New Linux Distros Insecure by Default?

← Back to Stories (view on slashdot.org)

New Linux Distros Insecure by Default?

Posted by timothy on Tuesday April 12, 2005 @11:17AM from the no-good-down-that-road dept.

An anonymous reader submits Two articles on Codefez and NewsForge review releases of Linspire 5.0 and Linare. Both these distributions let the user run as Root by default after installation, and don't prompt to set up a user ID. Is this a start of a new trend of 'dumbed down' Linux distributions that will damage the Linux reputation for security?"

6 of 122 comments (clear)

Min score:

Reason:

Sort:

Morons by Usquebaugh · 2005-04-12 11:25 · Score: 5, Insightful

I mean they have the chance to sell a reasonably secure OS and insted they do this. Hanging's to good for em.
1. Re:Morons by i_should_be_working · 2005-04-12 11:56 · Score: 4, Insightful
  
  if you don't like it don't buy it.
  
  Insecure computers affect us all. We have the right to be upset.
linspire by Pinefresh · 2005-04-12 11:38 · Score: 4, Insightful

Linspire has been doing this for awhile. They're trying to make newbies as comfortable as they can, but unfortunately they're doing it by emulating even the worst ideas of that other OS.
No by Bastian · 2005-04-12 11:43 · Score: 4, Interesting

Every linux distro I have used since Yggdrasil has done this. Red Hat 5, Slackware ninetywhatever, Mandrake, Gentoo, Debian, Caldera OpenLinux, SuSE. . .

I've settled down in my Distro-hopping, so the examples I used in most cases were over four years old (Yggdrasil most certainly was. :-), but in my experience it's standard practise to start the user off with a root account and make the normal user account optional, possibly with a little admonishment saying that you really shouldn't use root if you can avoid it.

None of them have ever spent much time explaining how sudo works and why you should use it.
Ubuntu got it right... by kisielk · 2005-04-12 11:51 · Score: 4, Interesting

I installed Ubuntu just the other week and was momentarily perplexed that I couldn't su to root. After some consultation on IRC, I learned that Ubuntu has no root account by default, and you can access things you'd normally do as root by sudo, and applications requiring root just ask for your password. As I understand it, this is similar to how it works in OSX. In my opinion, this is the right direction to go in for single-user machines such as home desktops. Of course, stupid users will still type their passwords in when malware prompts for them, but that's more of a user education issue than anything. I can't really think of any way off-hand to give home users the power they need to install apps while still preventing trickery like that..
1. Re:Ubuntu got it right... by adric · 2005-04-12 13:11 · Score: 5, Informative
  
  After some consultation on IRC, I learned that Ubuntu has no root account by default
  Not quite. Ubuntu doesn't set a root password by default, which leaves the account locked (to interactive logins), but it's still very much present. The traditional behaviour can be restored simply by running the passwd command via sudo.
  
  --
  not plane, nor bird, nor even frog...