On Sun, Feb 23, 2003 at 06:32:57PM -0800, J C Lawrence wrote:
> Which ignores the point. Such viral operations require large
> monoculture populations to be created, and to survive, and further, no
> matter what happens with OS popularity the power curve laws define that
> one will be overwhelmingly popular and thus a ready host and market for
> such attacks and exploits.
But if that's the case, why haven't we seen another sendmail-transmitted
virus/worm in the ensuing 15 years? From roughly 1988 to roughly 1998,
it approached a monoculture -- and although postfix/exim/et.al. have changed
that since, it still moves a big chunk of the 'net's mail.
Similar comments could be about, oh, BIND and Apache, which occupy big
chunks of their software space.
And yeah, we see attacks against all of them, and occasionally exploits,
but none of them have been anything like the Morris worm or the much
more recent MS SQL worm. (Could that change tomorrow? Sure.)
(Interesting question: are there more instances of sendmail or MS SQL
reachable from the Internet? I have no idea what the answer to this is.)
I'm not disagreeing about monocultures: I've read enough S.J. Gould
to get the point. ;-) But I'm not convinced that all monocultures
are equally susceptible. I suppose that's hard to quantify, though,
Please do not CC me on copies of messages sent to this list.