SPM stated a huge amount of misinformation in this thread that I had to register to set straight.
There haven't been any successful viruses yet running on any Unix like OSs (Unix, Linux, OSX, FreeBDS) - not even one to date. That is in more than 30 years of existance. By successful viruses, I mean those that have actually spread successfully in the wild. Viruses have been written for Unix like OSes, but because being network OSes, security has always been more stringent than Windows, and that has prevented them from successfully spreading.
The number of viruses on a system is not a measure of its security. There have been plenty of security issues in the history of *nix which have led to system compromises. Viruses have never been popular in the *nix world, but there have been plenty of individual exploits, which are fast becomming the method of choice for commercial hacks.
With Unix/OSX/BSD/Unix, you can exploit coding bugs such as x86 stack buffer overflows to gain root access (worms), but once that bug is fixed, that vulnerability is fixed for good - unlike Windows where a virus vulnerability remains for good because it exploits part of the Windows security model (or rather lack of it) and can't be fixed. In other words virus vulnerability in Windows is down to faults in the Windows security model itself (which can't be fixed without breaking applications) rather than faults in the code (which can be fixed). Hence the virus can come back if you don't install an anti-virus tool on Windows, while that doesn't happen in Unix like OSes.
This whole paragraph is bunk. Are you implying that if you fix a BO in Windows that it isn't fixed? A fixed exploit vector is a fixed exploit vector regardless of OS. You're also completely misrepresenting what a virus scanner does. Virus scanners only help to intercept known exploit payloads. Another exploit of the same vulnerability will easily pass a virus scanner regardless of OS. Security concepts are platform neutral.
One other thing - stack buffer overflow vulnerabilities - which make up the majority of security vulnerabilities are due to a peculiarity of processor architecture. On x86, it happens because the return address on the stack isn't protected against being overwritten by applications accessing local variables on the stack. This is not true of all architectures. Some non x86 architectures are immune to stack buffer overflow because the stack is protected. I am not sure about this, but It is possible that in the Power architecture, it is protected, in which case the PS3 would also be almost immune to worms as well.
Let's get something straight. Stack-based buffer overflow's are a rapidly *decreasing* piece of the pie. The majority of security vulnerabilities are the user setting at the keyboard who runs a malicious EXE on the promise of naked pictures of Britney Spears. Once you clear that ground, the most common vulnerabilities varies substantially based on application. You didn't even mention SQL injection, which has nothing to do with the platform and is one of the more common exploits nowadays.
Finally, Unix like OSes can be vulnerable to trojans (ie. programs the user is fooled into installing). However even these are easier to prevent on Unix like OSes, because applications and data, and system and user areas, are very rigidly separated in Unix like OSes, and it is possible to prevent programs running in user writable directories by mounting those as no-exec. Executables cannot then be run from those directories no matter what the user does.
You obviously know nothing about Windows then. The concept of the seperation of root vs user is common to all operating systems. If anything, the most significant difference between *nix and Windows is that Windows users are more likely to be running as Administrator. If you don't run as admin, a large number of the most damaging exploits of the last 5 years wouldn't impact you exactly because user-mode processes can't do a lot of things.
That said, a user-mode exploit is equally capable of stealing your personal information and trashing your data and documents on both *nix and Windows. If you can read the data, so can an exploit payload running under the same level of privilidge.
But your machine can't be infected without superuser rights, and you can even prevent applications from running in user writable areas of the filesystem if you want. The virus/trojan has to get onto your machine and be run in order to infect other machines. You can of course piss off Windows users by relaying on Windows viruses, although your machine might not be affected.
This is absolutely wrong. Your machine can easily be infected by a user mode process. You don't have to be a superuser to create a process or to write to most of the file system.
Macro-virus vulnerability is an issue however as is running IE with activeX. If you are running MS Office or IE under WINE/Codeweavers (which can be done) then there might be a problem, but the damage would be limited to the sandbox WINE/Codeweavers is given write access to. There could also be a problem with macro viruses on OpenOffice if OpenOffice decided to implement a slack security model like MSOffice which allowed macros to run automatically. So far though there have been no macro viruses on OpenOffice.
What year are you living in that Office runs macros by default? That hasn't been the case for a couple of releases now. Most of the vulnerabilities in Office over the course of O2k3's lifespan were file fuzzing issues (which have exposed buffer overflows, integer overflows, heap overflows, trust-based exploits, and all manner of issues in almost every application known to man since its rise in popularity). OpenOffice is no more immune to fuzzing attacks than MS Office.
On Linux/Unix only superusers can open port numbers below 1024, which prevents users masquerading as a server if you stick to ports below this number for servers. Using iproute and netfilter, you can also easily block services across a range of ports going out of your machine (eg. blocking smtp port 25 traffic going out of your machine from ports above port 1023 to stop spam trojans sending out emails), and you can even tag packets by user id and filter those in very sophisticated ways using netfilter (eg. you could block all packets from user "guest" going out to the Internet or from initiating new connections to a specified set of internal machines/ports).
Wait, you're trying to say that no server uses a port under 1024? Ever heard of relay-proxy attacks? You open a high port, and proxy through another machine which redirects to the default port for whatever service you're attempting to exploit. This sort of thing is a false sense of security. If an exploit is running on your machine, the fact is that it's already too late. Your machine is compromised and any subsequent attempts to block ports from being opened by users are too late.
You have always got this to fall back on. However it is mainly Microsoft who insists on using silly supposedly ease of use security flaws like having Outlook and Office run macros automatically, putting a backdoor like ActiveX into Windows etc. If Linux apps don't copy these "features" then the main vulnerability is plishing.
As I mentioned already, there is no piece of MS software that runs macros automatically by default. I don't know why you think it's the case, but you're absolutely wrong.
ActiveX is a solution to a technical problem. It's original implimentation was certainly far too trusting, but in case you haven't noticed in XP SP2, the user has to explicitely opt to run ActiveX controls. If you allow an ActiveX control that you don't trust to run, then you have only yourself to blame.
Second, you're absolutely wrong that the main vulnerability in *nix is phishing. The more prevelant vulnerabilities are exactly the same ones as in Windows.
Please actually try to get a real understanding of the modern security landscape before making posts like this in the future.
