of these Unix based systems make them a very tough nut to crack. Only the really, really smart attackers can figure out how to exploit these systems. The chance of exploiting very many is low because all one has to do to keep an internet facing server "safe" is make sure it is running a Unix based operating system and keep the open services that face the internet up to date. (Yes, I know one can maybe do this with Microsoft based servers too, but they are not in the majority when it comes to internet facing servers.) The majority of system administrators managing internet servers know this. Creating a Virus that can successfully attack these systems using the definition above is likely possible, but spreading it very much is not probable. Just because something is possible, writing a Virus for GNU/Linux, does not make something else probable, the easy spreading of said GNU/Linux Virus. So, attackers that target Unix based systems have to give them personal attention in most cases to find a successful attack vector. These folk are known as Crackers and are a different breed from the plethora of malware writers. Like malware writers Crackers are slime, they are just a smarter level of slime.
What we Unix and GNU/Linux folk worry about most are Crackers, Worms and Trojan Horses. Of course if one keeps service applications like BIND domain server, Apache web server, Postfix mail server, CUPS print server and so on up to date the probability of a successful Cracker or Worm attack is very low. If one uses only secured sources for installable applications and updates the probability of a successful Trojan Horse attack is also very low. Again these would not be called "PC Crack", "PC Worm" or "PC Trojan Horse". They would be called by the service they successfully attack, such as a BIND Worm that exploits known flaws in unpatched versions of BIND or an Apache Crack that allows a Cracker to successfully "get root" through an unpatched Apache web server. Do these attacks succeed? Yes they do sometimes. But they are much less successful than Viruses that are written to take advantage of user ignorance and Microsoft Windows design flaws.
So, if we ever do see a successful GNU/Linux Virus "in the wild" we will call it a "GNU/Linux Virus". As unlikely as that scenario is due to the mitigating factors that make up the security by design model used with GNU/Linux. Or will all you people that insist on calling Microsoft Windows Viruses by the misnomer "PC Virus" also insist we call a GNU/Linux Virus a "PC Virus"? Suuuure you will.
Internal ERACC advertisement: Windows users – need anti-malware (anti-virus) software? Get it from our on-line shopping site here: AVG Software
Number of unique accesses for this article:
| university of phoenix |
Notice: All comments here are approved by a moderator before they will show up. Depending on the time of day this can take several hours. Please be patient and only post comments once. Thank you.
All,
Someone stated on Reddit that, “No one calls them PC viruses.” Oh, really?
It appears Google search disagrees. It seems that Yahoo search disagrees. Heck even BING search disagrees. It appears “the author” knows a bit more than some appear to believe.
Gene
Edit: I will add that one should not call them “Computer Viruses” either. Same reasoning.
Social comments and analytics for this post…
This post was mentioned on Reddit by sidewaysmilk: You miss the point. Most viruses are specifically written to target Windows. Saying that a virus or any problem is specific to “PC” proliferates the misinformation and FUD that permeates the personal…
I fully agree with your article; however, things will never change. The same way the term hacker is misunderstood. Unless the mass media changes, popular thought/opinion will not.
“Only the really, really smart attackers can figure out how to exploit these systems.” Or it takes very, very sloppy admins let them through
The human factor is still the weakest link for the vast majority of threats, though at least it’s not magnified by system deficiencies. Indeed you develop the idea in the rest of the paragraph, I simply thought having it in a one-liner somewhere would have further emphasized your argument.
As for the “PC virus” moniker, it’s actually a very smart PR tactic: keeping the masses in the dark. Reminds me of the Microsoft’s second attempt at an ad response to Apple’s “I’m a Mac” campaign. The one where they pretend to offer cash back if the comedian finds a computer for under $XX… Same message: “Well there are Macs, which are bloody expensive, and then there are PCs, which de-facto run some version of Windows”. Never mention the competition against which you have no relevant advantage to your target audience. Brilliant! In a twisted way…
this is brilliant.
I’ve often thought the community should be comparing itself to windows but in the opposite way it is currently done.
Headlines like “Is Linux ready for the desktop?” are bad for Linux because they consistently relegate Linux to bottom of the pile so to speak. The nature of the headline assumes Linux is not ready and that is completely wrong.
Better would be headlines like “Windows starting to catch up to Linux but still a long way to go.” or “Windows Power Shell, is it as capable as Linux shells”, “It only took 15 years for Windows to catch up to Linux shells.”
As a rule the community should always be thinking in terms like these.
Anything less will continue to doom us.
While I agree with most of the points of this post, I think there is some truth to the point about Windows being targeted more for viruses than other operating systems, because of its wide usage on the desktop level. By nature I think desktops are attacked more because they are easier to exploit since there is a user on it actively reading emails, browsing the Internet, etc. Typically there isn’t a user logged in to a server doing those types of activities. However, I agree that Unix-based operating systems like GNU/Linux are FAR more secure than Windows both at the server and desktop level. A lot of exploits you see for 3rd party products like Adobe Reader only affect Windows, and not Linux. So even though you are running the same application at the application level, the GNU/Linux operating system has clear security advantages over Windows. Windows has a lot of flaws, and it is generally bloated compared to more efficient operating systems like GNU/Linux.
Are you kidding?
I am running (and always been) a Microsoft Windows Client, I keep it up to date, and I have never got any virus/worm/trojan or whatsoever, open up your Services snap-in and see how many offerings does Windows have compared to linux or apple. I also have owned a Mac Pro but i couldnt bare how primitive the system was.
I am an administrator of a Windows Server environment, and I have had any security issues, ever heard of the Security Configurations Wizard (SCW) ? well trust most Windows Server Admins haven’t also, I agree with PsynoKhi0 when it comes to sloppy admins everywhere.
but when it comes to users, a phishing website’s pop-up that says they’re infected is enough for them to click it, install an ActiveX controller to put dozens of backdoors, trojans, and worms on their systems.
Windows is Secure, people are not.
Alaa Ajweh (comment #7) thank you for reading and for commenting.
Perhaps you should read these before you assert that “Windows is Secure”: Why Windows security is awful and Comment #15 from “paul” in our article titled “GNU/Linux Security: Linux House vs Microsoft House”. Frankly, Windows can be “secured” only as long as it is in a severely controlled environment. It should never have been let loose on the masses that now use it.
Alaa Ajweh:
Windows is NOT secure, mainly due to the fact that for various reasons users are forced to run as administrators. Period.
[...] following new post, titled “GNU/Linux: Don?t Call Them PC Viruses”, arrives in a very timely fashion and [...]