Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Linux Distros Insecure by Default?

Posted by timothy on from the no-good-down-that-road dept.

An anonymous reader submits Two articles on Codefez and NewsForge review releases of Linspire 5.0 and Linare. Both these distributions let the user run as Root by default after installation, and don't prompt to set up a user ID. Is this a start of a new trend of 'dumbed down' Linux distributions that will damage the Linux reputation for security?"

10 of 122 comments (clear)

  1. Morons by Usquebaugh · · Score: 5, Insightful

    I mean they have the chance to sell a reasonably secure OS and insted they do this. Hanging's to good for em.

    1. Re:Morons by i_should_be_working · · Score: 4, Insightful

      if you don't like it don't buy it.

      Insecure computers affect us all. We have the right to be upset.

  2. linspire by Pinefresh · · Score: 4, Insightful

    Linspire has been doing this for awhile. They're trying to make newbies as comfortable as they can, but unfortunately they're doing it by emulating even the worst ideas of that other OS.

  3. Somewhat old news by stoborrobots · · Score: 3, Informative

    Linspire (formerly Lindows) made that decision a long time ago, and it has been brought up on Slashdot many-a-time...

    A quick search reveals this article from 2003 in which the founder of Lindows states his case for the matter...

    And this review from 2002 (linked to by /.) also noted this problem...

    --
    "Go to CNN [for a] spell-checked, fact-checked summary" -- CmdrTaco
  4. No by Bastian · · Score: 4, Interesting

    Every linux distro I have used since Yggdrasil has done this. Red Hat 5, Slackware ninetywhatever, Mandrake, Gentoo, Debian, Caldera OpenLinux, SuSE. . .

    I've settled down in my Distro-hopping, so the examples I used in most cases were over four years old (Yggdrasil most certainly was. :-), but in my experience it's standard practise to start the user off with a root account and make the normal user account optional, possibly with a little admonishment saying that you really shouldn't use root if you can avoid it.

    None of them have ever spent much time explaining how sudo works and why you should use it.

    1. Re:No by aonaran · · Score: 3, Informative

      That is what I liked most about Ubuntu.

      It ships with the root account DISABLED!
      It threw me off at first, but the documentation clearly explains how to use sudo and why they decided it is better to set up the first user as a sudoer rather than set up an active root account and a dumbed down user account for day to day stuff.

  5. Yes! by Stevyn · · Score: 3, Insightful

    One of the best things about linux is ordinary users don't have write access to the entire computer. This means that if one day linux malware does become a problem (as Microsoft predicts), then it will only affect individual accounts and not the entire computer.

    Aside from malware that probably doesn't exist yet, it's still a good idea to have a window pop up or a console to prompt you for a root password because it lets the user know the action they take may harm their computer. It also hinders mistakes like deleting necessary files from happening accidentally. Security should be the main concern of a computer connected to a network or in an area more than one person can use. This enforces that concept and can greatly protect a computer than if it was always running as root.

  6. Ubuntu got it right... by kisielk · · Score: 4, Interesting

    I installed Ubuntu just the other week and was momentarily perplexed that I couldn't su to root. After some consultation on IRC, I learned that Ubuntu has no root account by default, and you can access things you'd normally do as root by sudo, and applications requiring root just ask for your password. As I understand it, this is similar to how it works in OSX. In my opinion, this is the right direction to go in for single-user machines such as home desktops. Of course, stupid users will still type their passwords in when malware prompts for them, but that's more of a user education issue than anything. I can't really think of any way off-hand to give home users the power they need to install apps while still preventing trickery like that..

    1. Re:Ubuntu got it right... by adric · · Score: 5, Informative
      After some consultation on IRC, I learned that Ubuntu has no root account by default
      Not quite. Ubuntu doesn't set a root password by default, which leaves the account locked (to interactive logins), but it's still very much present. The traditional behaviour can be restored simply by running the passwd command via sudo.
      --
      not plane, nor bird, nor even frog...
  7. stop thinking like an expert by bug1 · · Score: 3, Insightful

    A clueless newbie should never consider there OS to be secure, they dont have the knowledge to make a judgement on it.

    Maybe a lot of the demographic this distro is targeting doesnt even know what root is.

    Plus, there is a saying (from the *BSD folk i think) "without physical security there is no security"

    Get a bit of perspective, you need knowldege to have security, its not just a configuration issue.