Re: Eh?
> I think that we will see user-mode, scripted, self-modifying malware on Linux which infect the GUI startup mechanisms [ ... ]
No, we won't. There is a fundamental difference between the Windows execution model and the Linux/UNIX execution model.
This difference is by design, it is baked into the OS, and unless Windows adopts the Linux/UNIX execution model, Windows is screwed forever.
I'll give you a simple example: on Linux/UNIX systems, it is not possible to load a shared library (*.so) into memory and execute it with or without escalated/root privileges. On Linux/UNIX systems, shared libraries are not executable, and can only be loaded from within a separate and independent execution context -- i.e. a running program. Privilege separation applies to the running program.
On Windows, it is possible to load a *.dll into memory and execute it. It's a common attack vector: poisoned URL downloads a *.dll that appoints itself as Administrator, and then takes over the entire OS. No user interaction required. As long as that is possible, there is no point in discussing Windows security, because there is none.
And I haven't even mentioned hardened versions of Linux such as SELinux, which is the default on distros such as RHEL and Fedora.
Ubuntu - and I think SuSE - use AppArmor.
Personally, I am a fan of SELinux because I believe it is more effective than AppArmor. In spite of the fact that configuring SELinux in enforcing mode can be major PITA.
Biting the hand that feeds IT
