You seem to be implying that there haven't been any exploits for Unix systems for the past 13 years. If so, you're horribly mistaken. Sendmail, BIND, rpc.statd, and wu-ftpd are all daemons that seem to be a perennial source of root exploits. But even "secure" servers like apache, exim, fetchmail, commercial ssh, etc. have also had security holes recently. I'd wager there's few programs written in C that haven't had a buffer overflow or printf attack at one time or another.
It's necessary to assume that there are security holes in everything you run, and act accordingly. Checking daily for new security patches alone will do a pretty good job of protecting you (although it shouldn't be relied upon exclusively). Virtually every worm out there, regardless of target platform, exploits security holes that have been known about for quite some time. Microsoft had released a patch for IIS six weeks before Code Red started spreading. All those systems affected were being run by admins who were either too lazy or incompetent to install the fix beforehand. Linux worms like lion, ramen, and adore likewise exploited known holes in BIND, rpc.statd, and the like. Heck, even the Morris worm only infected systems running old versions of sendmail or fingerd.
To me, it seems like most of us haven't learned very much over the past 13 years. Sure, it was IIS this time, but there's no reason to believe it won't be a hole in your six-month-old unpatched Apache, or some service you've never heard of running by default on your fresh-out-of-the-box Red Hat/Slackware/Debian/other distro install. (Yes, lots of people are still running unpatched Red Hat 6.2 boxes will all default services still running. *shudder*)
Snickering in the corner at Micro$oft [sic] only ignores what the real problem is.
Hey! Why aren't you all dead yet?! Oh, that's right, it's only Tuesday. -- Zorak
[ Parent ]