Correcting Common Linux Misconceptions?

abolishPenguinPhobia asks: "I am a teacher at a comm. college and was looking to install Linux on a couple machines for students to use. I figured since the students have to learn *nix anyway they might as well have access to some Linux machines. Anyhoo...I was told by the network administrator that the linux machines were not to be connected to the network for fear of viri, DoS attacks, and so on. My question for the /. community: Why do people fear Linux? It seems to me that people are misinformed that Linux is only a 'hackers' OS. How can we change this?" This is only one of the common Linux "myths", and there are several more where these came from. Is there a central clearing house of such myths and intelligent efforts at debunking them somewhere online?

For their own protection...

[phamlen]

I'm sure he was suggesting they stay off the network for their own protection. After all, there are a LOT of viruses on Windows networks - especially if you're running Office.

It's nice of him to try to keep the Linux boxes safe - but he shouldn't worry. They're strong enough to surive even in such a dangerous environment.

Reasoning?

[JMZero]

Was his fear based on Linux, or on the simple desire to limit the diversity of machines on the network. Security is easier to administrate when you limit yourself to a certain selection of OS's and products. He may even understand that Linux is typically very secure.

I know my company often denies requests like this not out of fear of something, but of fear of _another_ something.

Re:Reasoning?

[JMZero]

Security is better with multiple servers, simply because there are some exploits that require multiple services on the same machine. I'm not sure why you think multiple OS/hardware setups will make things more secure. There's plenty of ISP's that had one Solaris install, and that was the machine that got broken by sadmind exploits a year ago. That doesn't mean the Solaris box was less secure than the NT machines in the rest of their building - it means that sys admin time/knowledge was focused on another architecture and this left a hole.

Security isn't necessarily going to be worse when you add a mix of systems. Security may get better, if you add a more secure box in place of a less secure one - and you have the resources to administer all the types of systems you have.

However, because it's harder to administer, there's good odds it will be less secure in the end.

Re:Misconceptions? Here's my take:

[gi-tux]

I disagree with your take. I use both Windows (unfortunately) and Linux (fortunately). I have less trouble deciding what to use on Linux than on Windows. With Windows I can't afford to make a mistake due to the cost of everything. When you are talking about spending several hundred dollars for Office versus one hundred dollars for Anyware 2.0 Desktop for Linux (from Vistasource) the decision is much easier. I can buy several different packages for Linux to find the parts that work for me.

I can even go find Star Office (from Sun), or KOffice (from KDE), or Gnome Office (from Gnome) for free.

And being a System Administrator for many years, I know how to secure a system, either a Linux/Unix system or a Windows system. Unfortunately neither Microsoft nor most of the Linux distributions (until recently) came very secure. Both have gotten a little better with recent releases. Unfortunately, it takes several years to get the older machine out of the loop. Given the fact that you can go to CompUSA or Best Buy or many other stores and get a new Linux distribution for under fifty dollars while a Microsoft OS will cost several hundred dollars, more folks are likely to upgrade their linux distributions. This doesn't totally fix security problems, but it does help get rid of some of the issues.

While there may be personal agenda behind some open source software, there is a much worse agenda (IMO) behind Microsoft. Have you tried to find a competitive office suite recently? What has happened to web browsers? Where are the email programs that used to be out there? What about development tools? It is beginning to be like a song I remember from way back when "I owe my soul to the company store".

Someone from Mircosoft once called Linux a virus, it seems to me that Microsoft is more of a virus as it is killing off everything else. At least with Linux you have choices. They may not all be good and they may not have all the features, but there is usually a choice.

Reasons

[uslinux.net]

My old employer used to be the same way. They didn't want non-NT systems on their network because those systems allowed "too much control and access of the network and its resources". Essentially, they were afraid Linux was too powerful, and that users might be able to compromise an NT system by using a Linux system. Yes, as bizarre as it sounds, that was their reasoning. I suppose it was more than NT, as insecure, bug ridden, and exploit prone as it is was at least a known quantity - something they could patch the hell out of and continue on their way.

It's funny, you'd like gov't defense contractors dealing with classified information would WANT a more secure OS...

Re:Somewhat true, but still is a myth

[gi-tux]

Yes, the word 'hacker' is usually used when 'cracker' would be better. With a properly configured Linux/Unix machine, you can really restrict users. In the past, I have seen some that were locked down almost as tight as an IBM mainframe using RACF.

While the standard permissions set on Linux/Unix isn't as rich as the ACLs on some other OSes, the capabilities are much more versatile. For instance, most Unix systems have rsh (restricted shell) that will completely lock down the programs to which the user has access. With rsh as their shell, they can't even execute a command if they know the full path to it.

On most Unix systems, services can be locked down with limited access. On all Unix systems, services can easily be turned off. With no services running, you don't have to worry about being attacked nearly as much as you have no doors or windows (no pun intended).

Common Linux Misconceptions:

[Webmoth]

Myth: Linux is a "hacker's OS"
Rebuttal: There are more well-known, well-*cough*-exploited security holes in *cough* Microsoft Windows *cough* than in any *nix. This makes it appear that *cough* hackers *cough* no, crackers, *cough* are more interested in cracking *cough* Microsoft Windows *cough* than Linux. (Please excuse my *cough* hacking, I have junk in my *cough* throat.)

Myth: Linux is hard to set up.
Rebuttal: No harder than setting up multiple simultaneous users and desktops under Windows 95.

Myth: Linux has no support.
Rebuttal: On the contrary, my Linux server is sitting on a concrete block as we speak. I set my Win2K server on the edge of my beanbag chair and it crashed immediately. On to the floor, I mean.

Myth: Linux is not ready for the desktop.
Rebuttal: In my new office, I will have a Linux box sitting on the floor on each side of me. A large sheet of plywood will lay across the tower cases, on which I will set my monitor and keyboard.

Myth: Linux is hard to use.
Rebuttal: Bicycles are hard to use, too, if you've never ridden one before. Windows probably was the first time you used it. It's just a matter of having patience, learning, trying, experimenting, and falling over a few times, getting up, dusting off, a couple of stiches here and there, you'll be good as new. And you'll have learned something.

Myth: I don't have time to learn Linux.
Rebuttal: You have time to wait for your Winows box to restart 10 times a day.

Myth: Most Linux advocates are zealots.
Rebuttal: All. (Just kidding)

Myth: The command shell is obsolete.
Rebuttal: The command shell is ugly. It's also extremely useful when you screw up your window manager or need to administer the system remotely. vi from the command line, you can change the configuration very much more efficiently than from a pretty window. You've also got access to every configuration parameter this way. Nothing beats the command shell for a quick connection to your mailserver to check your mail when you don't have time to wait for Outlook Express to open, download all your messages, render and display the HTML, ad nauseum.

Myth: Linux is hard to configure.
Rebuttal: Learn how to use a vi. In Linux, every option can be changed with a text editor. In Windows, you might get lucky in the Registry Editor -- if the option is there, if it's documented, etc.

Might not be that easy.

[Remote]

Ive been trying that for 2 weeks now. Not that our netadmin wont let me hook up a Linux box, just that the hub in our location is all taken up!

Hows this Win machine supposed to route packets? Win 9.x doesnt do that, I dont know about ME or XP.

Assumming he has a NT Workstation: how to find a subnet range that wouldnt conflict with the rest of the campus? How to tell other routers about the new subnet without the netadmins consent? And he would need at least Windows NT *Server* 4.0 to do DHCP relay to the small net.

Unless you know something I dont, in which case Id be more than happy to learn! ;)

Re:Might not be that easy.

[ninewands]

Hows this Win machine supposed to route packets? Win 9.x doesnt do that, I dont know about ME or XP.

Beginning with Win98SE, there is an "Internet connection sharing" component available in Windows that is a crude version of a routed/NAT protocol.

Assumming he has a NT Workstation: how to find a subnet range that wouldnt conflict with the rest of the campus?
Assuming this network is a typical university network, all the machines probably use public IP addresses. Pick a subnet from those allocated for private networks (e.g. 192.168.*.*) and use NAT on the gateway.

How to tell other routers about the new subnet without the netadmins consent?

With NAT, all your admin will see is a single IP address ... that of the gateway box. The address translation will be done in that one machine.

This is basic TCP/IP networking.

Re:Might not be that easy.

[Remote]

This is basic TCP/IP networking.

OK. Im not a network engineer, rather a do-it-yoursefer. Not that the netadmin wouldnt help me, hes fine, just that he is absurdly overloaded and I dont think its nice to ask him to spend any of his time so as I can browse in my Linux notebook because my NT machine swaps too much.

We have more than 30 LANs, all in a private address scheme. But now that you mention NAT, that shouldnt be a problem... Ill check tomorrow if the service is running.

But I just came accross this:

"IP addresses are not permitted to have the value 0 or -1 for any of the , , or fields (except in the special cases listed above [relating to broadcast or network addresses]). This implies that each of these fields will be at least two bits long." [RFC 1716, Almquist & Kastenholz, p.45]

In one of my early attempts I tried to sub-subnet and used 255.255.255.64 as a subnet mask. The NT machine didnt complain (no surprise) so I left it that way but I dindt pay much attention to the output of ifup in the notebook. That may be part of the problem.

Responding to the ignorant

[ninewands]

...I was told by the network administrator that the linux machines were not to be connected to the network for fear of viri, DoS attacks, and so on.

There are over 15,000 viruses documented that are active in the Windows environment. I am only aware of two that can infect a Linux box, and the damage they can do is minimal if users aren't permitted to install executables in their $HOME directories. Linux boxen ARE popular targets for crackers because they have a fully implemented IP stack that allows forging packet headers for DoS attacks against other computers, but a little thought given to the job of locking the box down can prevent that. Of course, this particular "advantage" to cracking Linux boxes is going to disappear as the home version of Windows XP becomes more common, since Windows boxen are MUCH easier targets than ANY flavor of n*x is. As for the "and so one," all I can say is "etc."

Why do people fear Linux?

Because it's easier to say "No" than it is to learn something new.

It seems to me that people are misinformed that Linux is only a 'hackers' OS.

But, but, but ... this is true. Linux users eventually become hackers ... however, they almost always become white-hat hackers.

How can we change this?

Hit 'em with a clue-by-four? I don't know the answer to this ...

This is only one of the common Linux "myths", and there are several more where these came from. Is there a central clearing house of such myths and intelligent efforts at debunking them somewhere online?
Although the comments are really aimed at the embedded OS space, a lot of what was said in the responses by Lineo and LynuxWorks to Microsoft's white paper on the subject of Windows XP Embedded also applies to the desktop.

Here's a bright, although somewhat backwards way to subvert your admin's thinking process. Get a handful of PCs and install Linux on them, then connect them to the network through a Win2K box configured as a gateway. That way you can point out how the Win2K box is "protecting" (teeheeheehee) his network from those "renegade Linux boxen. I would submit to you that after about six months go by without ONE of the Linux boxes being cracked, he/she might have to develop a sudden appetite for crow.