
Coding Horror: Blacklists Don't Work - nickb
http://www.codinghorror.com/blog/archives/001009.html
======
kajecounterhack
Practical, real world example

\-------------------

1) Long ago: windows XP from 2002-2005 WITH Mcafee Virus protection, SpyBot
and Adaware on a computer thats junk now. By 2003, its so infested that spybot
and adaware can't do anything. Especially with "CoolWWWSearch." 2006: I used
xubuntu and made sure it ran well as a server up to now.

2) I used Ubuntu, from 2004-now. I've actually tried to catch a virus. Nothing
bad has happened to it. Oh wait, it has had things happen to it, like the
bootloader getting screwed up, but that was from installing something wrong.
Namely, a windows driver. And all I needed to do to right that was to use my
super grub disk. NEVER has it been from any site.

Can virus writers change OS's? Theoretically, yes. Practically, yes, they know
"everyone" (or everyone gullible) uses windows. Hell theres a good chance they
do. But even ignoring that, they'd have to discover an exploitable flaw in
linux (and in what flavor of it? what distro? many have different
architectures, some are bleeding edge...) and then they have to make sure
linux users even visit their sites or whatever. All that hassle to write
something...they dont/wont do it.

Not to mention the OSS community's insane patching speeds. And Mark
Shuttleworth is friggin awesome, hes been to outer space xDDD

Point being, as far as I go, the author is right in saying that any *nix has
been 100% effective against malware, and its not just because windows has
larger marketshare. Its because running as root is just DUMB.

But also point taken, people are always going to me infinitely more creative -
blacklists are a necessity of life, as long as you have windows and blog-
spammers.

------
SwellJoe
This is what I call the "Internet is HUGE" problem.

My previous company worked on a content filtering system for kids called
Penguin Feet. By the time we added 10 new domains to the blacklist, a 100 new
ones had sprung into existence. Blacklists will never win. (Whitelists are
marginally better.)

~~~
downer
Content filtering is completely different from book-cover filtering.

