Rich wrote:

Bob replied:

 >You have choice period. Linux is a choice, your sentence does not parse.

The sentence did parse.  With Linux you have choice.

Linux is a choice. There are many versions, same as windows. There are
different vendors for linux whereas windows has only one.

You have the choice of distro and apps

Apps are a choice too.

Windows has a very small number of flavours - with much of the same infrastructure.  Linux however comes in a VERY wide variety of setups. It is frequently customised by its users and there are few network services that are enabled by default (my current install has ssh - that's it.  Oh and that doesn't run on a default port)

Yes, I'll agree I am probably slightly more security concious than the next man, but I am not completely atypical of the linux users ethos. Why run a telnet server if I don't need it - it simply creates an opportunity for code to be broken.

On the other hand Windows boxes come in very limited numbers of configurations (especially if you focus on the DSL connected (home user) ones) all of which have, by default, a number of network services running.  The majority of windows users do not know how to turn them off, even if they did know that they were running.

That is the single biggest design flaw.  If i want RPC on my boxes for any reason I'll go out and find out how to enable it, I shouldn't have to have it enabled on the off chance.  The likelihood is that I won't know it exists until some pillock writes some crummy little virus to exploit a hole in code i never even wanted on my machine.

In terms of apps - what Mail client do you run on windows.  I recken there would be about a 90% or greater majority that will say either Outlook or Outlook express, similar numbers use IE as a browser.
IF I want to create a malicious webpage, which browser do i target - IE.  If I do the same for Linux???
 - kmail
 - evolution
 - moz
 - pine
and
 - konq
 - Moz
 - links
Where do I start?

>> which make it difficult for works to be effective.  Because so few
>> people use
>
>  > the same stuff...
>
> Why do they have to use the same stuff? What do you mean by "effective"?
>
> Rich
>

To be effective a worm needs do maximum damage - to do that it must find a large number of vulnerable hosts, all of which can be compromised in the same way, and use them to exponentially increase its rate of attack on the rest of the worlds potentially vulnerable computers.  That degree of automation is difficult to manage if there isn't a single main taget configuration.

With Linux a determined hacker could probably get through and onto my box, but why bother?  There is an easier box to break next door - the windows box which has been installed by PCWorld, DELL or someone else who churns out thousands of identical installs every day.  Not only can your hacker get that box, once he know how to break it he can write a tool that will break any box of the same install (many many boxes).

 - Breaking into my default linux install will yield one ADSL line and a few boxes behind it, with no valuable data.
 - Breaking DELLs default XP config will yield a few thousand DSL lines, and many many more boxes - some of which might have some fun data...