80% of all servers run on Linux. Yet, most of the successfully hacked servers are Windows based.

Package manager or application store. Yes, trustworthy.  Even Macintosh is implementing an app store. So windows will be the last one to do this. Linux rules.

I like Linux more and more...

exactly don't install software from untrusted sources. i trust the package manager in ubuntu. when using windows it's a crapshoot

and also remember that if canonical like your software they place it on there server to keep it from being download from other source

Alot of your stuff in the 2 videos are correct. But you failed to mention that it is much harder to create a virus for Linux Based Operating Systems because of the many flavors of Linux. Plus a user has to tell a program to run in Linux. Where Microsucks Winblows will run things with out the user knowing about it. Because of this it is easier to catch viruses in Linux then in Winblows.

I think I get what you are saying Commodore256, and it is a valid point. It could be that the way to fix that problem is to force the web browser makers to prevent flash content from being embedded in a window without a sign that it is flash content. It's a problem with identifying valid contexts. Noobs can't tell if what they are seeing a virus warning from their operating system or a phish from their browser. Maybe firefox on Ubuntu shouldn't be permitted to install DEB's from the browser.

@kiernanholland I agree with your video somewhat. The only thing I feel it fails to address (drive by malware). You are correct that executables for windows can be hijacked etc. and a malicious payload inserted to spread malware, but since I have done malware and exploit analysis for fun, I can tell you there are sites out there right now that you can just visit which will use a java or browser exploit and allow a hacker root command line access to a system just by visiting the web page

@kiernanholland PART 2. If it were say a Java exploit (frequently is) then that exploit would work on Ubuntu too....there's just one problem. The payload/shellcode. Shellcode for windows would give the hackers access to the remote system if they were using windows but NOT LINUX. Why? Shellcode for linux would need to use the terminal which is of course possible but why would a hacker bet on that? Most people use windows so my payload via my java exploit should be made for windows not linux

See on Windows you have only one way to install software.. With single files. And Windows will not verify the correctness of the file nor be able to determine where the install came from. Because of this, there is always the risk of obtaining malware. However if you have a downloader, like Steam or EA Downloader, there is no chance for malware unless Valve or EA had an intent to provide malicious software. This is the way it is with Ubuntu's package manager.

You have to look from a perspective from a computer noob. (most people)

You're a programmer, I bet if you tried hard enough, you could make a virus in a form of a deb and I'll install it in virtualbox. You could make it a startup program and when it reboots it will ask for your password to "remove a virus" and mess with system files.

If all of those people switched to Ubuntu, they would still fall for the same tricks.

@commodore256

I think where your reasoning fails is here.. You think that people on Ubuntu go and download DEB files from websites, and install them in Ubuntu. You can do this, but the easier way to get software for Ubuntu is to use something like synaptic package manager, that downloads the package from a mirror and runs a signature check to see if the file has not changed since it's initial distribution. If it has not, it has no malware, unless the original author had malicious intent.

@commodore256

However you run the risk with Windows with all installs, because they are almost always executable installers. Even the installers that install the EA Downloader and Steam, come as executables that you must install. Windows doesn't have a builtin package manager that searches for, downloads and installs software. If it did, you wouldn't need EA Downloader, or Steam or such. But it can't because vendors like EA and Valve are competitors of Microsoft, so it won't happen.

@commodore256

DEB files are archives.

ZIP files are archives.

Neither contain any executable scripting code.

For Ubuntu's package manager to be vulnerbable, it would need to provide an instruction set to the DEB packages, that could be used to control the computer. That would be stupid of debian to permit that. Also the package manager comes peinstalled on Ubuntu, along with information about where to download the software and verification signatures for those distributing the packages.

@commodore256

For the Ubuntu debian package manager to permit malware in it's installation process it would have to execute the packages. And it doesn't do that, the packages merely tell where to put files and what dependencies the package has, like which version of GD library to get, and such. Also where you obtain the packages from is through a trusted channel, Canonical's Ubuntu distro. Just getting a file from a known site is not enough, it has to be verified correct against the distro.

@commodore256

Maybe what I'm saying is not correct.. That Ubuntu can't have viruses, that linux can't have viruses.. Yes it is possible.. It's just a lot less likely that a linux user will have a virus than a Windows user because Windows does not provide a process by which to download and install software with complete accountability and validation builtin. However it is possible to obtain malware if the distribution of Ubuntu (the ISO you got) had malware in it. Read up on "MD5" Commodore256.

If the Virus gets root access, it can delete the install logs, an an apt line, change apt (because it's open source and Viruse makers don't care about GPL Violations and the server will be traced to china or something) so their version of apt won't do the validation.

You only need to be root once and websites have tricked 2 of my relatives were tricked into this "Security Tool" scam and if a website says "a virus has been detected", the average computer user will believe it.

@commodore256

You are arguing if a virus can be made for Linux. I'm arguing that to get a virus on linux you'd need to execute something that comes from somewhere untrusted. If you use an accountable process of downloading and installing software, via the package manager Ubuntu uses, you will not get malware because you'd need to prove yourself worthy to Canonical, before even getting your software into the Ubuntu repository.

@kiernanholland I'm arguing that if their computer says "you have 32 viruses", they will do whatever their computer says to get rid of it.

and that's why Windows users get viruses, most computer users are easily tricked and they trust everything that their computer says.

@commodore256

I'm puting up another video that explains why Ubuntu users would not be susceptible to phising. The clue.. How many windowing contexts does Windows provide.. Like 3? Classic, Chrome and XP? Then you have Windows 7 contexts.. Those will be the ones used. In Ubuntu you have about 30 themes.. Although much of theme look alike, it would be harder to direct a seemingly valid requester saying you have 32 viruses, to a Ubuntu user than directing at Windows.