FeriCyde Analysis: Linux Attacks Rare But May Rise
I've always admired the above quote. Illustrating the idea for us nicely is this happy little number by Steve Hargreaves on CNN -- "Security analysts: Mac attacks rare but may rise". Dig into the article, though, and something rather disturbing makes itself apparent. Do they have any statistics to back the headline? Sure, there's "about a dozen" (count'em Tex!) virus alerts sent out monthly for the Mac. There are none, near as I can tell, in the alert space for Linux and -- drum-roll please -- 13,000 for Windows XP. I'm sure a lot of people used to hearing me blather on about Linux are thinking this article is going to be a piece hell-bent on bragging about Linux security. The numbers and experience -- my own personal experience and that of others -- do that just fine. Nope, the topic for today is media integrity. We're looking at a rather misleading headline for an article. Don't forget -- a lot of people don't have time to get into content, the headlines "tell the story". Just where the heck does the author of this piece get off with the "may rise" part of the title? There's literally nothing in the article to support this. Digging into the article, there's a mention of Viruses being spread by the iPod -- to Windows XP boxes, no less... Let's just do the numbers here for our dear Apple brother's in arms (Okay, some of you may disagree with my wanting to side with people buying proprietary solutions, but bear with me -- I'll address that at the end). ANALYSIS_MODE=1Let's do some shell code to get to the bottom of this. I'll use the basic calculator to find out just how comparative, numerically, this virus threat is: # echo '12/13000' | bc 0Yep, I'm injecting some shell lessons in here, for those of you who own something with a POSIX-like interpretor (Believe it or not, Mac owners, that means you too -- please don't scream in terror at the sight of command-line stuff, it's gotten a bad rap over the years ;). For those of you with Windows systems, you can easily and happily patch your systems to have this added functionality by loading Cygwin on your system. I'd recommend Microsoft's own solution -- but last time I loaded it on a Windows PC it turned on (using default settings) a host of insecure crap and basically was no where near as stable or as comprehensive in functionality as good ole' Cygwin. FOSS to the rescue, once again! Returning to the simple shell commands above. That answer is a bit misleading because we don't have the scale high enough (not enough leading zeros). We can easily adjust this: # echo 'scale=4; 12/13000' | bc .0009Okay, so we have definitive proof that in fact, there are, percentage-wise, a comparable number of viruses for the Mac. In my Mechanical engineering days, however, the number above would potentially be used to judge a material strength (imagine that I was selecting material to build a support beam, for example). One material (a Mac) would be structural steel. The other, (Windows) would be comparable to something with far less usable strength, say, an inert gas, like nitrogen. In other words, I'd argue that the number .0009 may as well be zero, for all practical purposes, when it comes to security. Heck, given the data and no idea about what's behind it, almost anyone with a statistical mind would potentially round that number to zero or assume it's an error based upon bad data points.
SPECULATION_MODE=1Getting back to the point at hand, however, why do we see articles like this every year? Year after year, people predict that there will be more and more Mac and Linux viruses, and year after year, it simply doesn't happen. As a reference, I'd like to offer the following speculative data points of my own for what's behind this phenomena:
The type 4 articles are a stretch, but I'm not ruling them out just yet, due to my understanding of Quantum mechanics and how reality is in fact a nebulous thing indeed. But why would I suspect this of being a type 2 article at all? Well, it's the source. Possibly it's not AstroTurf (An article written to appear as serious journalism, but in fact is funded by someone with deep pockets and a hidden agenda) -- but here's why I'm suspicious of CNN when it comes to technology news stories and Apple. Time Warner owns CNN and it also owns something called AOL -- or was it the other way around? It's all that dot-com insanity if you dig down into it. Anyway, they've got a stock interest -- that's the point I'm making here. In case you're wondering about stranger coincidences, take a look back around September for stories on iPod hearing damage on CNN, right around the same time Microsoft was buying stock in AOL. That stock interest tilts the story, in my humble opinion. CNN is a news site but Time Warner is a profit center, which unfortunately for the people on the news staff, means stories like this will never give them an honest shake -- someone else, with less bias, is simply going to have to tell the story in this context. Except, they didn't -- a quick Google search confirms that "iPod hearing loss" and CNN are rather frequently found together. Don't get me wrong -- it's likely (just like Sony Walkmans) possible that iPods can be used to damage your hearing. My Mustang GT can be used to exceed the speed limit too. I should sue Ford motor company. My sink can be used to flood my house -- I should get CNN to do a series of stories on how dangerous the most popular sink faucets are -- oh wait, they don't have a competing stock interest to serve, so likely this simply isn't going to happen. For what it's worth, I'm only picking on CNN here for the sake of example -- other news outlets (Do I need to jokingly use the phrase "Fair and Balanced" to illustrate?) have their tilts on other axis. The main point I'm trying to address here deals with how monetary interests of large corporations (Microsoft would be inclusive) tend to tilt news outlets. For what it's worth, the author of this story may not have chosen the headline -- it may have been done for them. Even if it's their own headline, an editor of the site might still be behind it, shelving more direct news stories in favor of ones that help the company bottom line. You don't have this problem here at LXer. I know this because I've had discussions with the editors, and I know Dave (and Bob) Whitingers intentions -- they want a Linux news site about Linux first. Some of you may not care about this very real and fundamental difference, but I'd argue that you should. A lot of you can simply, intuitively, "feel" this honesty. It comes in strange forms -- in editorial comments, in the way talkbacks are moderated -- in the very real consideration of the advertisers on the site. Community focus isn't always the most profitable thing to do (it doesn't mean it can't make money though) -- LXer.com has grown to be something of a great community gathering point -- something very intrinsic to the longevity of the (FOSS) Free / Open Source Software movement. If it's about Linux, and it's news, it's here. The editors strive to make sure that the best news is posted in a timely fashion and they think about things like the bias above when they're posting. The site is more about a safe haven for discussion than anything else. This, along with a focus upon integrity makes for a winning, lasting formula. Speaking of my own bias; It's heavily tilted for obvious reasons; I firmly believe in FOSS as a long-term solution to a host of technological problems. Yeah, that may on the surface sound very contradictory -- but in actuality there's an honesty involved that's sorely missing in the context of supposed "Mac" security in any CNN article (for example). No surprise, I'm admittedly a Linux bigot -- one willing to tell it like I see it from my own point of view. Overall that's one of the reasons a news source gains credibility -- people over time learn to trust based upon conditions like this, and the reality -- the view of which we're all after, after all -- makes itself all that much clearer. References:
Paul (FeriCyde) Ferris is a Linux professional and community member. He has been using Unix and Linux for a combined total of over 17 years. His articles have graced LXer.com, Linux Journal, LinuxToday, LinuxPlanet, NewsForge and various other Linux news and technical information sites. His recent expertise with enterprise-class implementations of Linux have lead to the creation of the the batchlogin project, his first large-scale Free Software project. A husband, father and more, yet his technical passion is Linux and has remained so for the past 13 years. |
|
Subject | Topic Starter | Replies | Views | Last Post |
---|---|---|---|---|
i agree.. i agree... | cuzican | 4 | 2,461 | Sep 26, 2007 10:16 AM |
When the numbers are already near zero... | Syscrusher | 5 | 2,337 | Oct 25, 2006 12:35 PM |
Reaching for a metaphor | dinotrac | 7 | 2,560 | Oct 25, 2006 11:38 AM |
dc | jezuch | 2 | 2,257 | Oct 24, 2006 7:29 PM |
You cannot post until you login.