[Am-info] PDFS MAY POSE THREAT TO UNIX, LINUX
Roy Bixler
rcb@bix.org
Mon, 30 Sep 2002 14:37:30 -0500
On Mon, Sep 30, 2002 at 01:28:02PM -0400, Fred A. Miller wrote:
> PDFS MAY POSE THREAT TO UNIX, LINUX
>
> ~ (Source: InfoWorld.com) A security flaw in commonly
> distributed file-viewing programs may make it possible for
> attackers to use Adobe Systems PDF and PostScript files to run
> malicious code on machines using Unix or Linux, according to an
> advisory released by technology security company iDefense.
>
> http://www.linuxworld.com/go.cgi?id=741056
To bring this somewhat on-topic, it reminds me of a story I saw
today called "Honeymoon over for Linux users" at
http://www.vnunet.com/News/1135481
which makes the claim that there are more virii, trojans and security
alerts for Linux than for Windows. In fact, this article mirrors one
that appeared last year which was discredited when it was found that
the author arrived at his figures by adding the number of security
vulnerabilities in all Linux distributions for comparision against the
number of Microsoft security vulnerabilities. Once the double
counting was eliminated, Microsoft ended up with more vulnerabilities
that could be attributed to them than any one Linux distribution.
With the PDF vulnerability, he would (incorrectly) count it as a Linux
security problem but, if it affected the Windows version of the
program, he would (correctly) not count it as a Microsoft security
problem. The vulnerability only affects one program and not the
entire operating system. The VNUNET author has a pro-Microsoft bias,
can't count very well or both.
R.