Slashdot Mirror
Michael Robertson Says Root is Safe
Kez writes "HEXUS.net caught up with Michael Robertson, CEO of Linspire, at the UK launch of Linspire 5. Their interview with Mr. Robertson covers everything from hardware support to software patents, but a comment from Mr. Robertson on using root is perhaps the most interesting: "I defy anybody to tell me why is it more secure to not run as root. Nobody really has a good answer. They say 'oh, yeah, it is!', but it really isn't." I would imagine a few Slashdotters would dispute that."
- Any exploitable program you run as another user will still need a local escilation exploit in order to do anything harmful. Running something like apache as root, and any vulnerability in programs such as phpMyAdmin will make your whole server go poof.
- rm -Rf / as nonroot will make you give a sigh of relief. As root will be your nightmare.
- ActiveX and a lot of spyware is contained in windows when running as non-administrator. It's running as admin (like most people do), that cause the majority of problems with things.
This kind of talk is pandering to the lowest common denominator of user. Honestly, I feel users SHOULD learn a little bit about privileges before being handed the machine, and clicking on that file attachment.I know Slashdot attempts to soundbite things just like any other modern news media, so I'll quote:
Here's why: What's the most important thing on your desktop? It's the data. If someone gets access to your libraries or whatever, who cares? Your data is the most precious thing on your computer. And whether you log in as root or log in as user, you have access to that data, technically anyone who's compromising your account has access to your data as well.
MySQL, for instance, runs as a separate user. If I so desired, I could limit the login / password for my MySQL account to only allow row INSERTs and SELECTs, but no DELETEs or DROPs. If someone were to break into my account, they could see my data, but at least they couldn't delete from the table. As root, they could stop and start the actual service, and wipe out the whole directory for that matter.
I generally see what he's saying about data being king. But if your data is that important, you'll have other safeguards for protecting it, typically via (dun dun dun), user management! For instance, keep your accounting files under a different user, home directory chmodded to 700. Stuff like that.
Then you could say "Well, it's not really about your data, it's that people could accidentally mess things up!". Well, you could accidentally drive into a wall as well, it doesn't mean we should make all cars drive at 10 miles an hour. So, I don't see the added benefit.
Cars happen to have seat belts. Roads also have speed limits, so this analogy is flawed.
The best way for Linux to break into the market isn't to emulate windows entirely. The best way is to take the best of what windows has to offer, and augment it with the best of what Linux has to offer. After all, look at Firefox. Firefox didn't choose to adopt ActiveX, or adopt Microsoft's proprietary style transitions, or render CSS in the same broken way, right? Neither should Linux, or in this case, Linspire.
/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
Michael: I think, like everything, it's a question of balance. Ease of use, versus security. I defy anybody to tell me why is it more secure to not run as root. Nobody really has a good answer. They say "oh, yeah, it is!", but it really isn't. Here's why: What's the most important thing on your desktop? It's the data. If someone gets access to your libraries or whatever, who cares? Your data is the most precious thing on your computer. And whether you log in as root or log in as user, you have access to that data, technically anyone who's compromising your account has access to your data as well.
Techincally it's gaining control over your system without you knowing it and running exploitable programs as root makes that easier. If the hackers get access to your libraries, programs, etc, they can do far more damage to you by sniffing your data w/o your knowledge. Hackers aren't going to just steal your data and run. If they can gain easy access to the system they are going to modify it and snoop everything and keep getting what they came for.
Michael: Then you could say "Well, it's not really about your data, it's that people could accidentally mess things up!". Well, you could accidentally drive into a wall as well, it doesn't mean we should make all cars drive at 10 miles an hour. So, I don't see the added benefit. I DO see it's an added pain in the ass when grandma tries to change her wallpaper, and it tells her "you don't have root privileges". What are you talking about, man? I'm just trying to use my computer, or change the clock, or any one of a hundred other things. So, people always say "it's less secure", but I defy anyone to point out a single instance, and people all go "Well, I, erm, it's theoretical!". There's no one area I think you can point out - In this instance, a machine that's run with the root user could be compromised, in this instance one couldn't be compromised.
I am in no way a master of Linux/UNIX and I never claimed to be but even I know that if you are exploited while running something as root more damage can be done to a lot more services, files, etc, than if you were just running it as a user. It's not theoretical. It's fucking very real and it's idiots like this guy that make it easier and easier for more zombie boxes to get out there. Look at Windows... Yeah, no, we don't need Linux to end up like that too.
I want to know who the hell this guy is talking to that don't give him a valid argument. I have a feeling they are and he isn't listening.
Michael: I know the hardcore geeks feel differently, that's fine. When somebody installs Linspire, we say "do you want to set up users, yes or no", we give them the choice, right there when they start up for the first time. If they want to set up multiple users, they're welcome to do that, but we don't force them to. That's the difference we have.
It shouldn't even be a choice. Prompt for a password (like OS X) when something that needs root privledges runs. If it has succeeded with the Mac then it can with Linspire users too. If you are so concerned about making the users have a positive Linux experience rewrite the dialog boxes when they ask for "root priveledges" so that they are human readable. Don't just eliminate it and say that there's no valid reason not to. Taking the easy way out doesn't solve the problem.
Since when is Michael Roberson a trusted source? He's an asshole that's just into pushing the envelope and making waves (remember Lindows and MP3.com?) Right now he's doing exactly the same thing. "See, those Linux users are trying to make it hard for the layperson to use "their" OS and I'm trying to make it easy. Listen to me! I'm trustworthy!"
Not running as root works like this. Your data is no more inherently safe than it is when you /are/ running as root, but nobody ELSE'S data will fall prey to your screwup, nor will the central integrity of the system. (For granny, this means that grandson Billy can ssh in, recover this morning's backups from the write-once partition, and she can keep going, having lost minimal data.)
Running as root is like pointing a loaded gun at everyone just in case they're a criminal.
Not running as root is like fastening your seat belt. Sure, you're not intending to get in an accident...
Running as root is like driving down the highway with your hood open and your oil cap off.
Not running as root is like locking your door when you leave.
Running as root is like posting to slashdot without reading TFA. :)
This flies in the face of science.
You've got to be kidding me. Is this just a big troll or is this guy actually that ignorant? Who the hell has he been talking to anyway? The reasons for doing day-to-day things as a non super user is one of the most basic security concepts ever. Even my parents understand this. The reason you don't run everything as root is to avoid COMPROMISING THE ENTIRE MACHINE if some random application has a vulnerability. You don't want each and every little program you run to potentially allow someone to gain full access to everything on your computer. Not to mention protecting the computer from the application itself. I don't want some poorly written piece of software accidentally deleting important system files or some other user's data. And how about protecting the system from the user themselves? How many people here have accidentally rm'd a bunch of important system files (or all of / for that matter) on accident? I know I have and I consider myself a very careful person when it comes to such things.
C'mon... How fucking retarded can you be?
He does _almost_ make a good argument for his case though...
Here's why: What's the most important thing on your desktop? It's the data. If someone gets access to your libraries or whatever, who cares? Your data is the most precious thing on your computer. And whether you log in as root or log in as user, you have access to that data, technically anyone who's compromising your account has access to your data as well.
That statement does have some merit but it definitely isn't always true and even then, I would much rather compromise only my data than have someone gain access to the entire system. If they only get my data, that's all they get. If they gain access to the entire system there is no limit to what they can do... What if they want to setup a very well hidden rootkit and snoop around on my box (watching traffic, capture credit cards, etc. etc.) for as long as possible? Not to mention multi-user systems... A compromised super user gives them full access to EVERYONE's stuff.
And of course, after he says something nearly sensible he goes on to completely shoot himself in the foot by making another completely ridiculous challenge...
So, people always say "it's less secure", but I defy anyone to point out a single instance, and people all go "Well, I, erm, it's theoretical!". There's no one area I think you can point out - In this instance, a machine that's run with the root user could be compromised, in this instance one couldn't be compromised.
What world does this guy live in? Is he completely surrounded by idiots? Remind me never to go anywhere near Linspire.
I would agree. The OS is not the problem, it's the user. The same thing applies to Windows. Using Windows with the Administrator account is perfectly safe if you're not an idiot. I don't see why it's unsafe to do so on a *nix system.
But I want to know his IP address.
Lets do "rm -rf /" and compare the results.
"I disapprove of what you say, but I will defend to the death your right to say it." - Voltaire
While we all want to start lambasting him for his obvious lack of understanding of the obvious, I think it is actually endemic of the real problem.
People do not understand anything about computer security.
They do not understand how to limit exposure.
They do not understand the vectors of software virus infection.
They do not understand the true problems of viral infection (that is: they want to eliminate the side effects, but do not care about the primary problem).
Mocking people for being clueless does not actually make them smarter, nor does it impress them with your 31337 Haxor Skillz.
How does the Slashdot Effect happen given that no slashdotters ever RTFA?
I'd like him to run on an account where he's not root, thanks.
In the article, Michael defines security as the (in)ability to access personal data. In that respect, he's probably right. But I think he oversimplifies the real question of allowing the users to run under the one account that could really screw up their machine.
He argues that just because we could possibly drive our cars into brick walls doesn't mean we should all be limited to driving at 10 mph. I don't believe the likelihood of even the least skilled driver actually ramming into a brick wall is quite as much as my grandma's likelihood of completely screwing up her computer were she granted root access. I've seen her mess up her Windows machine pretty nicely.
http://nerdfortress.com/
chmod 777 -R
amongst a high seas of other things that make running as root unsane on the "woops scale"
as to be in dangeour from a remote source , well if you make a conection an open conection to someone you dont know when you root then
The only things certain in war are Propaganda and Death. You can never be sure which is which though
This is exactly the kind of attitude that I'd expect from someone that learned everything they know about computers from working with MS-DOS... he can't seem to conceive of the notion that there might be more than one person's data on a single machine!
"Freedom means freedom for everybody" -- Dick Cheney
Unfortunately, a normal user can install any browser plugin that they want to. Running as root would simply allow the user to install plugins for other users as well. For the curious, you can install them in $HOME/.mozilla/plugins (among other locations). Running as a normal user will not prevent your box from becoming a zombie, unless you have some kick-ass SELinux rules in place.
The wheel is turning, but the hamster is dead.
Why is it more secure not to run as root?
500,000 Windows zombies should be the only answer you need.
include $sig;
1;
default dcc save directory is ~ . many users of irc are accustomed to permitting auto accept of files. someone sends you a .profile or .bashrc . .profile is sourced on every login. hmm i wonder what happened to all my filesystems.
1) It protects you from yourself. Nobody's perfect all the time.
2) It limits damage from exploits. Go ahead and be root if you aren't networked and never insert media, or are running a perfectly-secure OS.
3) it protects you from another user's malice. N/A for single-user machines.
Examples of when it is OK to run as root:
1) many non-networked embedded systems, e.g. your microwave oven
2) the DOS box in the corner your kids play DOOM I on.
3) Demo machines at trade shows, but only if they are not networked and have no removable media.
Other examples where running as root isn't advisable but the damage is greatly mitigated include read-only systems like Knoppix.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
One word: Spyware. You run as Administrator, it hoses your machine. If developers would actually write software so that users didn't have to run as Admin just to open up notepad, then spyware wouldn't be anywhere near as big a problem as it is right now.
.jpg .doc and .mp3 files.
Now take that one step further and consider a malicious virus being accidentally executed by the same user that thought Bonzi Buddy was cute. Spyware is bad, but that virus might, oh... kill all your
Now how do you feel about running as Administrator?
I have to say I love the OSX solution. For those of you that aren't familiar:
The method:
By default you don't use root (although it does exist)
By default a user may or may not be an "admin" user. An admin user may perform root-like operations by authenticating again, but they give their own same password to the OS to do things.
It still knows you're you, you're just super-you. So default files are created with you as owner, for instance. This is safer because it reduces slightly the number of escalations necessary.
The effects:
The actual user password being compromised is not the reason you need a separate root account, so they removed your need for two passwords.
Bad apps still need separate priv escalation to do any harm, even if you're running as admin.
BUT you don't have to logout of your GUI session to have one app - or even ONE PART of one app - run with escalated privledges, if you authorize it to.
This means you have NO REASON to ever run unnecessary apps as an admin. No downloading just that one file as root because you're in the middle of doing a rooty thing and forgot one.
The similar linux hack:
I know you can setup similar things with sudo and a little tweaking. But this is how every OSX box ships, and it ought to be how every GUI consumer linux box ships too.
Looking for freelance Actionscript (Flash/Flex) or ColdFusion work and/or freelance developers. Email me, put Slashdot
We all know the reasons not to run anything as root unneccesarily are many, but you have to think from his perspective as well. He's picturing clueless linux desktop users, using a shrinkwrapped distro at home for personal use. If they were to only log in as a user rather than root, what does it buy them? Whoever gets them to run malicious code by exploiting them or their software will still get access to all of their data, since it was all stored as that user. And they still get access to backdoor all of the software they use, since they can screw the user's environment (PATH, LD_LIBRARY_PATH, etc).
About the only thing not running as root saves the poor nontechnical home end-user from is wiping out their hard drive, but all the data that's important to them contained therein is still destructable.
His point is in fact arguable - why bother?
11*43+456^2
I knew Michael Robertson in college and he was a technological lamer and pretty much an A-hole. And he doesn't appear to have changed much. He's cobbling together whatever technologies he can get his hands on and then shamelessly pimping^H^H^H^H^H^H^H self promoting whatever his latest project is regardless of merit.
He unfortunately seems to have learned that there is little fact checking in the business press - especially where technology is concerned - and that if he can create a stir he can probably create profit.
It was several years before I realized that it was the same Michael but I visted the website and found his picture there - in multiple super high resolutions - seriously why would I want a 1435x1980 pixel image of him?
Does he think he's desktop material? There's even information for booking him for speaking engagements... but it's not about ego. *SIGH*
Look for the stock pump and dump scheme followed by an SEC investigation in 5 - 10 years...
=tkk
Bill Gates - Creationist?!?
Just read his responses....[a few of my repiles]
Running as root is dangerous, but is more dangerous than the average home user is used to? Probably not. The average user probably runs windows from a single user account with admin rights. For most people, the recycle bin is the only protection from stupid mistakes.
Malicious software can always trick user into giving it administrator access. But if you always login and root, one bad mouse gesture in file explorer can make your system unusable. Just yesterday I saw someone with a master degree trying to store MP3 files in /Library on MacOSX.
Besides, if you have a family PC why would you want everyone messing up each other's files if they can have nice separate home directories?
With poorly designed hardware, it is possible to wear out the hardware. Cheap printers and disk drives are relatively easy to wear out in a worst-case scenario. Certain types of flash memory can be destroyed by flashing it a few thousand times. While your operating system may not require you to be root to overuse these components, in principle it COULD force you to be root to do this.
If you can write to BIOS or other boot-control data, you can potentially leave the hardware unbootable. Technically it's not hurting the hardware but you've still got a boat-anchor until it gets serviced.
Older monitors could be fried if set to a "bad state" and left there too long. Ironically, in X-Windows, you don't have to be root to change the video settings to such a "bad state."
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Uh well, I think he is actually that ignorant (or lost is more like it). This is the guy who started mp3.com and thought that the music industry was going to give him a big pat on the back for it and let them into their billionaires club. Even worse is how he down-talks illegal copying like it's a back-alley dirty activity, when in truth nobody is doing any worse than he has been, is, and will likely continue to do for the rest of his life. IMHO, he is the epitomy of blind love for evil systems. No matter how poor it is, evil it is, he throws himself at it with pure optimisim and glossy eyes.
Michael "Root" Robertson is appointed to the Department of Homeland Security's Privacy Board.
... he should rename his Linspire to something like Lindows.
Don't fight for your country, if your country does not fight for you.
OK, I'll bite.
Keeping in mind Linspire is totally Desktop-centric, I can see why they might have a radically different view on the permissions system from most existing Linux users.
I've already read lots of lengthy posts trashing this contrarian point of view. And they have a lot of good points, as yours does, but ultimately this reads like a single-user vs. multi-user culture clash.
The fact is that on any operating system when you have a single, important user who runs malicious code, it doesn't matter much whether they're root or not, unless the machine has a security model more fine-grained and well-integrated than anything currently in wide use.
If that user can access their own files, then their own files can be destroyed. If that user can access the internet, then the compromise can also send their files over it. Or it can simply make them a spam bot. Or a relay. If that user has an address book, then its contents can be targets for viral propagation. And so on, and so forth.
Frankly, to do most things attackers want to do, "root" is unnecessary. Nothing within the unix "user management" repertoire really lets you deal effectively with this problem, and what few solutions you do have are, let's be honest, ugly, cumbersome, evil hacks.
What stops all this? A real, heretofore unknown high-level security model, that actually says "The email program can access stored email data, preferences, and can talk to the network on this port, to these hosts" and "the word processor cannot talk IRC" and so forth. This requires a rich resource model, rethinking data storage metaphors, the whole nine yards. Unix does not have this. Windows hosts only have it in the crudest and most limited form with "personal firewalls" that to some extent at least police the network activities of applications.
So for all the Unix folks, of course, this disdain for the security model is heresy, but for the desktop world (and really, servers benefit greatly from a fresh perspective as well), it's not such a bad point. Unix lacks a security model rich enough to be truly useful to everyday users, and by extension, companies like Linspire that cater to them.
Tired of Political Trolls? Opt Out!
The most valuable thing on my computer is probably the user name and password to my internet banking facility.. Not that I store them on the machine but I do type them in. Maybe running as non-root does give you access to all the data in a users home dir but it sure makes it more difficult to overwrite those libraries he's talking about with keylogging trojans that will harvest my passwords.
This man obviously hasn't met my sister: She attempts to open music files by selecting them in groups of 100, resulting in 100 sessions of xmms...I can only imagine her with root access.
"... however, your comment about FireFox not adopting ActiveX, I would put to you, is actually not a good thing."
/rant
Lack of ActiveX support actually prevented my previous company from switching to OpenOffice or Mozilla. The attitude that it's better that these two apps don't support it seriously pisses me off. If Microsoft can't get away with being arrogant, than the OSS Community can't either.
"Derp de derp."
How could open source applications support ActiveX? The WHOLE point of ActiveX was to add a proprietary MS extension to the web to keep companies like yours locked in.
Religion is a gateway psychosis. -- Dave Foley
127.0.0.1.
Just don't tell anyone that it was me who told you.
“Wait for Hurd if you want something real” –Linus
"How could open source applications support ActiveX?"
Ask these guys.
BTW, you REALLY don't understand what ActiveX is. Heh. Non-MS products can open ActiveX plugins.
"Derp de derp."
Before you blow everything out of proportion, take a second to look at a few things from a different perspective:
1) The end user of Linspire is most probably a windows user trying to switch to something cheaper. The odds of Linspire being heavily used in a multiuser environment are bleak at best.
2) He makes a valid point, the most valuble information on your computer are things stored in your home directory. Credit card information, social security, emails, etc. Guess what . . . `rm -rf` will eliminate all of that even if you aren't root. Who cares if you accidentally wipe an X library, a reinstall will fix that, it won't get back your emails and resumes.
3) Everyone's argument for the flaw of running as root seem to stem from services running as root, which is something the enduser of an operating system like Linspire shouldn't be expected to fix anyway, nor will most Linspire users be running apache servers and mysql servers, I'm just guessing at that.
A windows user or a linux newbie doesn't want to remember several account passwords just to change the IP address of their computer, or to reboot, or mount an external hard drive, or start Samba, etc. They want to know that they have permission to do those things out of the box. That's how windows is set up, that's what they want. Security should be handled by turning chrooted service invocation, firewalling, etc.
This isn't FreeBSD, tailor to your customers and make them happy, without them you don't have a business.
The reason that Robertson didn't get the answer to why not to "run as root" is twofold.
1.) He didn't want to hear the answer when it was told him.
2.) probably 99% of people who know that you shouldn't "run as root" don't know absolutly why themselves. They have a pretty good idea, but someone they respect and trust (and who is correct) told them it was stupid.
The other 1% who could have told him why, weren't consulted. Nor will they be.
It's no accident that Linspire (Lindows) is modeled after Windows, and it contains Windows' greatest fundamental security flaw.
Mikey, what is a bot? And how are they born?
almost Word for word, this guy has been posting this same text around different sites for 2 years. It has sort of reached goatse status (ie effing annoying). Just ignore it
BTW, you REALLY don't understand what ActiveX is. Heh. Non-MS products can open ActiveX plugins.
No, you don't understand.
It's still a proprietary MS extension even if you can add it to non-MS products.
Oh and you can't add it to Linux products.
- Stian
---- Sig. gone.
Refusal to support one of the biggest vectors of spyware infiltration is not arrogant, it is common sense, at least for the average desktop user.
For the business world, admittedly, with the entrenched position of ActiveX-based systems on corporate intranets, it's perhaps a little silly and a bit of a barrier to business adoption, but for home users one of the biggest complaints about Windows is the fact their machine can be 0wned by Virtual Bouncer, CoolWebSearch, ABetterInternet and God knows how many other drive-by-installed apps and toolbars just by visiting a slightly wrong-side-of-the-tracks website.
Dealing with lawyers would be a lot less tedious if they all looked like Casey Novak.
rm -Rf / as nonroot will make you give a sigh of relief.
That sounds like a workaround to make up for a design flaw in the command-line interface to me.
No, it illustrates that some portions of the computers storage space have need to be protected. And that sometimes users do need to alter them, but not generally.
It's just as easy to take a big chunk of the Windows directory and start trashing stuff with the GUI as well. If you give users the means to manipulate persistant storage (which you do need to do because as the article says, data is king) then you also have to have some way to gently steer them away from utter disaster. How you not heard tales of users trying to free up space on an HD deleting some crucial part of Windows? I have!
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Since a decent majority of open source developers actually give, to use your phrase, a flying fuck about standards, it's generally not in their best interests to promote use of something that isn't a standard, will never be a standard and would be completely undesirable as a standard. Additionally, if it can't be ported across architectures then including it would do a hell of a lot of damage to firefox's geek cred, and hence developer base.
Having said that, I think a plugin that allowed you to use activeX is a cool idea. I just don't think that tying the browser down to any one platform is a great idea. If you're particularly keen to produce an ActiveX version, go fork the codebase.
For the love of God, please learn to spell "ridiculous"!!!
Even on a single-user system, there is a damn good reason to run non-root: otherwise, if an attack makes its way in, you'll have no way to know about it. That's because every utility you could use to verify the integrity of the binaries and libraries and kernel you use can be altered by root.
Not everyone takes proper advantage of the root privelege separation. Popping up dialog boxes asking you to enter your root password, for example, was a terrible design decision on the part of most distros. And sudo is almost always misused. But properly done, root privsep is your only way you can reasonably know you're running a clean system.
I'd rather have a true cross-platform product. MS can keep their shit to them selves.
Besides, ActiveX is a security nightmare. It is simply not worth it; whatever the problem is, ActiveX is never the solution
- Ost
---- Sig. gone.
I hope I can remember the details of this correctly. Here goes. Some time ago (maybe 5 years ago) I was running linux on a ppc box. I wanted to play a .au file. The sound device was something like /dev/scd All I needed to do was /dev/scd
/dev/sda
cat soundfile.au >
I typed
cat soundfile.au >
Whoops. Yes, there is a reason not to run as root. I admit the mistake was dumb but if I wasn't root I would have been protected from myself.
I haven't seen a rebuttal that gives a good solution yet. Michael Robertson is right about data being the most important, but seems to think that having users run as non-root means that changing the date will require a password (which is a "no no" for ease of use).
This problem can easily be solved by making all non-critical configuration tasks (e.g. setting the date) run using sudo behind the scenes. Changing the date as a non-root user shouldn't require a root password (unless you're real paranoid about bugs in your date setting code allowing crackers to exploit date-triggered viruses, or something...)
As for requiring a password, the only real solution is biometric, and that will be a while in coming. But most grannies aren't going to be changing hardware settings unless they are comfortable entering passwords. And if they aren't, they shouldn't be changing hardware settings anyway...
Life's a lot like money-- you spend it, then it's gone. Spend wisely.
"It is simply not worth it; whatever the problem is, ActiveX is never the solution :-)"
*Sigh* This is what I'm talking about! I know AX ain't great. I'm no fan of it, either. But when it's needed, it's NEEDED. Since OO and FireFox wouldn't support it, we had to use a MORE INSECURE office and browsing app! You cannot honestly tell me that the OSS Community couldn't develop something to support AX and maintain security. Heck, all it would really need is to be off by default and the user has to either turn it on or install a special module. I don't care. It certainly would have been infinitely better than what we had.
Whatever. I seriously doubt this has been given serious consideration. Flipping off MS is fun, but you're also flipping off some people who can't switch.
"Derp de derp."
Default turned off. If a page has some activex thingys, block, display small text that a thingy was blocked. If user wants to run it, click here and blabla, the url gets added to "Allow" list. Done. Other platforms need not even bother.
True confidence comes not from realising you are as good as your peers, but that your peers are as bad as you are.
There have been some very good research projects done on how to build a more secure system, and some of the most amazingly effective ones have been the ones that challenge the basic assumptions of "best practice".
MIT Kerberos takes the view that no machine on the network can be implicitly trusted; access to network services is controlled by tickets, mediated by a ticket distribution service with which each user and service has a pre-shared key. This works even for systems in which the local operating systems have no internal access control mechanisms whatsoever.
Capability-based systems essentially throw out the classic security model of users, roles and permissions, replacing them with a system of nonforgeable references by means of a combination of memory protection and cryptographically strong naming.
Finally, people need to come to terms with the fundamental fact that content-based security schemes are a losing proposition (1, 2). Virus scanners, adware scanners, porn blockers, spam filters, and even national customs departments all face the same problem: they can only inspect what goes by and apply a list of tests to winnow bad items. There is strong economic pressure to find ways to bypass these types of checkpoints, so new tricks are constantly being invented, only to be compensated for by the guardians; thus the guardians are always a step behind.
...when you're writing a game...tweak the difficulty of "Easy" to something [your mother] can cope with. -- onion2k
The new netscape based on firefox is supposed to support AX on windows.
Transgaming is working on a mozilla plugin for AX, for linux running winex / cedega.
For openoffice, I think macros (with import from ms formats) would be more useful than AX (who uses AX in a document?)
- Ost
---- Sig. gone.
However, activeX is a security nightmare. And regardless it *IS* a proprietary MS extension -- and nobody wants to A: support MS and their bullcrap, B: Firefox has a reputation as a secure alternative to IE. If FireFox supports the hopelessly insecure ActiveX -- they really have nothing to offer anyone anymore as their reputation is *done*.
Religion is a gateway psychosis. -- Dave Foley
"I know in linux you can, for instance, open a terminal, su, and execute a GUI app as root while in an X session not as root. However, there's no general linux way for doing this for a nonCLI user."
Observe, The KDE solution:
K --> Run Command --> kdesu program_name
The Gnome Solution (I Think):
Gnome Foot --> Run --> gksu program_name
Also, you can set program shortcuts in either the K/Gnome/XFCE/icewm/wtf wm you desire/ menus to start off with the gksu or kdesu to launch an app as root.
Also, if you have a lax sudo set up, a "sudo app_name" works as well.
"B: Firefox has a reputation as a secure alternative to IE. "
Except that it cannot completely be an alternative to IE because IE supports something that FireFox doesn't.
I believe that is the point that other dude was trying to make, but everybody's busy telling him he's wrong.
My reaction? It's about time! This will help far more than any "Trusted Computing" initiative will.
Now before I continue, I'll comment that my workstation/gamestation is a Windows XP SP2 machine. My web services machine is a Debian Linux machine.
I have two accounts on my XP machine: One Administrator and one Limited User. I use the Limited User Account on a day to day basis for my classwork, Applications, and Games. I use the Administrator account to install new programs and program updates.
The biggest problem with a LUA policy on a Windows system is... Application manufacturers. Programs tend to be written with the impression that the program directory and HKEY_LOCAL_MACHINE part of the registry is always writable. Unfortunately, this is undoubtably because Windows 9x didn't have the concept of file or registry permissions.
On XP, by default, Limited Users can only write to their Profile directory on C:, and can only write to the HKEY_CURRENT_USER part of the registry. These are where user specific files and settings belong! The %USERPROFILE% and %APPDATA% environment variables are even set up for them! There's even an %OS% environment variable that tells the installer that this is a Windows NT system (It's set to Windows_NT).
The most recent offender for ignoring these restrictions, that I've installed, is World of Warcraft. Since it was written in 2004, its installer is aware of accounts and account types, and gave me an error that I needed to install it as an Administrator. That's all well and good, but it still tries to write files to %ProgramFiles%\World of Warcraft\WTF\Account\[USERNAME]\ heirarchy every time it runs. While the game seems to work even if it can't write its files, you also can't save any settings changes.
GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
From time to time I help my grandmother and my girlfriend's aunt out with their windows boxes. Both of them are pretty clueless as far as computers go, and I suspect that they could really get into running as a user and not as root. Especially when they were first getting started, and even now, they both have expressed a fear of fucking up their computers. If I/this guy could tell them why it's in their benefit, ie that as long as they don't enter the root password, they can do whatever they want and they never ever will have to worry about their computer breaking, I would imagine both of them would sign up really quickly.
The solution here isn't in dumbing things down. It's in giving a 1 minute presentation about the *nix security philosophy during the first login. I would think that most people, and ESPECIALLY newbies, would get behind that type of security if this guy would take 30 seconds to explain what it is and why it HELPS them instead of just portraying it as a nusience. In many ways, logging in as a user really does give you a freedom to explore and learn pretty risk free. People know that there are ways to break their computers. Telling them to go ahead and press any button you want to; if it's a button that will do something serious, it will make you enter a password would probably be attractive to most people learning an unfamiliar OS for the first time.
exceptio probat regulam in casibus non exceptis
Okay, I will make it easy for you. Why does Firefox and OpenOffice not use ActiveX? Heres why:
s ho ld=0&commentsort=0&tid=109&mode=thread&cid=1207754 3
(1) It does not work cross-platform. Both Firefox and OpenOffice work on platforms other than Windows. Both platforms keep this compatibility by not introducin technology that could possibly limit this capability.
(2) It is proprietary. You may be confused on what this means. Basically, the technology is owned by Microsoft. This very same reason is why PNG exists despite the existance of GIFs. GIF technology was proprietary and, thus, could not be placed into a product that had a open source license (Linux).
(3) Firefox has no need for ActiveX since it has, in my opinion, a better technology with XPCOM. OpenOffice, if I remember, can be extended with Java plugins. Java has built-in security unlike ActiveX. Both XPCOM and Java are cross-platform which goes back to my point #1.
(4) Active X is not very secure. You will hear this time and time again. Microsoft even knows this and turned them off by default in SP2!
Make all the excuses you want, at the end of the day what matters is if the product does what it needs to or not.
As stated in point #3 above both Firefox and OpenOffice support technologies that give them quite a bit of power to get any job done.
I have a pretty good memory and I remember correcting you on these issues before:
http://slashdot.org/comments.pl?sid=144131&thre
Before you go spouting about some guy who would have no job if it werent for ActiveX or some other non-sense drivel, answer this:
What does ActiveX do that XPCOM and Java are incapable of performing?
If you are not able to answer that question, you have no base to stand on.
Fine. But FireFox (and others, such as Mac's Safari) support something highly worthwhile that IE most definitely does not. Namely, a reasonably safe and secure browsing experience.
Some markets will opt for security and safety, using technologies that are (compared to active x) much (duh) safer and more secure.
Others will continue to endure spyware, viri, adware and various trojans and other invasive garbage. Those are "IE features" FireFox doesn't want to offer. Or let me put it this way -- they are "features" that this FF user doesn't want to be "given", because they are inevitably prefaced with the command "bend over."
I truly think that to impress ActiveX upon FireFox would be just about the worst thing the FF developers could do. FireFox provides a better experience. That's why it's doing so amazingly well. Put ActiveX in there, and that experience is going to begin to degrade. It may go as far as to be as risky to surf with FF as it is to surf with with IE.
Does anyone really want that, other than the companies who have embraced and extended Microsoft's Active-X? Is there anything truly significant you can do with Active-X that you cannot also do with Java?
Sure... you pick a technology that is proprietary to one browser, that browser starts to lose favor with the user community, and definitely, you will have work to do. Time to start studying Java. It's not time for the junk technology to be imported into FF to extend the EOL of some Active-X product.
Java was designed to be secure. It's been remarkably successful at it, too.
I've fallen off your lawn, and I can't get up.
That's not at all true. ActiveX is just COM/OLE, which is older than Java. The origins of COM/OLE go back to the 1980s, and OLE 1 was publicly distributed with MS Office in 1991. OLE 1 wasn't based on COM, however, so is to some extent irrelevant. The first release of COM-based OLE (called OLE 2) came in 1993, at a time when Microsoft were still ignoring the Internet, with OLE controls (now called ActiveX controls) added to Visual Basic in 1994.
The first release of Java only came in 1996, and whilst it almost certainly did inspire Microsoft's rebranding of COM as ActiveX, the ActiveX technology itself was not in any way an answer to Java (and obviously couldn't have been, since it's older).
Except that in a properly configured system, . should never be in your $PATH.
There is an issue you've not addressed. How about when your data is not the target? (Honestly, most people's data is not worth stealing).
What if an attacker just wishes to compromise your machine and use it to attack other machines, relay spam, etc? This is a huge problem with Windows.
"That's some catch, that Catch 22." "It's the best there is."
It can run ActiveX applications that have already been designed and implemented.
If you don't know where you are going, you will wind up somewhere else.
Correction:
/home/, and user bob executing rm -rf /home/ fails to eliminate a bob-owned /home/bob/, as it fails to get a listing of /home/
replace "executable" with "readable"
chmod a-r
Fine.
However, the next implication is that it can be turned on. This is not fine. Why? Because it is dangerous. The average user does not comprehend that it is dangerous. Like the argument here that one should not run as root (which I agree with for most people in most situations) the idea is that if you're not smart enough to handle a tool, you should not be handed that tool.
It's not arrogance to say that it is not a happy worldview to see people's computers being trashed by junkware let in by badly designed software -- Active-X -- it simply isn't a good thing. You can't make it a good thing.
Now, if a company has invested time in developing for this proprietary (but very dangerous) technology, and the marketplace leaves them behind, as it is showing definite signs of doing, then if that company wants to survive, it needs to lose the dangerous technology, get with the program, and use the safe technology. That's called evolutionary pressure. I'm part of that pressure. I don't use IE. If you use IE-specific technologies on your site, you've lost me (and at least 10% of the rest of the world, and more every day.) Now, you can only ignore this for so long before you (a) solve the problem by losing the junkware, or (b) are driven from the business space by competitors who are able to recognize and resolve the problem.
From a user perspective, I'm just one guy. I won't use IE.
From an applications standpoint, I own several companies and we don't use Active-X (or Java, for that matter) as a matter of course. We do server-side apps, because (a) we have total control over them and (b) because all users, that's 100% of them, can use our apps. We give up some glitz, certainly, but we've never, ever had to give up anything important.
So my outlook does have some effect. If Active-X were to go away, it wouldn't touch me at all, other than to make the web more accessible to me and perhaps give my competitors a more stable place to stand. Do I worry about the people who invested in Active-X? No. And, really -- why should I?
Arrogant? No. I'm entitled to my opinion, just as you are entitled to yours. As for putting any thought into it, apparently you didn't notice my sig. This isn't an issue I just picked up on this afternoon. I have indeed thought about it, and this is where I ended up.
I've fallen off your lawn, and I can't get up.
Good post overall. However, you're simplifying the relationship between GIF and PNG, and you imply that by including proprietary renderers in Linux that they too must be open source. This is completely incorrect, as many binary drivers, patent-encumbered applications, and even closed applications are distributed with Linux. Debian has an open-only policy, but that reflects their outlook, not a requirement of the Open Source license.
PNG was developed not because it was impossible to put GIF support in Linux, but because it was feared that Compuserve (which discovered it held a patent on one of the processes used in GIF compression / decompression) would abuse it's power on all platforms. In the early days, they talked about levying a fee on all clients, users... anything that interacted with GIFs. At which point development of PNG began. I believe CompuServe finally settled on the less unreasonable 5c per paid application that can encode GIF's, with no fee for decoders. That fee is no longer with us, as the patent has expired.
On the other hand, PNG has surpassed GIF's by adding alpha layer transparency... in other words, you can have certain pixels that are 100% opaque, or 10%, or 55% solid, or whatever. This would make working with images on the WWW so much easier, if MS would just bloody well implement proper PNG support like they promised as a feature for I.E. 4.
What does ActiveX do that XPCOM and Java are incapable of performing?
Install very convienient password management apps, automatically, like Gator.
The ______ Agenda
With ActiveX, you're using IE as a custom client UI for your apps, not as a web browser. Why should other web browsers turn themselves into a general-purpose Win32 UI platform? That's not their focus.
What would be wrong with just staying with IE for your Win32 application? You can still keep it around just as a container for your custom-coded UI clients. If you want to actually *browse* the wold-wide-web instead of running little Win32 applications, nothing's stopping you from using other more modern browsers.
That's Windows logic.
In Linux, run as a user. A malicious script destroys your files and "toasts" your system, the only thing you've lost is your user account. As root, you can then destroy the user and user's files, and recreate the user. You've lost maybe 5 minutes of your time, and don't have to reinstall/recompile/reupdate your system.
If you're running as root, however, the script can access the *entire* system. If it runs amok, you're completely lost, and are out several hours of reformatting, reinstalling, recompiling, and reupdating the system.
This is especially important if you're running a multi-user system. When there's 3 people using the computer, if one of them gets a malicious script and runs it as root, then the entire system is pooped, and all 3 users are out of luck. When they're running as users, they can't touch each others' files, and as such, they can't screw each other over.
If you believe everything you read, you'd better not read. - Japanese proverb
Nice try. ActiveX is nothing more than simple COM. It is not very difficult to use Java or XPCOM to communicate to ActiveX controls, and vice versa. Try again.
This particular problem can be averted by removing . from $PATH of all users including root
/bin:/usr/bin:. would find ls in /bin and run it.. even if ls was also in /usr/bin or cwd
I've never seen a linux distro that even *had* CWD in $PATH.
But hey, maybe you like going around trying to run "./ls"
Finally, PATH is searched in order. So
> Lack of ActiveX support actually prevented my previous company from switching
> to OpenOffice or Mozilla. The attitude that it's better that these two apps
> don't support it seriously pisses me off. If Microsoft can't get away with
> being arrogant, than the OSS Community can't either.
Arrogance has nothing to do with it; this decision is about (and can only be about) security. Applications that care about security *cannot* support ActiveX, full stop.
It's not just better; it's *VITAL* that they not support ActiveX. If Mozilla for instance did support ActiveX, anyone even the slightest bit conscious of basic security issues would migrate away to another browser immediately (Opera, most likely). If you think ActiveX is a good thing, you have no idea what ActiveX is, or no understanding of security at all. Fundamentally, by design, ActiveX allows any website you visit to do, quite literally, whatever it wants on your computer[1]. A well-behaved site is *supposed* to be nice and just draw stuff in the browser window, but fundamentally it can do whatever it likes, because that's how ActiveX was designed. Microsoft created ActiveX during the era when they considered security to be 100% Somebody Else's Problem, so they didn't give this a second thought; now that they are making some attempt to take security seriously, they regret ever having developed ActiveX in the first place; sooner or later they will have to discontinue support for it in a service pack or upgrade, because there is no secure way to support it.
It was a mistake for Microsoft to develop ActiveX and start supporting it; it would be a mistake for *any* application to support it that doesn't already, and the ones that do already (mainly, MSIE) will eventually have to bite the backward-compatibility bullet and stop supporting it. Mozilla.org absolutely cannot afford to make that kind of mistake; security has been and is one of the major factors driving Firefox adoption; if Firefox supported ActiveX, it would actively lose most of its market share virtually overnight. That kind of wide-open security hole is never EVER worth the risk. OpenOffice *might* be able to get away with it better, because it is used mostly with internal documents, not content off the internet, but it would still be a major security headache, and not supporting ActiveX is still substantially the right decision.
Lack of ActiveX support is not about lack of developer time; it is not about needing to reverse-engineer protocols; it is not about platform parity; it is not about open standards, and it is certainly not about arrogance; it is about security, and it is so essential to security that no other issue can matter.
It is Windows users who would suffer if these applications supported ActiveX on Windows. Yes, Windows has other security problems, but ActiveX dwarfs relatively little things like Shatter attacks (a form of privilege escalation attack that exploits a design flaw in the Win32 API), because it is so much easier to exploit; it is not so much a security vulnerability as a complete abdication of all pretenses of security. Right now, Windows users have a choice; they can use MSIE, and pray nobody ever sends them a link to a site with a less-than-scrupulous webmaster, or they can download a browser with basic security. Don't take that choice away from them.
---
[1] The design has now had user approval retrofitted onto it, so that a site
now can only do whatever it wants after the user frobs the "Ok" button.
But the user (and the computer, for that matter) has no way to tell
before doing so whether the site intends to draw pictures in the browser
window, scroll text across the status bar, or scour the user's Documents
directory for credit card details and other personal information and send
it back to the site. In fact, it's not easy to tell what a site's ActiveX
programs (called "controls" in ActiveX parlance) have done even afterwards.
Cut that out, or I will ship you to Norilsk in a box.
What does ActiveX do that XPCOM and Java are incapable of performing?
I think the correct answer is marketing. The gecko browsers are packed full of some really cool toys for developers. But it's very very hard to sort through it all. Every so often I start playing with various features common to Mozillaish browsers like XPI, XSLT, and Javascript. It always strikes me how much potential there is to make some very cool applications using these. One pet project of mine is to see if I could create a set of XSLT documents that would transform glade projects into XUL applications, which could be themed via css.
It's coming along pretty well, but I find it very difficult to wade through the developer documentation. XULplanet is a great resource, and there's a few others like the DOM ref on moz.org, but it seems pretty scattered, and sometimes out dated, and sometimes it just completely disappears like DevEdge (which there was some talk about being resurrected). In some cases, the only reliable documentation is the moz source itself, which is very hard to navigate without a fair bit of research.
I've never done anything with ActiveX at all, or dealt with Microsoft API's very often at all, but I've seen their documentation, and it seems like its quite a bit more focused, and easy to find things.
Having had to go looking for documentation myself, I think I can see why companies would be reluctant to use Mozilla technologies in house. Is there anybody at the Mozilla foundation that deals strictly with promoting moz as a developer platform, rather than focusing on the browser itself?
as per this comment below (just bringing it up to make it more obvious). chmod a-x /home keeps you from doing anything in /home or any subdirectory, but will let you list /home; chmod a-r /home keeps you from listing /home but will let you do stuff in /home/bob.
- Any process that is owned by a given user has all the authority that that user could have
- Some executables allow a process to start other processes with root access. If there's an overflow in any of the numerous suid binaries, any process can use it to escalate.
- The most dangerous operations, such as processing network data, require root privileges. I still think that "must be root to bind ports < 1024" is the #1 Unix/Linux security bug and we've been suffering with it for three decades.
- There is a user (root) which can access everything in the system. There's no way to grant a program the capability to listen to port 80 without also granting it the capability to write raw blocks on the disk, access raw devices, access other users' files, etc. This is an absolute disaster. No ordinary web server needs the ability to write raw disk blocks, so it shouldn't have the capability to do it.
So yeah, the Unix/Linux security model is such a disaster that he's right! On a single-user machine (such as a typical Linspire machine) the user isn't really any worse off running everything as root.What would be nice is if someone would actually fix the Unix/Linux security model one of these decades.
I'm sure a lot of Unix old hands (perhaps complete with beards!) will dismiss what I'm saying as rubbish, but I also believe that just being an old Unixer doesn't give anyone any special understanding of security. The way to get a special understanding of security is to think about, and understand, some theory ideas like least-privilege, capabilities, compartmentalization, that kind of thing. All those are foreign to the traditional Unix world, which is based on users and permissions. The users-and-permissions model is the ROT-13 of security models.
"What does ActiveX do that XPCOM and Java are incapable of performing?"
ActiveX runs things that were previously designed to run via ActiveX. The question is akin to "Why use windows over linux?" There are many ActiveX controls already written that cannot or will not be rerwritten that people depend on, and unless someone takes the time and money to make clones for the controls, people will continue using the pltforms thtat the controls tie them to.
There are good reasons for people to replace ActiveX with something else, but there are also good reasons for users to continue using the programs that support their controls. Inertia is a powerful thing.
Actually, Robertson is right.
He said "why is it more secure to not run as root. Nobody really has a good answer. They say "oh, yeah, it is!", but it really isn't. Here's why: What's the most important thing on your desktop? It's the data. If someone gets access to your libraries or whatever, who cares? Your data is the most precious thing on your computer. And whether you log in as root or log in as user, you have access to that data, technically anyone who's compromising your account has access to your data as well. "
Obviously he is talking about single user computers, as most PCs are. If you have a single user computer, when your user account is penetrated, your root account is penetrated next time you su.
The last step in a Linspire install, which apparently noone in this thread has done, is to set up user accounts for a multi-user system. If it is a single user system, there is NO additional security to setting up a user account.
My data is the most important thing for me. I can reinstall Linux in 15 minutes, but my data is irreplacable.
Peter
On a home system, there's Billy Bob, Mis Billy Bob, Billy Bob Junior, and the occasional 10 persons a year that come and borrow your machine for 1 min to read their webmail, the ones that play music when you do parties, etc.. etc...
Never assume that because you're the only one to use your machine today, that you're not going to let someone else use your machine tomorrow.
Sneak teach kids Algebra using a game
It's been stated repeatedly that Mozilla.org products will never implement ActiveX out of the box... ever...
There are extensions, if there weren't you could develop them, it's up to you to implement ActiveX in moz/fox and degrade your security, but THAT won't come from the foundation.
Try again.
"The way we can tell it's C# instead of Haskell is because it's nine lines instead of two." -- wadler
Has netcraft confirmed this yet?
When one RTFA they will notice that Robertson is talking about a desktop system. Having users log in as some root/admin account is not a big deal because the only thing valuable on that system is the data stored as the only user on their system. Obviously he's not saying "run apache as root". In fact he implies it would be a very bad idea to allow things like a webserver to have write-access to a user's data!
Now if you are maintaining a multi-user system, root access is more powerful because it grants you full access to all user's information. Although these days a family computer has multiple accounts on it, Little Timmy and Mom's data is seperate. If Timmy downloads some malicious code in some new music sharing program that turns out to be a trojan, at least Mom's calendar, address book and tax information will be protected.
Of course I'd recommend periodic backups to give you real data security. That's perhaps more important than the root/non-root issue.
“Common sense is not so common.” — Voltaire
Obviously his answer is Market Force driven and non-technical. He ships as root, he doesn't want to sacrifice his products perception. He'll never say anything else.
Would you expect the CEO of Exxon to openly state that there is something called Global Warming and it is necessary for everyone to stop driving gasoline powered cars?
Certainly not until they have the answer. It maybe be the Linspire is working on changing this for real, but it won't be openly discussed.
In 1992, there wasn't a spam and malware epidemic crippling systems and networks across the globe.
You're like someone in the 1980s complaining about not being able to have unprotected anonymous sex anymore. Times have changed.
While I do agree that the most important data is what is stored in the $HOME directory, running everything as root, puts the OTHER users at risk and not just yourself.
Some would say that this doesn't matter if you are a home user but even home users should (and often do) have different users for the different family members.
If the 13 year old kid downloads lots of 31337 warez and gets a worm thrown in with it, this shouldn't affect dads documents, budget, tax stuff and credit card information.
If you run each account as root, this is bound to happen sooner or later.
The Right Thing [tm] to do is to make it easier for home users to live with security, rather than just remove security. OS X manages this decently, why can't Linspire?
You can get firefox to use active-x. It just doesn't do it by default. There's some stuff you can change in your profile to make active-x stuff work. It's not a good idea, but it can be done. As for openoffice, well, I'm not sure there. But if running compiled code in your office suite is something you can't live without, maybe you need to review the reasons behind doing stuff like this in the first place.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
The stupidity of this position is very easy to explain. He's claiming that the worst thing (losing user data) is the only thing to worry about. Since non-root doesn't prevent that, let's get rid of it.
To use his own analogy, if the worst thing that can happen in a car is to run into a wall, then why have door locks? Whether you have locks on the door or not, you're still going to die. And they make it hard to get into the car, so let's get rid of them.
...it's evil. :D
:D
A looooong time ago in a galaxy far, far away when I was in college, there was a graduate student (Bill Crossman, if I recall, was his name) who one day decided to clear out his home directory before packing up to go home for the summer. So he typed "rm *" at the shell command line and thought all was good.
He forgot he had logged in as root.
From that point on he was known as "arr emm star Crossman"
The problem with this statement is that the man's idea of security is too simplistic. He sees the only security threat worth worrying about as stealing, altering, or erasing the user's data. Certainly this is a valid concern, and if it truly were the only thing to worry about on the Net then his complaint would be valid. Where it falls on its face, however, is the plain and simple fact that this is not the only thing to be concerned about, security-wise.
Nowadays, many malware authors don't actually care much about any data that's stored on disk. It's the data you enter every day, often without realizing it, that's [i]really[/i] interesting. What sites you visit, what ads you respond to, and such: these can be gleaned from history files with some success, but by the time you get that data it's already out of date. Getting it in realtime is better, and this is what spyware does.
Even this, however, is not the only reason malware exists. Very often, what malware authors want isn't even your data; they want your computer itself. That's what zombie networks are, essentially. This allows The Bad Guys (be they crackers, spammers, or whatever) to make use of your machine to perform their nefarious activities, and the hell of it is that they can do it in ways that make it look like you're the culprit.
Of course, even this doesn't cover everything. Adware doesn't usually bother to collect data (though it can), and often doesn't act as a zombie: it's just there to shove even more ads in your face. Yes, this is more annoying than destructive, but it's still malicious.
The point of all this: Data may be king, but a king is nothing without his court. That's the problem with this man: he's too ignorant to see any security problems outside of data theft. As a result, he advocates irresponsible computing, seeing no harm not because there isn't any harm -for there is- but because his concept of harm is not broad enough.