From: Matt Norwood <mrn2101@columbia.edu>
  To  : <cpc@emoglen.law.columbia.edu>
  Date: Mon, 27 Feb 2006 21:41:46 -0500

Re: Not Exactly on Class Topic, But Perhaps Still of General Interest...

I think Kenny's right - the vector of contamination seems to be the main
advantage of, say, Linux over Windows w.r.t. keylogging programs. From
the article:

"These programs are often hidden inside other software and then infect
the machine, putting them in the category of malicious programs known as
Trojan horses, or just Trojans."

If they're "hidden inside other programs", free software has the
advantage of being distributed with its source so a user can examine and
compile his or her own copy, thereby eliminating the danger of malicious
software.

The article also hints at the kind of network-based infection Kenny
describes:

"The monitoring programs are often hidden inside ordinary software
downloads, e-mail attachments or files shared over peer-to-peer
networks. They can even be embedded in Web pages, taking advantage of
browser features that allow programs to run automatically."

As noted, these methods of infection are likely to depend on security
flaws specific to Windows and Windows-based software (IE, Outlook, etc).
But even beyond that, the malicious programs themselves are coded to be
specific to a given OS, and so far the amount of malware written to
target non-Windows systems is almost nil. This could change when more
users - particularly less technically adept users - switch to free
software OSes, but for now it's not worth the time to code spyware for
MacOS or Linux when there's a vast population of easy targets running
Windows.

Matt

On Mon, 2006-02-27 at 16:11 -0500, Kenneth Canfield wrote:
> Bryan Brooks wrote:
> > ...  Cyberthieves silently copy keystrokes.
> > 
> >  
> > 
> > http://news.com.com/2100-7349_3-6043433.html.  Does anyone know if Linux
> > is significantly better than Windows or Mac OS at limiting the
> > effectiveness of these programs?
> 
> My only semi-informed thoughts:  I think the issue is how the program
> gets onto your computer.  I think that Outlook, for instance, is
> notorious for opening attachments/running programs without you first
> approving it. ActiveX also permits web code to be run without your
> permission, I think, if you are using IE.  The Windows Autorun "feature"
> also allows for the running of executables on CDs without your
> permission, but I doubt anyone is distributing malicious key loggers via
> CD.  So in those respects, programs associated with Windows may be more
> dangerous, but I would suspect that if you use an email client like
> Thunderbird and a web browser like Firefox, you'd be no more at risk
> than with Linux or OS X.  But even with the MS products, I think users
> can set them up so the code isn't run without their permission.
> 
> -----------------------------------------------------------------
> Computers, Privacy, and the Constitution mailing list
> 



-----------------------------------------------------------------
Computers, Privacy, and the Constitution mailing list