I don't deny the existence of flaws in every operating system, nor do I have my fingers in my ears. I've been doing this kind of work for 35 years, and I know the weaknesses all too well.
So perhaps you should have taken a few minutes and checked the sentences you copied from your source. They do not support your position. I asked you to name four Unix viruses/worms since 2000 that spread to at least a few thousand machines. You failed to do so.
> Here’s seven
> Aside from Klez
Klez is a Windows worm passed via email or Windows SMB (including Samba) shares. The email or samba volume may be stored in a Unix mailserver or fileserver but that doesn't make it a Unix worm -- it doesn't touch the Unix operating system. Or were you just joking??
> Lion.worm
Lion.worm is not a Unix worm, it's a Linux worm. You -do- know that they're entirely different operating systems, right? Are you joking around? From http://news.cnet.com/2100-1001-254672.html, here's a description of their "Worm of the Year":
The SANS Institute said they have had five confirmed reports of worm infections: four companies and one university. The worm ... infects only servers running Red Hat's version of Linux. "To my knowledge, no one has recorded that they have been breached by an attack. They simply noted that the worm infected them and they're looking to get rid of it," said Elias Levy, Chief Technical Officer of SecurityFocus.com.That was in 2001, so the numbers may be out of date, but I don't find evidence that anything like thousands of Linux machines were infected, much less thousands of Unix machines.
> OSF.8759
Likewise, a Linux virus, not Unix. As are the rest...
... except BoxPoison (also known as Unix/SadMind), which affected unpatched installs of Solaris 7, which was released in 1998 and replaced by Solaris 8 in 2000. C'mon. Do you really want to go there? Do you really want to drag Windows98 back out from under a rock and look at -its- security? Or how about Mac OS 8, which was current in 1998 and similarly full of holes? Perhaps I should have been more explicit and asked for four viruses that affected Unix systems released since 2000, and compared that against Windows 2K, XP, Vista, and Win7.
So you managed to name two, not four. One of which infected half a dozen systems, and the other of which infected an obsolete version of Solaris (I couldn't find any figures on how many systems were affected.)
Thank you for proving my point with regard to the Unix question.
Now, I'm going to ask you to carefully read what you wrote:
> And here’s the discussion on the 863 Linux viruses (as of 2006): In a report titled “2005: *nix Malware Evolution,” the Russian antivirus software developer pointed out that the number of Linux-based malicious programs — viruses, Trojans, back-doors, exploits, and whatnot — doubled from 422 to 863.Are you aware there's a difference between "viruses" and "whatnot"? That a Trojan that convinces the user to do something stupid is not a virus?
The thing you seem to be missing is that, now that Windows is at long last joining the ranks of operating systems that take security and robustness seriously, the virus writers are turning to "social engineering" and other "human-vector" attacks. Naturally those attacks can be made to work on stronger operating systems, because they don't attack the operating system at all! They attack the user, and co-opt the user into attacking their own operating system.
Perhaps you're thinking of the well-known "Amish Virus", which can affect Unix, Linux, Mac, Windows, and all other operating systems, which appears in an email message like this:
Of course there's malware for every consumer operating system out there -- it would be astonishing if there weren't.
Anyway, I do appreciate the link to the list of Linux malware, especially those targeting RedHat derivatives, since those are my usual distros when doing Linux. The list is not as useful as I'd hoped (I'm a System Administrator, always on the lookout for more information on such things), but every bit helps.
Thanks for sharing.