Slashdot Mirror
UNIX Security: Don't Believe the Truth?
OSNews has an interesting editorial about security on UNIX-like systems. "One of the biggest reasons for many people to switch to a UNIX desktop, away from Windows, is security. It is fairly common knowledge that UNIX-like systems are more secure than Windows. Whether this is true or not will not be up for debate in this short editorial; I will simply assume UNIX-like systems are more secure, for the sake of argument. However, how much is that increased security really worth for an average home user, when you break it down? According to me, fairly little"
So if an OS is to make a daily backup of user's home directory (or My Documents) automatically and locks it away (until emergency) from user access, it might just win the heart of users.
Virtual Betting on Facebook for non-geeks.
If "Johnny's first day at school" is more important that system critical resources, perhaps you should have hard copies (CD, DVD, tape, etc.) of this media.
You're right, you should make backups. You have a love-affair-dependency on your hard drive. Everyday you need it to retain the ones and zeros it holds that forms your data. One day, your personal hard drive isn't going to be there for you. That's why you should back up regardless of how secure you feel. Most "normal home users" don't have redundant RAID arrays running. Furthermore, it isn't "secure period," it's touted to be one of the most secure operating systems. Wait, weren't we talking about Unix?
I don't think anyone but Mac users claim that. And anyone that claims that for any processing device is lying to you. There are Linux Viruses out there, just use your favorite search engine.
Oh good, we're back on Unix here (they're not exactly the same, you know). I disagree, both sides (user and system) are more secure in the case of Unix or Linux for that matter.
While this might be true, I think you should take into account the frequency of said viruses. When's the last time a massive virus attack has taken down entire networks of Unix machines? So you talked about Unix security without quoting a single authoritative source on the issue. And to finish off this article, you rely on a one-hit wonder brit pop band to prove your thesis. May Slashdot have mercy on your soul, Thomas. Endure the onslaught.
My work here is dung.
This story was ripped on for being lame on osnews earlier this week. Now the slashdotters get to make fun of it too.
Why is this necessary? How many people actually run UNIX at home and where's the push to get it at home? Linux is another story, but security is only one of many reasons there.
If you don't patch Windows, you're screwed.
If you don't patch Unix/Linux/*BSD/et cetera, like with Windows, YOU'RE SCREWED.
Thank you.
*sigh*
and a triumph for the home user. If you had to choose between having a virus that both destroys your personal files and compromises your system or a virus that only destroys your personal files, which would you pick? He's making light of a very significant thing for most home users--a full wipe and reinstall of the operating system and applications. That's a day's work for your typical user, more if you have a bunch of programs you need to go hunting for.
But what is more important to a home user? His or her own personal files, or a bunch of system files? I can answer that question for you: the pictures of little Johnny's first day of school mean a whole lot more to a user than the system files that keep the system running.
What's the value of Johnny's first day of school photos if you can't boot the damned computer? Again, the author makes light of the value of the system to the home user. Just because John Q. Public cares more about his cup holder than his engine block doesn't mean he won't care when the cylinder head cracks.
Of course, they should make backups-- but wasn't Linux supposed to be secure? So why should they backup? Isn't Linux immune to viruses and what not? Isn't that what the Linux world has been telling them?
Actually, no. I have yet to speak with a single techie who says that you don't need to back up important files under any circumstances. In fact, viruses are almost always a "secondary" reason for backing up files; the primary driving reason behind backing up your files has traditionally been that of hardware failure.
The crux of his entire argument rests on the supposition that, to the home user, the system simply doesn't matter. In a most cosmetic sense, this is true; home users don't give a damn about kernels and drivers. The instant something goes wrong with that system, however, it's a nightmare for that archetypical home user (who, remember, doesn't know and doesn't care how the thing works). When everything works, they can open and print Johnny's files just fine, but what the heck are you supposed to do when the omgwtf32.dll pops up an error message when you try to open Johnny's picture?
Obliteracy: Words with explosions
Open source, maybe?
The ability to change and fix problems within the code? I mean I'm not a top level programmer who is constantly editing his kernel source code, but I have changed quite a few applications to benefit my needs.
"Is that increased security really worth for an average home user, when you break it down? According to me, fairly little."
e rious.asp
Until someone steals your identity or uses your computer for maliciousness. Plus, I dont know about you but I don like he inconvenience and frustration of closing pop ups every ten seconds because of all the adware that forced iself to get installed.
http://www.cifas.org.uk/identity_fraud_is_theft_s
Yes, it's true that it is possible to abuse user files.. however, unix software has been working on this problem for the last 30 years. Bill and Co only realized this could bite them in the ass a couple years ago. I think I'll trust the bearded men with clue rather than the fresh faced windows developer who's been at this ever since he got out of tek skool.
Maybe more distros should come with an install routine for Bastille-Linux. The FTA never mentioned this product, although it's more geared toward servers, not desktops. My guess is it wouldn't take much to turn this into a product for all *nix desktop operating systems.
"Powers. I have them."
Even if you read the RTFA, which says that rather than computer exploding windows-style, nix hackage will just wreck your home, which is supposedly all that matters to a home user. Still wrong. Think multiple users for a start. But that's totally wrong when it amounts to time lost. If windows gets fucked as it often does i've seen many a user stick in their oem disk, reinstall completely, and then go through painfully reinstalling everything they had before. Say my /home was wrecked? All I'd need to do is fdisk the drive and create a new user? Besides, as in unix only exectuable files can be a source of infection, rather than screwed up images and office files, I can safely copy away anything I want. It's dumb. Sorry OSnews.
It begs the question, why would you store things like personal pictures, music, and such in your home directory rather than on some other media? If you're expecting nothing bad to happen, no matter what operating system you choose to use, then you're being foolish.
Besides, I don't think the Linux community has been stating that Linux is "bulletproof" but more that it's better than Windows at security. As the number of Windows-related vulnerabilities increases, this will become more important to the home user, who isn't going to to worry just about the destruction of their personal files, but the taking of their personal data.
GetOuttaMySpace - The Anti-Social Network
Okay, I won't go on about stuff I am clueless about, *but* wasn't UNIX inspired by MULTICS, and wasn't MULTICS a pretty secure o/s, by design?
How hard would it be to start fresh, apply the Linux method to MULTICS or something like it, to have a an networking-oriented o/s with comprehensive security?
I know, I know: commitment of effort and resources is the main issue. I am just hoping someone is already doing it somewhere...
I've got a bad attitude and karma to burn. Go ahead. Mod me down.
I'm not convinced that *nix systems are actually that much more secure than Windows systems. In fact I have a feeling that *nix system probably have more holes than Windows systems. The difference is that there are far fewer people looking at breaking *nix systems and there is a greater diversity of systems. I wouldn't be supprised if we saw a serious Linux worm sometime this year simply because Linux is starting to get a bit of an installed base.
While most of the people on /. are certainly very technically savvy there are quite a few people using Linux now that aren't as clued up. I think I have put together quite a secure box now but when I started using Linux a number of years ago I didn't have a clue where to start securing the box. There is no doubt in my mind that Linux is harder to make very secure than Windows but that a fresh install is more secure by default.
Measuring security is diffucult but I can't help thinking the Linux community is becoming a bit complacent about security.
I used to have a better sig but it broke.
...and I couldn't help it this time.
Don't believe the truth? YOU CAN'T HANDLE THE TRUTH.
Good day, sir! --AC
I think the phrase "less risk of any holes being exploited" is better than "more secure".
Unix can be hacked/cracked too, just there's less likelihood and there less risk associated with running a *nix based O/S.
This is the false sense of security I am talking about. UNIX might be more secure than Windows, but that only goes for the system itself. The actual content that matters to normal people is not a single bit safer on any UNIX-like system than it is on any Windows system.
This idiot is stating that because some users don't understand the UNIX security model, the UNIX security model is flawed. Apparently, as far as he's concerned, if ~ gets destroyed, the whole system may as well be destroyed. He's blathering about a "false sense of security," but I have never, anywhere, ever, heard anyone say that you don't have to back up your data if you run UNIX.
Sound and fury, understanding nothing. Typical of OSNews, but sad that Slashdot's carrying this crap.
REM Old programmers don't die. They just GOSUB without RETURN.
I think the author of the editorial makes a rather trivial point. (They could have made the point a lot stronger, pointing out that malware, spyware, adware, trojans, etc., are all able to be run from within unprivileged user-space.)
But why would a home user care about Unix-type security? I'll give you a few reasons of my own.
(a) Smaller target. Yes, that's right, I'm saying that the largest increase in security that home users get is because they're using something that 90% of the home user market isn't. This isn't a feature inherent to Unix, obviously--but I still think it's a reason to switch. "But if everyone switches, won't that get rid of the security increase?" Perhaps a little, but the only way it would completely vanish is if everyone switches to the same flavor of Unix. If we have a Unixy, more secure home computing environment, but slightly different flavors, then viruses and malware will have a more difficult time propagating in such a non-homogenous environment.
(b) Remote exploits. This, I think, is a lesser issue, but not a trivial one--there are a considerable number of remote exploits in Microsoft software, and there have been a non-trivial number of viruses and malware that spread through this vector. Unix-based systems are historically less vulnerable to such attacks, and often the remote processes that are vulnerable run under a different user than the desktop user anyway.
Dlugar
Computer Go: Writing Software to Play the Ancient Game of Go
Are the editors even paying attention here? How can a 500-word, Grade 6 public speech-quality editorial makes it to the frontpage? Where is the quality here, folks?
For he today that sheds his blood with me shall be my brother.
Now, J2ME is a flawed platform in many ways, but in terms of security they're light-years ahead of where desktop computing is. There are many things we could learn from it.
How much more secure can you get when you can actually view the source code. With proprietary code you are not certain that the system you are running is actually behaving the way it should.
in *nix, user-level apps don't have write-access to system directories beats the hell out of the Microsoft model.
Don't even get me started on the stupidity of how installing an app in windows allows it to extend the whole OS.
Yeah, but who cares about the security of a home user? Get a NAT firewall and a good backup and if your computer crashes, burns, and blow up simultaneously, who cares?
Now, workstations, with actual valuables on it and that are needed for day to day operations of the company, need to have better security than just a NAT box and Norton.
And servers, where Unix really excels, let's just say Bank of America ATM's down because of a SQL Server Worm and leave it at that.
Home users? Who cares? I work from home and have enough friggin backups it wouldn't kill me to have my computer crash and burn. It'll put me out of comission for a few days sure, but still.
This is just a small, random editorial piece that makes only one statement that would probably be just a millesecond thought process to most of us. I'd like to see real data on specific OS's pitted against each other, armed with switchblades and stuff, to the death.
I continue to be surprised at those who still don't seem to understand the viability of UNIX on a home desktop. I took an old Pentium II-class Gateway laptop a few weeks ago that was running Windows 98. My six-year-old daughter wanted a system and since 98 is impossible to secure (technically, abandonware) and XP has no chance in hell of running on this fossil with any reasonable load of applications (96 MB RAM, 2 GB drive, etc), I loaded Gentoo on it with KDE.
Not only does she have no difficulty using it, but my wife and 12-year-old son are on it all the time checking emails and websites. The wife's a hard-core Mac user and my son normally uses XP. So while all the tech industry reporters out there muse about "when Linux will be viable for the home desktop," those of us out here who have a clue will continue to quietly use it.
When NT 4.0 was coming out the arguments were that it was more secure than the joke that was Unix. I remember top security guys telling me to get my mcse for that reason. This was in 1996.
Its laughable today because it was before the holes in Windows2k were discovered but there is some truth. VMS and MVS were standard and rock solid with security. Unix like Windows was written in C with parts of c++ scattered here and there with userspace apps. Buffer overflows galore are everywhere.
Even MacOS (not Macosx) was more secure for the reason that it did bounds checking on types. Add to that the fact that x86 can not tell the difference between cache stored for ram and cache stored for applications where you can just point to where a program is stored for execution and you have a nightmare on yoru hands.
Keep in mind I am no expert and I dont even have my 2 year degree yet. Perhaps someone more knowledgable can clarify how the compilers work?
Unix is surely better than Windows but VMS is about gone and who uses mainframes anymore besides a selected few users who need them?
Standards are good but there is no diversity left in platforms. Its too bad VMS just died and stayed closed. It would be nice to have something besides just unix and Windows
http://saveie6.com/
Security equals security for *your* files, and Unix can't do that, so Unix must be just as insecure as Windows. Only when you define "security" in your own, narrow way, and then never implicitly say what that definition is in your 'article'.
I wonder why he didn't bring up that Dad has pictures of Little Johnny on his first day of school Mom has all of her and dad's wedding photos. Litte Suzy has all of her papers for school on the hard drive. Little Johnny likes to look up pr0n.
Windows situation, While trying to download hotmidgetdonkeypornheaven.exe, Little Johnny accidently picks up uber.worm. Uber.worm deletes Johnny's files, suzie's files, mom's files, dad's files, system files, makes the system useless, and you go from a windows computer to a nice paperweight until you reformat. *nix situation, While trying to download hotmidgedonkeypornheaven.sh, Little Johnny accidentally picks up the uber.deletion.script. Uber-del deletes johnny's entire home directory!
Of course, Mom, Dad, and Suzie are entirely unaffected because Johnny doesn't have permission to overwrite those files.
Wonder why the asshat, er, I mean, article writer didn't bring up that snippet?
Evil Walrus >83=
The logic is absolutely laughable, so it must be a joke. All systems fail, so all systems must be backed up. But what has 'backup' have to do with security? Thats recovery, not how to keep malware out of the system in the first place. I suppose all home users would rather "recover" their systems every other day rather than to do what they really want to do, like write letters and organize their photos. This poor guy needs help if thats how he thinks things should work.
What is wrong with you? Security doesn't matter to home users? I've spent a tremendous amount of time doing 'volunteer tech support' for my friends, family, coworkers, etc fixing windows machines that got hosed by XYZ windows worm. None of them are, I would say, pleased to lose their data on a regular basis. I always tell them that next time they buy a computer, they should consider an apple, because it is the easiest system out there that also has an _acceptible for home use_ level of security i.e. they won't get hosed by the next worm that passes through their subnet. Everyone of them is incredibly pleased once they realize their system has worked, without being put in the shop, for longer than any other system they've owned.
====
Crudely Drawn Games
That sucks, but: UNIX rocks,
Since when is this an acceptable and objective way of writing an article? Frankly, you may as well, use pointed four-letter words you may get your point across better. This person needs to revisit a dictionary to improve their vocabulary. Or at very least write an article that doesn't sound like it was written by a 10 year old. I do like the credibility of 10 years of experience but:
Like um, I'll never visit your site again, Dude.
Proof by very large bribes. QED.
Thomas Halwedra is a young'in with very little real world experience and any practical experience. They kid is in college and has a bunch of machines at home. I think he takes an extremely simplistic view of windows and unix security.
:-)
His 'OSNEWS' bio: http://www.osnews.com/editor.php?editors_id=11
I was doing systems programming on UNIX BSD 4.2 Tahoe when he was born.
I am surprised that his article was even published/posted, I can't really even see his argument or what point is he trying to make. Oh that's right he's a 'managing editor' WTF?
Back to work.
I get called out on this a lot and I'm going to point out some key differences between two types of RAID arrays. A RAID 0 (also known as a striped set) splits data evenly across two or more disks with no parity information for redundancy. Therefore, it is an example of a RAID array that is actually not redundant (despite the acronym). Even if a normal user was running RAID 0, a hard drive crash would be catastrophic.
Still laughing?
My work here is dung.
See, for example, this thread.
Successful malware tries to hide itself and keep the user from noticing anything's amiss. This is much much harder if you can't subvert the OS.
PHEM - party like it's 1997-2003!
Look at the risk of being labeled a fanboi, macs are easier to use than windows and when used in the manner that most home users will use it are arguably more secure than Linux. Sure it's possible to make a more secure linux, but not one that's usable to a home user.
/backup
As for locking it away add something like the following to your cron jobs running as root:
find / -depth | cpio -dpl
this makes a virtual backup of your files sufficient for most user's anti-viral backup needs. It does not protect you against some forms of file modification or a disk crash. But on the otherhand it consumes almost no space ont he hard drive, so it can be done almost anywhere.
you need to add to that files to avoid, and be sure the directory is only root accessible. If you want to get fancy you make copies of these virtual backups for weekly.monthy yearly backups. If you want to get tricky you can do crazy shit like mounting another filesystem on top of that directory to hide it from accidental or viral access.
Some drink at the fountain of knowledge. Others just gargle.
The issue in this piece is that the Unix security model allows viruses and crackers who break into a user account access to that user's personal files, which the editorial presumes are what the user really cares about.
This is a very good point. Due to the cracker/virus having the same exact privileges as the user who was infected, it/they get access to that user's files via UID. Other than setting up a special account to browse the net with, there is no solution to this problem on a Unix system.
Or is there? Capability-based systems have never had this problem in the first place. On a capability-based system, you would run Thunderbird and Firefox under your own username, but only with the capabilities to a small whitelist of files and directories you want to allow access to and limited privileges to even those.
So let's open an email virus on Capability-Thunderbird...
Thunderbird caps: mail-spool file, read and write. User settings file, read and write.
Open a virus... Virus inherits its capabilities from Thunderbird.
Virus tries to open for writing: "Johnny's First Day of School.jpg"!
Dialog box: Do you want to allow Thunderbird to open "Johnny's First Day of School.jpg" for writing? If so enter your password and press Yes, otherwise click No.
User wonders why the heck Thunderbird is trying to open his innocuously named pr0n file...
User thought he was just opening an email from his mother.
User decides that he doesn't want his mother sending him a virus that will tell her about all his pr0n and clicks "No" in Dialog Box.
Virus is unable to open the file it wants. It crashes and burns due to impotency.
And so the user is able to run things with a bit less fear.
I'll grant that the default settings in almost any OS are more secure than a given Windows product. But after all the proper tweaks are made is there really a profound difference for the lowly end user?
"Waitress I need two more boat-drinks..."
I hadn't the slightest objection to his spending his time planning massacres for the bourgeoisie... (P.G. Wodehouse)
I see a few comments aready critising the article. I think these people have missed the point. This article is not about you... this article is about the average user.
..oh and making christmas cards with their inkjet...
To the average user school picture are much more important because they are irreplacable. If their computer is dead, the average user will either take it to BestBuy, call their nephew, or buy a new computer. Each one of these options bring the system back to a usable state sans their personal files.
This is why transparent backup systems are starting to take off. They are overpriced and generally stupid and not geared for an "enterprise" environment... but they are great if you want to keep secure your 500mbs of photos taken with your digital camera.
Yes, you should have physical backup. Yes, you shouldn't click on porn or warez links. Yes, you are an idiot if you run random executables. That doesn't change the fact that to the average user, their files are invaluable and the OS is just something that they have to deal with.
Please try to keep this in mind while making your, "TFA is teh suxors. Linux rox." comments.
p.s. to the guys making fun of the author about not distinguishing between unix and linux. I think you are missing the forest for the trees. The everyday computer user doesn't care about security. The average user doesn't care about best practices. They may say they do because of some vauage fear about hackers and virii but when it comes down to it... they care about:
1) Personal files
2) teh intraweb
3) playing games (solitare)
There is nothing special about UNIX or linux that makes it immune from viruses.
However, in UNIX culture, there is something. The first rules of security.
First, the default installation should not act as a server operating system. The system should not respond to ANY outside requests for anything unless enabled to by the system admin.
Second, no action on the system should be performed with any more than the minimum set of privileges necessary. Everything should be done with user privileges, not system privileges, unless absolutely necessary.
The use of these basic security rules applied more or less throughout the UNIX world, and for MAC OS X as well. Windows INTENTIONALLY ignores these rules in order to "maximize the user experience", and in doing so spawned a multi-billion dollar anti-virus industry.
The guy skips lightly over the fact that it's the system that mediates interactions between the Big Bad World (a/k/a the Internet) and the user and his precious files, so that if the system is well-designed and set up properly, it will do a great deal to protect the user even from his own actions.
An analogy one might usefully make is to the highway: good system-level security is like a well-designed, well-lit highway. Sure, the user (driver) can still kill himself, but he has to behave unusually recklessly. On the other hand, poor system-level security is like a rutty, unexpectedly curving dark country road. Even reasonably careful drivers at moderate speeds can get in trouble.
The guy is focussing on the fact that in both cases the driver can get himself killed. But that isn't the whole story. One "road" (system) makes it easier for a moderately careful "driver" (user) to survive. The other puts even careful "drivers" at risk. And, of course, there's the obvious fact that no "road" (system) can possibly protect the completely reckless "driver" (user).
Arse.
Wit.
This argument is as old as the hills. UNIX is good to nobody if they can't use it. - more secure or otherwise. Windows has the usability; UNIX has better security. Security in Windows isn't perfect, but not too bad either these days. Windows can talk to my digi-cam with a kernel recompile. Fedora core can't. Shame.
throw new NoSignatureException();
I've been saying somehing similar for years about various desktop operating systems, but IMHO the author completely misinterpreted the significance. It has nothing to do with the particular OS used in the example; it has everything to do with the difference between machines used in a mission-critical environment and machines used by an individual on his or her desktop at home. For production machines, the integrity of the OS and the uptime that comes with that integrity is of paramount importance. Unfortunately for the average home user, the OS is exactly the most expendable and easily-replaced thing on a machine, and efforts to protect it at the expense of user files are laughably misguided. It's shameful that nobody sees this for the most part, and every new OS protects itself more and more fervently and leaves the users more and more on their own regards the data they care about.
;)
Of course in the *nix world the blame all falls squarely on the users, since they are the poor misguided souls trying to use a server OS on the desktop...
Don't even bother reading it. The author is a *nix troll and editor at OSNews. From time to time they release a flame bait opinion piece to attract users and comments.
Nothing to see hear; move along.
Still laughing?
Yes, thank you. This time at you.
This is the latest of several editorials written lately about Mac users being complacent about security. Regardless of the merits of the argument, this is sort of the "me too" editorial that seems to on the rise these days. It was interesting the first time I heard the theory, but spare me the copycats who do nothing to expand on the basic premise.
he thinks Unix sucks because it cant completely protect the home directory, but can protect the system files... as opposed to windows where the attack would wipe out both... basically if you backed up those photos you will never look at, you lost nothing with the unix system and have to rebuild the windows system... I dont get it...not having to rebuild a system sounds better to me (while losing files) than losing the system and the files)
The phrase "more better" is acceptable English. suck it grammar Nazis
"One of the biggest reasons for many people to switch to a UNIX desktop, away from Windows, is security."
Huh? Maybe that's the talk among the amateur kiddies on IRC and Slashdot.
However, of all the professionals (Software Engineers) and academics (Linguists, Sociologists, etc) I know that use UNIX desktops, not one of them has told me they use it for the security -- they use it for the applications. Security is an afterthought for most people. Instead, they use it because it offers an environment in which they can most easily do the things they need to do on a day-to-day basis.
They want their bash and their xterms and their emacs or vi. They want their compiler. They want their statistics package. They want to munge some data files with a quick perl script. They've built business logic around shared NFS directories to help in work review and sharing. In short, they want to get some work done.
Sure, the sales people still want their Windows and their Powerpoint and Outlook. And there are whole fields of programming that revolve around Windows. But there are a lot of people who just don't intersect that world, and for whom Windows is mainly a platform for games and photo sharing at home. Either way, the choice of platform is about what you want to do. Security is just something you do to make sure nothing interferes with what you want to do.
If I'm Johnny Home User, and it's my Linux computer, and I want to mess with sketchy content like pr0n, warez, etc. maybe I ought to create a separate non-privilged account for my dirty work. That way if I get bitten by a nasty thing, it only trashes my pr0n account.
(Oh my god! I lost all my pr0n.)
What a great article. The ad in the middle of this "Microsoft Article in Disguise" really makes me want to switch away from OSX. How much was VISTA again? and I can't stop thinking about SQL Server!!!!!! I want IT!!!!
Err, this isn't security we're talking about here. Security isn't me not losing "my stuff" (a disk crash can do that), secuirty is YOU not stealing "my stuff".
/. we're not a bunch of egotictical morons ;-)
For most home users THAT'S important (bank details, order details, hell even my address and phone number). You imagine how well a phishing attack would work on most users if they knew about open orders (from say Amazon) by reading your files. I think that's much more important to most users!
Of course we all backup our files! Jeesh this is
But what is more important to a home user? His or her own personal files, or a bunch of system files? I can answer that question for you: the pictures of little Johnny's first day of school mean a whole lot more to a user than the system files that keep the system running.
Sure poor computing practice by the user that owns the files could result in their destruction. Nothing gained versus Windows there. But in a family computer scenario, more is gained than the author admits. On Windows systems, many programs are (mis-)designed to require administrator rights even just to run them. This is not generally the case on UNIX-derived systems. As a result, accounts for family members will often be in the local admin group. So on a family computer if you give Little Johnny an account to run his software and play games, and he goes and downloads the latest malware and runs it, it can nuke your data as well as his.
Under a typical scenario under a UNIX-like system he can only destroy his homework and saved games, not your pictures of his first day of school along with them.
That's got to be a non-negligible benefit to the family user that the author completely discards.
.sig: file not found
...did you get to compile a Windows kernel?
Author, you took one facet of security and tore it apart. Good for you. Yes, Windows can be highly secure, let's say, given the correct group policies.
Ooooh but wait a minute. A typical home user wouldn't be concerned with group policy. Let's please compare apples to apples, or at least try.
I think we should replace the word "security" with "awareness". I am aware of certain things, so I run my Windows XP pro laptop a certain way. I choose Linux for my home workstation. A typical home user isn't aware of certain things, so of course it doesn't make sense for them to use Linux.
Here's an example. I'm not aware of how to drive a typical standard transmission automobile. So if my goal is to get to work on time, I won't pick that as my method of transportation. I stick to what I'm comfortable with, and what I'm aware of. When I become more educated with a standard transmission vehicle, I will be more aware of what's involved. Until then, feel free to call me Mr "stick-shift idiot". In fact, I have a rough time getting to work on time with an automatic transmission vehicle... perhaps I'm a getting-to-work-on-time idiot as well. But I can do some slick stuff with computers.
But a home user aware of a certain number of things, can be pretty secure. Even in Windows.
And to make my point clear, "awareness" isn't a strict number, in fact, it fluctuates daily. Noone can be 95% "aware". If you're "aware" of a flaw in my system, and I'm not "aware" of it, then I'm not really secure am I? No matter what OS I'm running.
FLR
Security issues have moved on a little since the 80's, where his point of view is from - very few security breaches today result in loss of data, because computers are really more valuable as zombies and so not many viruses really attempt to mess with much (even the most recent public example of a destructive virus on WIndows was pretty much a dud).
Another thing he does not account for is time. Time is a valuable commodity to all users, and anything that can prevent a virus or spyware from reaching further into the computer reduces the amount of time and knowledge needed to remove probelms from the system. That is at the core the value that UNIX brings to the security equation. Not absolute protection but like a teflon pan, easier cleanup when you do create a mess.
And last of all by not explicitly mentioning how much more inherantly secure UNIX systems are that start off with a base of no open ports are. Sure spyware and viruses can get in through the browser, but it's a much harder attack route than just scanning and finding a hole wide open that requires no effort on the part of the computer user to install.
In the end his rant boils down to noting that users should really back up files often - but even this message is dated, as a few years of sketchy consumer hard drives with short warranties has started to drive home this lesson in spades through failed hard drives. Forget hackers; little johhny's pictures today are in far greater peril from a simple lack of using the CD-burner.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
If someone runs Windows like almost everyone runs Linux (not as system user) and also run Anti-Virus and Anti-Spyware products they might even be up to par on security holes and how long until they are fixed. How important the bugs/holes are and how fast they are fixed in Linux vs Windows is hotly debated. There are various reasons why IMHO Linux is ahead there (OSS, secure by design, ...). But because Microsoft is spreading a lot of "information" on that I can see many people believing and writing that Windows is ahead.
My point:
It is more than obvious that malware writers target Windows so much more than they target Linux. We just had a story about the WMF exploit being sold late last year and spyware companies using it before Microsoft put out a patch. Until more malware writers target Linux the theory that users might be more secure with Windows is so ridiculous that:
1. I don't even need to RTFA to debunk it
2. I don't want to click on it to generate revenue for the webpage through ads
3. I don't understand why Slashdot is putting this up
Yes, it is a pompous headline but it's friggn true. I just spent two days on vacation at a relatives house cleaning spyware. 3 AV scanners, 4 spyware cleaners and there is still crap happening. Unix doesn't let you hide crap like that. Worst case I could boot a CD and do a scan as to eliminate kernel-based root kits. That same kind of effort is friggin prohibitive. There is something to be said for YUM and apt-get. I can very quickly assess the basic patch level of a box and ALL of its applications. Windows = Good Luck
..about this article, and it's not even stated explicitly. But it is at least to some degree a fair point. Here it is:
Linux has a lot of hype around it about being "more secure." People who don't understand security or systems administration can potentially be confused by thinking "more secure" is the same as "foolproof."
Someone thinking that, say, being on a "secure" OS means you don't have to back up your files anymore is wrong. We (the slashdot crowd) all know this.
We also know that there's a difference between hardware and software, and that no software can protect you against a hard drive failure. We know that there's probably no such thing as a perfect piece of software that can never be attacled maliciously. And we know Linux doesn't claim to do any of these things, or that it would be unreasonable to EXPECT Linux to do any of these things.
But the buried point is that not everyone knows this. Not everyone who owns a computer or would reasonably like to operate a computer feels that they need to know all these things. No flames please, and no "well, if they didn't bother to learn, they deserve what they get." It's a fact. Most people do not know or care about what goes on under the hood, just as most people who drive a car couldn't explain what the braking master cylander is or how it operates.
To take my car analogy way too far, there are people who think that having 4 wheel drive will somehow allow you to stop from 40 mph in 90 feet at a redlight, even in the snow. They equate "4 wheel drive is good for snow" with "I can drive just like I always do--the car will take care of this." Count the number of 4wd vehicles in the snow in North Carolina after a 3 inch snowfall if you don't believe me.
Back to my point, the author here is worried that people who don't know what an operating system is, what it does, and what it can and can't do are in danger of hearing "Linux is more secure" and interpreting that statement incorrectly, and therefore making poor decisions because they think they don't have to worry about ANYTHING again.
Who determines what the emergency is?
I think this is actually easy. The user does. But she will need administrator privileges to restore files from the backup. (Or, at least, the backup will simply not be writable by the user.)
617B3B7F7E7C7D7F00EOF
>allowing a png image rendered in mozilla to execute code .png image look like?
t ion=view¤t=unix-insecure.png?
so come on what does this
i think i know.
URL:http://photobucket.com/albums/f173/fooded/?ac
I hide behind a very big root to hide from all the nodes, deamons that are thrown at me and tie myself to it so you can't drag me away to /dev/null.
Anyway, what I wanted to state is that Thom Halwerda might be right in some way. His definition of linux/unix-like/unix systems are clearly not right and in some ways his thinking is clearly faulthy but he has quite some point. A lot of users think they are safe, that making a back-up is something that ISN'T needed since his system is updated or is commonly THOUGHT to be safe. Not just linux-users, but windows users as well. I really doubt that everyone here hasn't lost a single file because he failed to create a back-up. It might be something like a thunderstrike in you neighborhood that makes your system melt or whatever, but everyone has definatly lost a file once in a while. Even all the big sysadmin's here might loose a file or two in a year.
This snippet of an article really misses the point.
No kidding. I've just added ...
... to myI just sent this to the author of the article (slakje@osnews.com):
I'm sure you're probably getting a ton of these emails, so I'll keep this (relatively) short:
It's incredibly naive of you to say that because *nix users have full access to their user space, they are no more secure than on a windows box. Consider, for a second, how malicious software propagates itself on a user's system: The most popular methods include memory resident programs, overwriting system files and libraries, and the unwanted installation of software invisible to the user.
On a standard windows box, those methods are trivial because the user runs in "root" space. On a standard *nix system, however, the user has no admin privileges whatsoever. So a malicious piece of software has much, much fewer options and means-of-entry in to the system to do its dirty work. Now, is a *nix box bulletproof? Certainly not. No one ever said it was. But by default, it's much harder to do real damage. The removal of the users coveted pictures, documents, etc has to be prompted by some piece of code. If it's much harder to implement that code on to the users machine, then yes, that machine is more secure. You're missing the bigger picture.
Not to mention "security by obscurity", which simply points to the fact that windows users make up 80%-90% of the market, so the authors of the malware tend to target windows machines because they're a more target-rich environment.
My point is, to simply say something like "acutally, no, unix is no more secure than windows" and not go in to any real, tangible detail borders on FUDD, and is exactly the type of press that potential coverts soak in.
Thanks for nothing,
Tim
Incoherent babble from a complete idiot who can't form an intelligent thesis statement, structure an argument, or figure out how to build an argument based on reason gets posted on the front page of Slashdot. Film at Eleven. Warren (OSNews has very low standards on the quality of things they allow on there. Or is it completely open, and anyone can post on it? That would explain the complete lack of intellect this writer displays.)
don't you share your home PC with the rest of the family? With Linux and a virus attacking *your* files, their stuff is still okey-dokey.
Use a svn or similar repository for the user's home directory. All filesystem operations are handled through a suid app, so the user has no direct access to the real files on the disk. When teh virus or hax0rs come to eat your data, simply roll back. Of course the whole thing should be transparent from the users POV, and there needs to be file aging in place to dump old files so the disk doesn't fill up too horribly, but I can see a scheme like this quashing TFA's only gripe.
Apparently, as far as he's concerned, if ~ gets destroyed, the whole system may as well be destroyed.
When someone cracks a user account you would be wise to wipe out the entire system in unix environments as well. In most cases going from user to root privalages is far easier than getting into that user account in the first place.
In both cases the computer owner should rebuild the system. In both cases they have potentially lost their personal data or had it copied.
There may be a difference in getting a hold of the user account but a trojan spyware install will probably still work.
Rod Taylor
Windows does have a fairly intricate permission system, and you can setup non-administrative users just like you can in Linux. The only difference is, lots of old software expects to be run with administrative privileges, so if you want to run those things, you need to run as admin. The main reason people use windows is for backwards compatibility, but these days you can do most of your work in windows with a non-admin account if you want.
autopr0n is like, down and stuff.
This is a troll/flame bait article. OSNews does this from time to time for ratings. Standard MOP.
And the author needs to be vigorously beaten with a cluestick.
Windows sprinkles settings and crap all over the place, you can't count on every application putting your data in C:\Documents and Settings\[you]
In UNIX, all the settings and documents you need are in one central location, period, making them easy to back up-- rsync one folder over to another volume and you know, repeat KNOW, that you got everything.
And even if the worst case happened and you lost your entire home folder or your account became compromised, because of UNIX security you know with complete certainty that the rest of the system is just fine. As opposed to Windows, where some of the shit that gets into your system even loads in Safe Mode and can easily spread to other user accounts if it can just manage to get itself executed when those users are logged in. And once it gets in there, you can never be 100% certain you got it all out unless you nuke the drive and reinstall or restore from an image made before the infection. I've worked on plenty of Windows systems that were so fucked up I needed a second computer there to even be able to beging to diagnose/revive the ailing one. Never had that happen on any Linux or OS X system-- I just log in as admin without worry and do what I need to do.
...and want their argument back. The trojans that "just" wipe out your disk are actually quite rare these days. People want your machine to spam, show you ads, use your computer as a platform for new attacks, proxy, dumpsite or any one of a dozen other uses. A machine where you can only trash someone's personal files isn't valuable except to scriptkiddies who are nothing more than online vandals.
As far as the rest goes, the data are very important but people don't protect them well in any case. However, downtime is important - or not really downtime, since they can spend a week to have it fixed - but every time they have to get someone to fix it, that is a big annoyance. If you can keep the system clean (and if you're good, have the Admin/root account take backups to somewhere the user doesn't have access) you're saving yourself a bundle of time and problems.
Live today, because you never know what tomorrow brings
But what is more important to a home user? His or her own personal files, or a bunch of system files?
Well, I dunno. If a bunch of system files get wiped out on a laptop, for example, Joe User would not be able to get to his personal files. He would have to spend hours on a technical support line or find a techie who can extract the files for him. So, I would think that both are equally important from that point of view.
I can answer that question for you: the pictures of little Johnny's first day of school mean a whole lot more to a user than the system files that keep the system running. Of course, they should make backups...
Ding ding Ding! You said the magic word! Backups! On any operating system, does not matter if it's Windows, MacOSX, or *nixes, if you do not have regular backups of your personal files and something awful happens (like a hard drive crash), then you are screwed either way.
Not to all of you n00bs out there, don't listen to this FuddruckerTM. He is just blowing smoke up your a$$.
Coderz 4 Life
Do I expect too much to think that slashdotters could back their arguments up with actual information? Sigh.
.NET), where buffer overflows are a given part of the fun?
MS claims that they're only susceptible to viruses because they're popular. Is this true, or are there just more security holes at a fundamental level?
Don't you think we should look at the actual design differences between Windows and UNIX? Here are some, off the top of my head...
1. UNIX has granular, file-level permissions. Does Windows have this? When renegade malware claims access to a box, how much damage can it really do to a UNIX system versus a MS system?
2. Processes in UNIX run in protected memory space. It takes great effort to transgress the assigned process image locations in UNIX and access memory space that is not allocated to that particular process. Does Windows have this protection? I don't think so. I could be wrong (I don't program in windows-land), but if anyone could substantiate this, maybe we could find our answers.
3. Buffer overflows are rampant on Windows. They're rampant on lots of OSes, but they seem to be consistently endemic to anything Microsoft writes. Is this because the APIs for Windows used to be written in C++ (I'm thinking MFC, not
3b. Again---when this occurs on UNIX, it doesn't generally open up the system to attacks. But in Windows, an application that fails opens up everything to attack.
4. Oh, let's not forget the rest of C++ based fun: dangling references, memory leaks, etc.
5. System calls just seem up for grabs on Windows, am I right? In UNIXland, you can't say fsck without filling out things in triplicate.
6. The test of time. Core system design in UNIX has been reviewed, revised and rewritten by competing parties for DECADES. Who knows what goes on in that Redmond ivory tower.
Maybe the Orange Book goes into more detail than I have time for.
http://www.radium.ncsc.mil/tpep/epl/index.html
Anecdotally, however, I can tell you that I've never had to restart my BSD system, nor my HP/UX system. But as for Windows, I can now press Ctrl-Alt-Delete without even looking.
BTW-- What does hard drive failure have to do with an OS? That's hardware.
Its cold in here. Somebody fan me some flames.
Secondly, as someone who has seen trojaned PC's I can tell you that being used to spam viagra ads to the western world does have a practical cost for non-techs. While some trojans may leave the files alone the fact that a) all security is compromised, and b) your hardware is being used by others without your consent or knowledge; is meaningful to everyone. In this arena *NIX systems do have a significant leg up over windows. It is much harder for an errant e-mail to lead to a full system compromise on *NIX than on Windows. That having been said I can see how a user-specific trojan may do as much damage.
Thirdly, the author seems to be ignoring the truest source of vulnerabilities: applications. While the base OS is an issue the primary source of holes are applications (Outlook) or application-components (WMF). A *NIX system can be as insecure as Windows with respect to these. However a) There is a greater offering of secure forms, and b) *NIX's more modular form and coding traditions (sacrifice features for security) make it (in general) less suceptible to these kinds of problems.
Fourthly, Windows is developed on a different model from *NIX. Microsoft has always put new features first and foremost. This has led to the situation specified above.
That being the case, much of this is tradition. The traditions of Unix Development (Security over Features) versus Windows (Features over Everything) is what has led to the current state of affairs. Microsoft is in the process of learning the long hard lessons of their history and has been attempting to ape the *NIX model more closely. Meanwhile some in the Linux community have begun arguing that they should move to more "Feature Laden" distros like windows. If Microsoft succeeds in its painful changes and Linux distros begin chasing the "I want features now" crowd then the equations may reverse themselves.
Windows NT borrows and builds upon a lot of things that were in VMS. Microsoft hired the lead VMS engineer from DEC to head up Windows NT development. It seems kind of weird to allege that VMS is technically superior to Windows NT, when Windows NT was largely based on VMS and improvements that could be made upon VMS.
The advantage of UNIX is it's simplicity. The common APIs found on UNIX systems haven't changed in many many years. This sounds like a weakness but from a security prespective it is a great strength. This is because the vast majority of bugs are in relatively new code. If you recall the end of NT4's life it was pretty stable (relatively speaking). That's because all new development work was on other products. Now with the introduction of XP and Sharepoint and .NET and all the other new stuff, there's a mountain of new code to find exploits in. Windows is much more sophisticated than UNIX but whether or not that's a good thing depends on what you're using it for.
In fact, you could debate this for any OS. Here's how I see the best use of each OS:
Linux - Great development platform. You can easily install it on a laptop and get most things to work like they would even though it was "designed for XP" (e.g. power management). Linux is also a great virtual private server. A VPS is a Linux instance running in a VM like User Mode Linux. You can serve Webmail, SMTP, php apps, mysql, imap, etc for your personal use for $20/mo. As car analogies go, Linux is a Ford F150 pickup.
Windows XP - Required corporate desktop. XP provides integrated security with ACLs on a wide variety of resources with all groups managed by a central authority with UIs to manage accounts. As a car XP is a like a fully loaded Mercury Montego sedan (it has all the amenities but don't expect it to be running in 5 years).
Windows Server - Good corporate application, file and print server. It has a rich highly integrated set of libraries. Required for running server side applications for XP clients such as Exchange and AD. Windows Server is also like a Mercury Montego sedan except it costs a lot more.
Solaris - Rock solid server application platform with world class support. If you don't need the sophisticated APIs provided by Windows Server then Solaris is a very good choice. Solaris is like a large Frietliner flatbed truck with GPS tracking and 24 hour roadside assistance.
Mac OS X - Home PC desktop. OSX is ideal for the casual home user who wants to create a web page from the photos on their digital camera or play their guitar with sound loops in Garage Band. Mac OS X is like a Lexus RX 330. Every respectable yuppy has one.
FreeBSD - Good HTTP server for the Internet. It's also a good alternative to Solaris as an application server platform if you're trying to save money and don't need it to scale to 16 processors. FreeBSD is like a Toyota pickup.
I have found the ultimate solution to such issues in my VMWare testing environment - snapshots. We really beat on and hose our testing machines and, to make sure we were getting an acurate test, we would always have to reimage them from a Ghost image every time we went in there. We replaced that solution with running our testing in VMWare where reverting to a previous snapshot just takes a few seconds. Not to mention that you can branch off them in a tree fashion to track and test under various changes and conditions. I really don't understand why MS can't develop a simpler version of something similar for the OS. HD space on the vast majority of user's machines is plentiful and the ability to be able to make a snapshot of your system when it is exactly the way you want it that you can go back to later quickly and easily would solve myraid problems. If you could back up that snapshot to a DVD or external HD in such a way as the hypothetical snapshot manager could restore your PC config from it in the event of a physical HD failure all the better.
Now, obviously, we would need a way to prevent a malicious program for also corrupting the backup snapshot - maybe some password that is specifically for the modifying and changing of the system snapshot.
I doubt that MS will ever be able to make an OS as secure as Unix as long as they have to provide the level of backward compatibility they do. What they could do, however, is mitigate the risk by giving us a way to get our PC back to it's pristine state without all of the trouble of app reinstalls and haphazard backups/restores. The limitation always was the hard disk space this would entail and that limitation has been blown away by modern HDs...
I've set these up before
----- /home/$USER
#
# Nasty file deleting virus thingy
#
#!/bin/sh
rm -rf
echo "Hahahahahaha"
-----
He seems to have entirely failed to understand that if viruses (or other unwanted nasties) can't gain access at system level it's much harder for them to replicate themselves round the network automagically (something which is true for all OS's, inc Windows). This means that whilst you might lose your files, everyone else on your network doesn't have to join you in your misery.
The article seems basically to be a complaint that unix doesn't stop you deleting your own files, which is roughly equivalent to complaining that your gun didn't come with a mechanism to prevent you from shooting yourself in the foot.
This isn't necessarily the fault of Windows
And that is only because the FIRST step is learning enough about the system to know that there is a problem. It's easy for most of us who spend time and read
I think I'll actually have to defend Slashdot here - as far as I can see, the reason why they're carrying this is not that they agree with it (or think that we would), but rather that they want to give us something to rip to shreds. And admit it: doing so is fun. :)
quidquid latine dictum sit altum videtur.
He does make a good point about the stop gap between mortal and root users privileges. Most non-technical people don't appreciate the Unix security difference. They also don't appreciate strong passwords or good patch hygiene either.
I would opine that the weakest link in security is user ignorance. IT professionals and the l33t g33k types have no problem understanding packet filtering, host limiting, disabling services, strong passwords, patching, etc., etc., but the large throngs of ignorant users out there either don't know the significance of those types of security measures or they don't care.
Windows is so ubiquitous and MS markets themselves as the most secure, consumers just go with it. Ever try explaining why you think *nix is more secure than windows to an "ID10T" user?
Granted, MS has lots of problems with security (complacency being the most severe), but *nix in the hands of someone who doesn't understand it is even more dangerous--which is the authors point about the Mac users who are sitting on very powerful unix kernels and don't know it.
Having the most secure bunker in the world doesn't do a dang bit of good if you don't bother locking the door.
I'd say user education would be the best place to start improving security--arguing over why unix is more secure or which myth is "truthier" is yet another dead horse beating.
I might know what I'm talkin' about, but then again, this is Slashdot...
He does have a point, but it's an easy problem to address. Currently it's pretty easy to run potentially untrusted programs (Web browser, email clients, etc) as another user. Sure you still need to give them access to X, but they won't have direct access to your home files. I'd like to see this process made easy enough for a newbie user to be able to do it, and possibly even the default method of invocation of untrusted applications for the desktop distributions of Linux. If a distribution was doing it, the users who need it the most would never even know it was happening.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
His complaints can be fixed with a shell script and a cron job, or a logout script. It's not a problem inherent to Linux or Unix but to specific distributions and installations.
Deleted
Viruses only spread when their infection rate EXCEEDS the removal/immunization rate.
When the infection rate is lower than the removal/immunization rate, the virus dies.
With most current versions of Linux, the default security configuration means that it is very difficult to infect a machine (not impossible) and very easy to remove the infection.
Before this "InterWeb" thingie, I was cleaning boot sector viruses from DOS machines that required someone to have booted from an infected floppy.
Linux boxes CAN be infected, but the odds of it happening are very, very slim.
I wonder if the shareholders have a case for mismanagement?
Call me a troll.. but strangely, one of the "favourite" software of an average user seems to be viruses. It always amazed me, it always amaze me and it will always amazed me that I can use a windows machine behind an NAT router and I did not have any problems. Compare with some of my friends, they can have a new computer and get some computer virues the next day. I guess user education is an really important thing and having an OS that reinforce "best practises" will help a lot. In this regards, the non-root user in Unix-like system using helps a lot while in Windows, I can try to tighten the system as much as possible, but there are times that I have to loosen some settings just to get certain applications running.
PS: sorry for the bad grammar.
I'm sick. Not because TFA claims that Unix is not that better than windows from some perspective. I'm not surprised if Unix-like system is not that better from many perspectives. I'm sick because the author of TFA thinks as if the only issue is the loss of your data on your PC caused by the LOCAL activity on YOUR SAME PC.
Isn't it easier for an attacker to masquerade his/her wrongdoing if he/she has root privilage instead of user? Is it that difficult to figure out that the point of making your PC a part of zombie network is anything but to destroy your personal, precious data?
I'm sick of these guys who assume that the "average" users are so dumb that they can't care less if their PCs are used to hurt others.
Long time ago I had a conversation with a colleague of mine. He said that he didn't have to worry about virus and security, because he regularly backed up important personal files, and nothing confidential (like credit card information) was on his PC anyway, and he simply didn't care if some jerk wanted to look at his emails. In his opinion, there's absolutely NOBODY who really gains anything from owning his PC.
Even at that time (more than 10 years ago), it was a common knowledge that somebody can own your PC without doing any apparent damage to your data, silently doing something nasty (like attacking other computer using your PC). I had to tell him that his data was only one aspect of the valuable resources, and that he had to think about a social damage that could be caused: Potential DDOS and such done on his PC BECAUSE he left his PC unprotected for so long. His reply was like "So what? Do you think the attacked guy is going to sue me? Ha!".
I was beginning to be angry, but I knew this guy was intelligent and nice at heart, so I continued. It took a long time before he was finally half convinced of my arguement. I had to say something like "What if you leave your car with the door unlocked and your key inside for over a year, and eventually a jerk steals your car, hits somebody he hates, and runs away. Your car was old and you don't regret the loss, and the guy hit doesn't sue you. Do you still think you're OK with that?"
But that was long time ago. And we were (and are) scientists, not tech guys. I assumed that, by now, at least every tech "journalist" type knows that it is not only about your personal data, but also about some nasty, sometimes criminal, activity done using your PC. Security issue is social, rather than individual. And still, this so-called "article" appears on OS News.
</rant>
Sorry for my rant. Now I feel a bit better.
513 words? And I learned nothing new. Why are these people allowed to write articles? At least with the UNIX "server" security, a worm can't just pwn your machine from the internet because you are running default settings with DCOM turned on. Backups aren't just for servers. If you want Johnny's first day at school pictures kept safe, make backups. Or at least chown them to root.
Ok, the fact of the mater is, if you have someone who dosn't know what computer security is it dosn't mater what OS their running. BSD and most linuxes are kinda nice because the mostly secure to startm and inorder to do something stupid.. you would have to know how to do it. As apposed to windows.. all you have to do it press the button of noobness and get owned by the newest virus. I don't really blame MS for this problem, but there the most common desktop and there OS gives crackers their biggest bang for the buck, and inorder to make things easy for there users they leave them self wide open. I am sure unixes have problems but there just not as targeted as windows. Security will allways be a debatable thing because you computer is only as smart as the person running it.. And in most cases with the gerneral public, this has bad concequences.
There is 1 strong point to unix on the desktop though.. User Privlage Seperation!!
90% of windows users run there box as Administrator ( or the same thing under some other name)
90% of unix users run as a restricted access user on there box..
running as a user who has "God" like powers is ussualy a stupid thing to do.
(unfortionly I see this way way way to offen on windows systems) Even sadder alot of security VPN systems require there users to run as administrator..
There is no way to make a system secure in the sense of the article. The user can always delete its own files! A virus in Windows can do a lot of non destructive stuff that ends up eating away at the machine until a complete restore is needed. That's what never happens on Unix systems. The reality is that there is no security without backups. If your files disappear (for any reason) just restore from the last known good back up. Normal users do not bother, hence, they will always lose the information. The article claims that the system files are not important... But they are! In a Unix machine when trouble strikes you can always create a new user and use the browser to find a solution to the problem... Try that in a viri hosed Windows Box...
Well, it would be more than simple to write a virus that sends itself out to every address in the Outlook address book and then c:\deltree -y
It would spread quickly and wipe out A LOT of systems.
There are two types of people in the world: Those who crave closure
I got a call from my brother the other day - he told me he was going to dump his very capable, $200 Linksys wireless router in favor of another one - simply because it wasn't on Microsoft's "approved" compatible Xbox 360 router list. that is, he cannot get files to share between his 360 and his PC seemlessly (which is strange because when I was there for christmas I had no problem doing so.)
At any rate, I had a sort of epiphany: Users don't want to learn - they don't want to tweak. Most users just want it to _work_. They don't care about bells and whistles, if it doesnt do what they want it to do in a quick fashion, they dont want it.
Its sad, but true. Secure or not, I find it very difficult to believe that linux, unix, or any other OS will take away Microsoft's advantage - they intend on getting things to work automatically so _anyone_ can use it. I've been using computers for 9.5 years myself, and some of the things I have to do in LInux take a long time to do for me (partially because I'm not familiar with it) becuase I have to read the extensive documentation.
And there are times that I have just wanted it to 'effin' work without havnig to RTFM of 60 pages
1. Normal users shouldn't back up their files.
2. All viruses should be given root access to the system.
3. It is better to lose system files than the user's files.
4. It is better to lose the user's files and system files than just the user's files.
Last Post!
Heavens crickey. Give me break.
Let me post a replacement article for this crap that isn't even worth debating:
Blender 2.41 is out. Very cool. Nice new features added to the game engine. Get it here -> www.blender.org
We suffer more in our imagination than in reality. - Seneca
That starts you off on shares and setting the time/date.
Do you want to know one of the coding practices lead to this problem?
http://blogs.msdn.com/aaron_margosis/
You might want to spend some time looking up Powerpoint 2003, too.
The guy who wrote this obviously had one point to make that he thought up, and instead of thinking of more and other interesting things to say, he just repeated himself until he made his target number of pages. The entire point can be neatly packaged in to one sentence: UNIX itself is secure, but people are stupid, so you UNIX kiddies had best watch out. I don't see the need to say that 50 times with various different self-congratulatory sentence structures.
"My heart is in the work." - Andrew Carnegie
The article author has trod out a rather worn, rather weak argument seen before from other Microsoft apologists (note windows ad in-line). Maybe you can argue about the relative security merits of Windows and Unix, but the premise that viruses "wreak havoc" in a user's home directory is just plain false.
I've done many post-mortems, and as said by another poster, security breaches (which includes viruses) very rarely result in the destruction of data. Intruders don't care about your photos. They install spyware. They install zombies. They install warez and porn servers. Maybe they search for credit card numbers, but that's harder to detect (and beside the point).
Hard drive failures are, by far, the #1 cause of data loss. Back up your stuff, and move along.
...implementation of a universal security feature for normal users will be virtualization. Your system gets borked or owned, no probs, poof it away and respawn a good image. The next will be when desktop systems ship with enough RAM so that the entire OS can be run from it.
I think it has become apparent that without laws insisting on safer audited code,i.e., some sort of consumer actual money back warranty like other products, a software "lemon law", that we as users can't rely on code being released that is "secure" or even "close to being secure". The industry has completely failed at self policing, relying on "tough luck for you buddy" EULAs instead.
But this does not explain why the exploits which provide vectors for attack exist. Perhaps marketshare plays into this as well where developers at MSFT have become lazy and complacent with their commanding market position.
Let's stop blaming users for security problems and lay blame squarely on the developers themselves. If any company deserves a class action lawsuit, I would say MSFT does when you consider the amount of money spent compensating for their incompetence.
Jesus was a compassionate social conservative who called individuals to sin no more.
Of course, he's right, but he's not taking into account that this won't matter in a few more years. Yes, people should back up. If they don't and they've been repeatedly warned then they only have themselves to blame for not heeding the warnings. It's still a tragedy though. One simple way to avoid it, is to make certain that you have a section of the file system that is NOT accesible to the user under normal circumstances. It is optimized for security and is impenetrable because it's not even connected to the net. Console access only. However, it has access to the user's files and is scheduled to do nightly backups. This should be a DEFAULT configuration for ALL OSes. And you know what? It will be. Thanks to full virtualization (Intel's VT AKA "Vanderpool" and AMD's "Pacifica"), this will happen in all future OSes. Security experts have predicted that future systems will run multiple VMs on top of a virtualization layer (VERY different from VMWare and Virtual PC as there is no guest OS) to provide secure environments and isolated environments. This stuff is coming fast and if you're not already up on it, you'd better be:
1. The Xen Project is the leader
2. Intel VT
3. AMD Pacifica
Wake up! A big change is coming...
-"...bad old ideas look confusingly fresh when they are packaged as technology" - Jaron Lanier (Digital Maoism on Edge.o
Chances are, if you're smart enough to run Linux, then you're probably smart enough to backup your important files.
Smart enough back up the files? Probably. However, how many people regularly archive and backup their work unless they've lost data before? That's the tricky part, most people are lazy and don't bother unless there's an automatic solution OR they've been burned before.> However, how much is that increased security really worth for an average home
> user, when you break it down? According to me, fairly little
Hrm. When I saw this in the summary, I was expecting an entirely different sort of article. See, I think the "worth" of all that extra security (let's assume for a moment that Unix/Linux security > Windows security) involves more than just the salvation your data might see. There are whole other vectors of cost involved, and the informed consumer of an operating system needs to think about all of those vectors.
My brothers have recently been begging me to install Linux on their computers. Long-time Windows users, and completely ignorant of Linux/Unix-type systems, they come to me from a standpoint of fear: omigosh, if we hear of another Windows vulnerability we'll just die!
Now, I'm a big fan of Linux -- use it every day of my life to Get Stuff Done -- but I cannot in good conscience recommend this to them. Why not? Well, let's flip a few more pages in the story, to the night one of my brothers convinced me that no, he was sure, he wanted Linux.
The Fedora Core 4 install went pretty well[1] -- no glitches to speak of; the system came up as expected. But in moments, we found ourselves in trouble. There was no driver for my brother's rather common WiFi card, and his second video card was acknowledged but not being used. The provided tools didn't grok MP3 or WMA formats out-of-the-box. A large chunk of the user experience remains a thin veil over command-line tools with a thousand options. And so on.
This particular brother still thinks he has the guts to drive ahead with this, but I know him better than he knows himself. In a matter of weeks, he'll realize that all that extra security amounts to a system that *hurts him* to use. And that will be that. FDISK. Setup.exe. He has his life back.
(Turns out there's an ndiswrappers RPM I could plop onto my USB JumpDrive -- along with RPMs for a kernel upgrade to match the ndiswrappers kernel module -- and then install on his box -- that took a few hours of running up and down the stairs from networked box to not-so-networked-box to accomplish. All is well, now. I still haven't solved the dual monitor thing. I can't even really make myself care.)
My point is this: an article like this is just noise (and in this case, poorly executed noise, even). Arguments and debates in response to it citing whose OS can kick who else's OS's behind are equally noise. The decision of what operating system to invest time and energy into running calls for broader consideration, and at least today, calls for recognition by all parties that all things are not equal. Some systems better suit entirely different swaths of the user base; none is all all things to all people.
/* cmpilato */
One of the biggest reasons for many people to switch to a UNIX desktop, away from Windows, is security.
nope, my biggest reason was the free beer. i don't want this author guy speaking for me even if he does manage to get his head out of his ass...
Serenity now, insanity later.
if your time is worth nothing...
I repair many of desktop and notebook machines. Three last week - this is Monday and I already have two machines waiting for this week. This is not my main business - people only bring me machines after other people already tried and failed to fix them.
To fix a borked notebook PC and remove all spyware crap, takes 3 to 10 hours. Repairing a desktop takes 2 to 3 hours. The problem being that notebook PCs are slooooowwww, so the repeated scans take forever and Spyaxe and similar crapware requires multiple passes and multiple reboots with multiple scanners to remove. Consequently, I spend 10 to 20 hours per week removing crapware from Windows PCs.
In contrast, I never have to remove crapware from Linux PCs and notebooks - they just keep working - chalk up zero hours to Linux repairs. This means that in practice, Linux is infinitely more secure than Windows.
Nuff sed.
Oh well, what the hell...
So, the premise of his article is that the average user doesn't care about security
Captain Obvious strikes again!
The second premise is that people who do make backups on windows systems don't do so on linux systems...When has this ever happened? The type of user this article is talking about never made any backups on any system. Maybe they tried to, but ended up with a CD full of windows shortcuts, but I promise you, anyone who is smart enough to use linux will not throw away all good computing habits, just because they think they can.
The few points I would have conceided, had the author made them, are that one of the reasons more viruses exist on Windows is because more people use windows, so virus writers write for the more popular system, and that the best security in the world doesn't matter when the end-user doesn't care. If the end user can't install malware because he isn't root, then he'll log in as root and install it anyway. If the end-user is constantly running into this kind of thing, then the end user will use "root" as his primary account. The MAJORITY of CASUAL end-users take the path of least resisitance, which also happens to be the path of least security.
But then, I don't understand a great many things that they changed XP. For example the control panel... It was perfect in W2k... Why those insanely stupid categories. No wonder I run XP with the W2k interface
I agree with all your point though. I prefer mx OpenBSD server over my XP desktop anyday ;-)
Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
The OS already can be set up to do this. The premise of the article is flawed; and based on a premise that I reject. Chances are, if you're smart enough to run Linux, then you're probably smart enough to backup your important files.
I don't know about this. I wasn't "smart enough" to backup my important files (anything that didn't come straight from a Debian package is important.) and one of my hard drives died - I panicked, I replaced it, I extracted all the data from the dead drive that I could (first through several misguided attempts with an incorrect method, then again after learning the right way to do it) and slowly my system returned to normal.
And where am I, a year or two later? Still no RAID, still no backups, just hundreds of gigs I'd hate to have to download all over again if I lost it.
So no, I don't think being a Linux user automatically makes you smart enough that you will inevitably do backups. For starters, one needs something to backup that data to.
---GEC
I'm but the humble pupil, seeking to snatch the scratchbuilt pebble from the master's fully articulated hand
from article:
/home/user
The user does not have full access rights to all files. The user only has full access rights to his or her own personal files.
And that is where the problem lies.
If that's true, then I can solve it pretty easily:
# chown -R user:user /
# chown -R root:root
It really annoys me that the writer makes the assumption that there's only one user on the machine. My machines have accounts for myself (unpriviledged, of course), my girlfriend, my friends that come over on a regular basis, and one extra generic account for people who don't have specific ones. This isolation is something that I could never achieve with Microsoft, and I have had times where a friend has nuked his home directory or the generic one, but left the rest of the box intact, including my stuff.
And, yeah, on my laptop I'll admit that since I'm the only user, if I lost home then I'd be pissed, but it'd be my own damn fault. But, I'd have the box back up and running immediately, which on a laptop potentially being used in the field with no support structure immediately available is very, very important.
Do not look into laser with remaining eye.
Turn of "use the welcome screen" setting in XP and when you press ctrl+alt+delete you will get the "change password" button.
I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
"Yep. It is possible. But it is more work than the average Windows user will want to put into it."
Then you asked:
So I provided you with specific links describing the specific problems and even HOW those problems arise.
So you replied:Yeah. No one ever said that it was IMPOSSIBLE.
What I said was that it was more work than the average Windows user was likely to put into it.
Did you understand it that time? Do I have to repeat it again for you? I do? Okay, I will.
Under Windows, it is far easier for the average user to just run as adminstrator than it is for them to fix the apps that don't work right as a non-administrator user.
NOT "impossible".
And the reason that is it far easier is because the average user must, somehow, FIRST learn why running as administrator is a BAD THING.
Back in the old days, we had real trolls. We had trolls who knew MORE about the systems than the admins. We had trolls who could tear apart a TCP/IP packet.
Now, all we have are these "search Google for me" trolls. It's a sad day for trolls everywhere.
The more I use Linux and OS X the more I wish my whole family were on one of them. The amount of time it takes to cleanse a machine of viruses is just silly these days. I realize people are going to respond about how they've had a Windows system up for 3 years with no viruses and no AV running blah blah blah. Listen, you sistem and mother are simply going to get viruses on their PC. And if you want to keep cleaning them up, keep them on Windows. Linux and OS X simply don't have these issues. I could qualify that with a "Yet" but that's just cliche'. It simply isn't happening on Linux and OS X. Until it does, Windows users have no ammo on this point.
Well, about the only reason I found to use WinXP is the fast user switching and you lose that when disabling the welcome screen.
Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
So, what kind of pr0n do you have on your system? We should share. I have 10 gigs of solid BDSM.
Actually, I was thinking about that story Slashdot had a couple years ago about placing the Home directory under CVS; I think with an inbetween kind of user (not root to avoid su task) a number of distros could benefit from this idea.
"Yeah...it was the numbers that were irrational, not the murderous cult of vegetarians...." -- Hippasus of Metapontum
It would spread quickly and wipe out A LOT of systems.
Yes, it would spread quickly and wipe out a fair number. But it wouldn't spread as far as less harmful malware, because it would trigger immediate alerts, news would spread fast via other channels, and countermeasures would be initiated quickly. A bit like what happened with the "Kama Sutra" worm or whatever it's called. It would spread fast, cause damage... and then die out very quickly, never to be seen again. Conversely, I still get probes from Code Red, and that thing's five years old. It also doesn't cause obvious symptoms (at least, obvious to the casual user).
You see this in nature continuously. Diseases decrease in virulence with time. Killing your hosts too quickly is not a good survival strategy. It's happening with malware now, especially since it's mostly being written from a profit motive, not as some kind of lowbrow prank. You don't want to alert someone that you've taken control of their system! You want them to keep it unpatched and working for you for as long as possible. Overt symptoms are the worst possible side effect from their perspective.
The vast majority of malware is already, and will continue to be, much more stealthy than that. On Windows, they can easily worm into the actual OS and conceal their presence. This is much harder on Linux (note I did not say impossible) and the problem is compounded by the diversity of platforms. Worms with rootkit functionality will be more common, but they will face a much tougher environment in Linux than Windows.
PHEM - party like it's 1997-2003!
You can "lose your stuff" with a disk crash
Unix still doesn't have a viable virus, OSX literally has none
Running processes as System (which is higher than Administrator) is silly
If more *nix users were out there less machines would be getting "botted" and thusly the internet would suck a lot less!
This
Yeah, I agree it's stupid that you can't have both.
I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
Ouch. A month ago I was presented with the problem of how to replace one of my hard-drives which had been making some *very* ugly noises and criticially failing regularly. I was afraid, this looked painful, I certainly didn't trust the suggestion of using tar grep or cp -a to simply move everything from one device to another. Sounded linux 1995 to me.
/dev/hdbroken /hdnew" which moved all the data on the old disk to the new one, and then "pvremove /dev/hdbroken". Genius. I guess you know about all this being gentoo and hardcore. I just want to give my anecdotal evidence as a case for why y'all should use LVM next time you start a system.
But then at this moment, boy was I pleased to find I'd used lvm (logival volume management) during the install. I thought this was a bit crazy, having two partitions that are intangible from the two disks, but then it all made sick sense. All i had to was to format the new hard-drive (pvcreate) and then run "pvmove
For this whole idea of the author to hold there are a few things to be taken as facts.
First of all, this virus/trojan thing. I have never, ever seen a trojan or ever had to "meet" one so far using BSD or Linux. And this is not only because people just don't care about unix-like systems in order to create viruses and trojans for them. It is the architecture of the system itself that doesn't really help anyone create something catastrophic. And you have to execute somehow this catastrophic thing in order to get damaged. How? Through the web browser? Hardly. Oh, I got it. Email. I see this nice, for example, sexy.pl file and I say "oh so nice, let me execute it". Not really.
Secondly, users of unix-like systems are certainly not random users. At least the majority. They have at least some respectable amount of knowledge and they know what they are doing, the emails they are viewing, the attatchments they execute, the websites they visit. So the whole story about viruses and stuff that will delete the files at your home directory is really nonsense. The only way to get "hacked" somehow is because you will ignore basic security habits like running services on you account for example. Let's blame user ignorance and stupidity and then judge if a system is secure or not and if it protects you from your ignorance and stupidity.
Finally, this sense of security is real. If you don't believe me take the average day of a windows user. "I have to update my antivirus, check for new spyware definitions, check..., scan..." and so on and so forth. Is this a sense of security? Hardly.
One word Thom, SELinux.
I'm not sure where anyone is advocating Unix security as salvation for
the home desktop, although it is nice to be able to 'recover' from a
breach temporally by switching user accounts... which is possible
because the rest of the system isn't as likely compromised. And, sure,
there is some gain simply from running a non-mainstream solution...
although there is the same security in running NT3.51 on Alpha...
Neither of these angles would justify the claim that Linux has more
fundamental security for the personal desktop but, again, I don't
think anyone is making that claim.
What is important is that security on Linux is progressing at a much
faster pace than much of the competition... we've already covered the
basics with which so many other OSes are struggling, we've got a savvy
userbase who is willing to help new security solutions mature, and,
most critically, we have the source code to our applications which
allows us to adjust them to fit into new security frameworks.
Case in point, SELinux. Available and activated in multiple
distributions today such as Fedora. SELinux allows fine grained
control of what applications can and can not access. Someone has
remotely compromise your AIM client? So what! All they can do is send
bogus IMs and nuke your gaim configuration. The rest of your user
account is protected. This isn't bluesky stuff, it's available today.
The technology is still immature, and the user experience isn't quite
seamless. It's not a complete solution, but it's a huge step in the
right direction.
Users of modern distributions such as, again Fedora, can expect to be
provided with other security improvements in addition to SELinux. For
example, non-exec-stack without special hardware, highly randomized
memory layouts in applications, apps compiled with overflow
protection, etc. These features protect users today. Other than
remote attacks the other threat to desktop users is trojan binaries.
On linux the users writeable directories can be mounted noexec (or
even more fine grained controlled is possible with SELinux).
Finally, the most important protection that Linux world already
provides desktop users: A culture among its users that doesn't
constantly expect and require downloading and executing untrusted
binaries.
I wouldn't do so much as move a mouse to defend the single-mindedness of this article, and I don't go to OSNews much as a general rule; however, it should be noted that if you compared news in the tech industry in general and lumped the relating bits together, you would find that the signal to noise ratio would often be the same for whatever you want to see specifically, including backgrounds of the individuals writing the news.
In 1998, an article on Linux was bound to be written by a Unix administrator or a representative of an "E Company." By 2001, more and more journalists, granted, tech journalists, were finally doing their Linux rounds with actual valid experience. Now, whomever was in college between 1998 to present is bound to have at least heard of Linux if not seen or even tried it (usually on campus or on a friend's system). People writing complaints and praises for Linux will come from more and more varied places. Linux is in that place today that computers in general were a decade ago.
Of four people I've met recently that use Linux systems, two are far outside the course of compu-geek, and are, ironically enough, women. One is a war vet and the other is a mother going back to college. The first picked Linux out of paranoia...that might tell us something about military goings on; the second picked Linux out of merely practical means: She bought a computer for cheap and the two operating systems she could choose from at the store were: Microsoft Windows 98 - $120, and Mandrake Linux - $68: and that's how she made her decision in 1999.
"Yeah...it was the numbers that were irrational, not the murderous cult of vegetarians...." -- Hippasus of Metapontum
The article, and most of the posters here, are missing an even more important point. There are very few viruses that just delete all your files anymore. The two major threats the PCs these days are spyware (a threat Linux has greater resistance to, because modifying plugins and such usually requires root permissions (with some exceptions, such as Firefox plugins - you're down to app level security there, on both platforms) and zombies to add your PC to a botnet, which Linux is more resistant to, again, because of not running as root. Yes, you have roughly the same level of resistance to "delete all your files" viruses, which are rare these days relative to the amount of "take over your machine as a botnet" viruses.
All that, of course, is ignoring practical differences in the security history of the platforms and common applications, as well as the lower profile of Linux in terms of automated threats. Direct attacks (ie, someone is specifically attacking you) are just as much of a threat, and many distros are vulnerable to attacks in an unpatched state. Linux is *not* a panacea against threats (and only idiots portray it as such), but it is a very different threat profile than a Windows machine.
[PARENTHETICALLY: I'm giving up Mod Points to reply to you because no one else seems to want to make this point...]
Every single thing you wrote would be true if you were to exchange the word "Windows" for the word "Linux" [and vice-versa].
In fact, Windows has a vastly, almost prohibitively more elegant security infrastructure than "Linux": File rights of "Full Control, Modify, Read & Execute, Read, Write," file attributes of "Read-Only, Archive, System, Hidden," very finely-grained ACL-based system security "Policies", a global Kerberos-based directory authentication scheme in Active Directory, etc etc etc.
"Linux" has rwx-rwx-rwx. That's it. [Now Linux combined with Novell Directory Services and a Novell File System would be an entirely different cup of tea, but that's a whole 'nother discussion. Although, I'd ask: Does Novell even have a "Policies" ACL-based security infrastructure for KDE or GNOME yet? Are they working on such a thing?]
The reason that "people" [the great unwashed masses of the bell curve ten or twenty or thirty IQ points below geniuses like yourself] don't use Windows security is because SECURE SYSTEMS ARE A PAIN IN THE ASS and no one wants to be bothered.
If Linux had 95% market share and you had retards surfing the web as "root" [just like the Windows retards surf the web as "Administrator"], then you'd be seeing the same damned thing with Linux that you see now with Windows.
Maybe even worse.
isn't worth a damn...
Including this one.
Sound and fury, understanding nothing. Typical of OSNews, but sad that Slashdot's carrying this crap.
As an OS News reader, I'd say it's much more typical of Thom, the lead editor and author of that article, than OS News in general. Most the other editors are rather rational. Of course, some of the readership comes up wanting...
At least it isn't as bad as digg though....
Actually, I was thinking about that story Slashdot had a couple years ago about placing the Home directory under CVS; I think with an inbetween kind of user (not root to avoid su task) a number of distros could benefit from this idea.
CVS is overkill for backups. Just do incremental backups with rsync (with hard links) and you have a snapshot every time you do a backup. Make sure you are backing up to a different hard drive of course. Set up a seperate backup server and through ssh into the mix if security is a concern.
Yes, its true that malware can destroy all data accessible to the current user. However, a frequent computer user is likely to have all kinds of different data stored in different applications. By giving that data different ownership the user has protected his data.
Examples would be storing data in a version control system whose backend is managed by a server. That is highly likely to survive a malware attack.
2B || !2B
No.
I don't think anyone but Mac users claim that.
Except for a few crackpots I don't think that Mac users in general have ever claimed immunity from malware. We do, however, justifiably claim to have a more secure out-of-the-box operating system than Microsoft and so do the Linux geeks. That being said there have also been a few crackpots who made and continue to make the virus immunity claim for Linux. I don't think that most Linux user take them seriously either.
Only to idiots, are orders laws.
-- Henning von Tresckow
A tale,
told by an idiot, full of sound and fury
signifying nothing.
-- Macbeth
http://commentgator.blogspot.com/2006/02/hypotheti x.html
The premise of the article seems to be that a secure system has no need for backups. That is pretty silly. Your data can get lost in more ways than being wiped by a virus, e.g.;
A car-related analogy would be to say that if you have good tires, to don't have to carry a spare. It sounds pretty good, but it's beside the point. The point is not that the tire will fail in normal use. It will fail from abnormal circumstances like shards of glass or a nail on the road.
The second point is that viruses on Windows rely on some shortcomings of Outlook and IE that allow execution of programs downloaded from the internet without user intervention. UNIX programs tend not to do that.
The best way to run a program on UNIX without a user starting it is to start it via cron, the startup scripts or by having it replace an often used system program. But since write access to all of these is restricted to root, so a normal user can't touch them or infect them with a virus.
So a UNIX virus pretty much needs to be explicitly started by a user. Which is a case of "pilot error", and not a shortcoming of the system.
Never ascribe to malice that which is adequately explained by incompetence.
Well Lets See, I have forgot how to use M$-windows it's been so long since I have had one and I don't really miss photoshop. I did not switch for security reasons but it was an added side-effect. I don't have anything to hide I don't but my financial info on a computer connected it the internet, and I don't were a piece of aluminum foil under my ball-cap at all times (just on the bad days). but the default load of any Linux / *nix can leave you as venerable to attack as any M$ box. if you poke yourself in the eye with a screwdriver is it really the tools fault or was it because you where not using it correctly. I'm not Talking up MS I'm just saying that if you are going to switch because of security alone then you probably wont put the time in to have it configured correctly or patch in a timely manner so you'll be just as ready to be invaded as anything you are trying to escape. The only advantage you would have is that all those little porn and search widgets are not available for *nix and you won't be able to have them auto-load.
check out http://www.linuxrecruiting.org/
I'd Tell you all my secrets but I lie about my past
Windows / Macs / Linux
But it is more important to have a decently secured OS right out of the box. This is because most of the average users will use it the way it is delivered to them.
If this means turning off some "usability" features that a certain percentage of your users would like
The article fails to discuss malware that causes the user to lose real money.
For example a rogue dialler program that gets installed on a Windows system and starts calling expensive international or 900 numbers at night.
This costs typical Windows victims hundreds of euros/dollars before it gets noticed and hopefully removed. Only to re-appear the next time the user makes an unfortunate decision when clicking on a dialog box.
This does not happen so easily in a wellsecured system. That could be Windows as well, but by default a Unix system usually is more secure (today).
Both OS's can provide methods to do this automatically, but that does not take the onus of backups off the user.
I'm not disagreeing with your main point, but I wondered if you'd elaborate on the included automatic backup tools on Windows.
On Linux/BSD/Darwin/MacOS, you can put together a backup strategy using cron(tab) and rsync that will spread your data across multiple machines, securely, and once it's set up do it regularly without user intervention. Granted I wouldn't call it exactly simple to set up, but I'm not much of a UNIX guru and I just did it over my lunch break by SSHing into the two machines.
As I'm forced to use a Windows machine at work, I'd be interested to know if something similar was possible. It was my understanding that to get the same type of system, you'd have to invest in a commercial product. Is there a way to do it, 'out of the box,' that I'm just not aware of?
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
I hear this a lot, but there's actually a pretty good reason. Windows feels restrictive as a normal user, because its filesystem and registry permissions are so haphazard. Many programs won't even run in a non-admin account at all. UNIX is designed to make the user feel quite unrestricted as a normal user, and conventions like sudoers take this principle even further without compromising the overall security of the system.
Working in a DevOps shop is like playing in a band made up entirely of keytarists.
Linux user - install and go.
That doesn't...seem...quite...right. Now, granted it's been 11 years since I started using Linux and 19 years since I started using Unix, and the ol' memory isn't what it used to be --- but I seem to recall there being a bit of an activation barrier there, a steepish bit of learning curve right at the beginning, where you have to sweat and curse through a bit of figuring out how to set the damn thing up. WTF does everything important live in "/etc"? What the hell is a "root" password and why do I need one? And so forth. So it doesn't seem to me like most people who take it into their heads to repartition the disk, download 4 gigs of RPMs (or whatever), and fire up Linux on the home machine are going to be the uberlazy types who just robotically hit "OK" and "Next" buttons on install script dialogues without bothering to read all the interesting messages that come with them...
Analogy's. Dontcha just love 'em.
Well, they're like guns. They can be highly effective or bloody dangerous, depending on the skill of the user.
It's my (possibly flawed) understanding that RAID-0 was a sort of backronym; it was created later, after the other common RAID levels, in order to refer to something "beneath" RAID-1 on the scale of redundancy/safety.
I remember when RAID was a new thing, and I don't recall anyone talking about "level zero" initially. People talked about striping, and then the various RAID levels, and JBOD, but I think the "RAID-0" term came a little later. I'm also fairly certain that disk striping in order to get performance improvements weren't a new idea, and they were just referred to as 'striping' before RAID became a household term.
Anyway, I agree with you -- it really shouldn't be called a RAID-level-anything at all. It's disk striping, and redundancy doesn't enter into it.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
And it is precisely because some users don't understand the Windows security model that it is pooh-poohed as being insecure. That and the fact that the default install boots into Administrator with no password.
If Windows default install and behavior was the same as Linux - new users are just Users, not Administrators, and executing something that required elevated privileges prompted for credentials - there would be no further argument about Windows being less secure than Linux.
Web 2.0 == Giant Blogspam Circle Jerk
I take it you want an "object-oriented" operating system, wherein user data is precious and locked up tight, with access rigidly controlled by public and semi-public methods (the methods doing the job the present OS does).
Eh, it may be a plausible vision for the future. Basically a thumb-print lock on every bit of data you create, and you can only get to it via a few, limited methods. But your OS will still have to be secure, perhaps more so. You'll need your locks and keys to be functioning perfectly if you expect to get access to your data in the way you expect. God help you if you "lose" (or someone "steals") your "key" to data that's locked up in a truly impregnable vault.
I have the welcome screen disabled and I get taskmanager when I press the holy trinity. XPro, if that makes a diff. If this weren't a family box, It'd be running Slackware, but I don't quite have everything for my personal box yet. I like to read, and read well, I suppose that makes the difference. If people would get curious rather than intimidated...
...their system files. Heck, for the average home user rebuilding a system is as simple as microwaving a coffee. Who cares if your system gets nuked as long as Johnnie's pictures are safe? Heck, my mom can have her system back up in less time than it takes for me to drive over there. After all, being an average user, she knows exactly where all here disks are, she knows that you do use the MS driver here and that you don't use the MS driver there. Doesn't cost her a cent and everything is back to tickyboo in no time flat.
Perhaps Thom can give me his number so I can refer my friends and family to him for free service. All the users that I know copy their important pictures etc to CD or DVD so the only thing they have to worry about when they get a Message From Bill is how to rebuild the box. This is a huge futzing pain in the ass and, if you don't have a friend you can lean on, can be really expensive.
I've run Linux for a number of years, and before that I was an avid Mac fan. I can't believe people still use an OS which requires third party software to make it secure. Anti-virus software is a PITA, so in my opinion, it's less work to run Linux and update (a la emerge, apt-get, etc) regularly than it is to run Windows and have to update your system, your applications, your anti-virus, your anti-spyware, your anti-adware, your other anti-spyware, your other anti-virus, and your other anti-adware, just to avoid an automated attack.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
You do realize that your entire system is compromized (especially one a single-user system) if some malicious entity gets access to your home dir, right? Here's a hint, and is but a single simple-minded example of how I can rock your world if I get access to your home directory: Do you always run '/bin/su' when you use su, or sudo, or whatever? Do you always give the explicit path to anything that asks for your root password? How do you know that the "Incorrect login" error you get from the login process is _really_ from the login process and not your login scripts? Basically, you're screwed if someone gets access to your home dir and you have and use the root password.
Microsoft AntiSpyware
So guys, when was the last time you had to deal with a virus/trojan that deleted files?
Anyone?
OK, now when was the last time you had to deal with Spyware/Mass mailing worms/DOS attacks, etc?
I'd say that these days, data protection is actually a secondary concern - after all we have backups for that - hard drive failure will still kill your data.
Also, take into account that if the system can not be compromised so easily, a virus/trojan/whatever has a tougher time getting to your data in the first place.
smash.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
So, what kind of pr0n do you have on your system? We should share. I have 10 gigs of solid BDSM.
:) I mean, "Teenage Twins" was fun and all, but it's no treasure. And if something I found once turns out to be hard to find again, most likely it's not worth the effort.
:)
Actually most of it is my collection of Mystery Science Theater 3000 episodes. I have almost the first 5 seasons complete (six if you count the KTMA season). A lot of what's left is anime of the giant robot variety, versions of Star Wars movies that weren't fucked up by chimps goofing around with Photoshop back in 1997, and so on.
Most of my porn I don't think I'd bother to re-download. I'd just find different porn to download.
As for the backup, the question is still "where to?" I could solve that question with more money - and should, really. But this is exactly my point - when presented with the options (spend a couple hundred to double my storage, or spend a couple hundred to backup my data) I go with the first every time. But even upgrades aren't often on the agenda, my money's going elsewhere.
So to recap, I'm smart enough to run Linux and do some useful things with it (just got my wireless card running and talking to my Nintendo DS) but somehow still not smart enough to allocate funds to building some kind of backup strategy...
---GEC
I'm but the humble pupil, seeking to snatch the scratchbuilt pebble from the master's fully articulated hand
Really? I mean what really annoys you now? More likely to be your credit card details being stolen, or your PC slowing down as it becomes part of a zombie network.
'Capitalists of the world, unite! Oh
The fella is missing the biggest advantage to UNIX, and that's got nothing to do with whether you're running as root or Administrator or Fred Nurk or Minnie Bannister.
THe bissgest security advantage that UNIX has is that it doesn't have Internet Explorer, Outlook, Windows Media Player, and all the other software that uses that Typhoid Mary of the Internet, the Microsoft HTML control.
The idea that it's even vaguely acceptable to not only build the entire desktop environment about a web browser, but to make that browser... and not the applications that call it... responsible for determining what it's going to let a document do, is just so mind-blowing that seven years after I first saw what was then called Active Desktop I'm still having trouble believing that they're still doing it.
What are these people thinking?
I could stand for some better access control, but your point about root login is without merit. I don't know of a single distro that gives users the impression that they can or should log in as root all the time (the way Microsoft does). In fact, some distrobutions like Ubuntu go to great leanths to prevent this. Yes, if everyone ran linux some individuals would log in and work as root. That group would be about the same size as the current group of windows users running without antivirus SPECIFICALLY because they don't think they need it (as opposed to the group that have expired antivirus, or don't know what antivirus programs are, etc). I say that it would be about the same because they would need to make a consious desision to avoid the safty measure for they're own convenience. (there are decent free AV progs if they don't want to fork out money, they just don't want to hassle to find them)
* Most people will use the default user account of any operating system that is in front of them. *
Most would probably forget all about the root account, and forget the password (or use the same password, also not a good practice, but at least then you would need a keylogger or some kind of trojan to get admin priveleges).
I won't join Slashcott. OTOH, If Beta goes live, I just won't be back until it's fixed. Sorry Dice.
freedom is the main reason I prefer not to use Windows but the alternative is not linux, in fact linux is the opposite since the security stops the user (myself) from doing so many things I want to do on my own computer and there is no way to easily turn it off. windows is annoying enough with it's protected memory and file locking and linux makes it even more annoying. I know there is a market for a secure operating system, but there is also a market for an operating system that doesn't get in the way of the user. I totally hate logging on, in fact I refuse to use an operating system that forces me to logon, I also hate file-level security, and memory protection, which does nothing more than stop me deleting my own files and changing my own memory locations, patching the system and experimenting. security as far as I see is unnecessary on 'my own lan' and only between my lan and the outside world is a benefit and is protected sufficiently by my hardware firewall. security in an operating system is akin to having security on 'every' door within your house, and not just the outside doors.
Applications which are happy enough to be installed in ~/bin can usually be configured (or built in such a fashion) to check ~/lib or something similar for their requisite libraries. You can get pretty fancy with a setup like that... multiple versions of apps and utilities and whatnot.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
Plus side of scheduler: You can run tasks as domain users.
:-) You're just going to have to keep updating that job...
Minus side of scheduler: You can't run anything as a domain user without an existing token (i.e. parent process) or authenticating to Domain as said user.
Hence the built-in password.
Of course, protection of said password is only as good as machine protection, which isn't great if you can remove the HD and retrieve it from the job files.
So, that being said, since the supposed security of the running job is only as good as physical machine security, you might as well run the task as system because it isn't any more or less protected.
If you want to run it with reduced rights, create a local user who's password does not expire and pick a lengthy password that is unlikely to be broken. Also, remove all login rights EXCEPT login as a batch job, to avoid attempts to guess the password through logon attempts (local or network based).
If you need the rights of a Domain user (with resources that reside on machines on the domain), well you're SOL.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
The nice thing about Windows security ACLs is that they can in theory apply to anything. You can create your own DACLs and have security descriptors for your own application objects - not just files. You can also define the permissions for your own object and define a mapping from the generic read, write, to your own permission system. So in Windows, Printers have that ACL editor dialog to control permissions. Registry entries also have that ACL editor dialog to control permissions. And the permissions / allowable operations are different for printers and registry keys. Your app can also use the default Windows ACL editor (although it says on MSDN it's for Win2k Pro and XP Pro only).
The problem with it is that it is fairly complicated. I'm definitely not a good Windows programmer, but the Win32 calls to set an object's security are quite complex. Thankfully libraries like madSecurity make the job easier.
just like windows used to use FAT32 by default (and many OEMs still do)
Modern linux systems have MAC systems (SELinux, grsecurity, and a few others) and POSIX ACLs on disk (ext3, XFS, JFS and NFS v3/4 all support it).
I think the one thing that windows has that is interesting from a security perspecitve is the ACEs on registry entries and how this configuration API is system-level, cannot be bypassed, tied to the user/process, etc.
Unix apps have nothing as advanced as that and I would like to see some progress in configuration management and the administrative features thereof (security especially). I think GConf/dbus is a step in the right direction... but there should be something more basic, like a POSIX extension that enforces some semantics... something to be implemented in the kernel.
Maybe a virtual FS (configuration FS). Like sys or proc. Have it backed by a partition or network server or something and configured at boot time like initrd.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
You bring up an interesting point. I had never thought of the fact that there are virtually no GUI backup utils for unix/linux. I did a search at Freshports.org and all I found was 'kdar'. That's great if you use KDE, but what if you use gnome, or worse, a lightweight wm like fluxbox. Having to install a bunch of KDE libs just to use one program would suck.
It doesn't seem like writing a GUI front-end to tar/gzip would be rocket science.
That's definitely something that desktop UNIX's need.
I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
Yes for people stupid enough to do rm -r there is no way to recover, and there are plenty of stupid user out there.
The problem is that the Unix security model grants the entire set of the user's authority to processes they run. That's why the user's entire /home directory is vulnerable. The problem is excessive authority. Unix needs support for least authority, which incidentally doesn't require a new security model. Unix's existing abstractions can be leveraged.
The Principle of Least Authority Shell (Plash) http://plash.beasts.org/ demonstrates that we can do least authority on Unix for files without even kernel modification.
when they quote Oasis?
Comment removed based on user account deletion
perhaps you knew that?
While I agree any data loss is a bad loss, whether the function of the files is to run the system, do your finances or simply nostalgia.
Where the author makes their mistake is in the belief that a system who's system files are solidly protected are still vulnerable to most virii.
The reality is most virii today don't do any damage at their initial run time, they rather set the stage for a later attack or to turn the PC into a zombie/slave/etc.
By having the system files protected a virii can not for example: disable the virus scanner, prevent programs like regedt32.exe from loading, prevent task manager from running, hook into your mail api and send out mail to your address book etc.
It also means that the only damage that can be done has to be done in the original context of the exploit.
Say for example that a buffer overflow allows the running of arbitrary code at user level, at this point the virus must do it's work, as it can't touch the system to lay a nest. The author seems to look past this necessities required for a virus to set itself up to do damage. Which in almost every case requires it to alter the system.(Which he admits is protected anyway.)
This paradigm is why many unix based systems are inherently secure, the approaches that work so well on windows don't work when dealing with unix, it's a very different system. Likewise due to unix's solid system protection even once infected deliberately, programs are easily abstracted and removed.
What trust in security can you place in an operating system that used to place it's desktop images next to it's core system files?
Windows doesn't create shares by default.
O rly?
Microsoft gets a lot of bad press, some of it is deserved, but I think a lot of it comes from two camps in particular: a) those who would bad-mouth anyone who had the dominant position in the marketplace and b) zealots of every stripe: the Linux fanbois, the free software ideologues, l337er-th4n-th0u teenagers who date their computers, etc..
If Windows were as horrible as the anti-Microsoft crowd would have us all think, it wouldn't sell. You can moan all you want about bundling or lack of OS choice when buying new computers, but the fact is that computer vendors bundle Windows because that's what the demand is for. Selling computers preloaded with SUSE Linux is not going to make as much money because the demand simply isn't there, plus Novell isn't giving hardware vendors as much incentive to preload their hardware. Think about it... For every PC a company like HP sells, they might pay $50 for Windows because Microsoft gives them an OEM discount for buying X thousand licenses. On top of that, they get $$ from Symantec, AOL, Sonic, and a bunch of other companies to put their product on that Windows PC. This ends up more than paying for the cost of the OS and even subsidizes part of the hardware. That's because consumers want things like AOL and MSN. They want that simple user experience. They don't want to be hackers. They want to use their computer for recreation or to stay in touch with other people. SUSE just doesn't offer these things. AOL is never going to develop a client for SUSE Linux because the demand isn't there. It's a different audience. So the subsidies are not going to be there. If you want to buy an HP computer with SUSE Linux preloaded, you're going to pay more money for it. It's a niche market, not mainstream. And it is not because Microsoft is evil, but because Microsoft designs their software with end-user experience in mind and they will license their system to anyone, unlike Apple, which fell behind largely because they insisted that the whole world needed SCSI and high-end peripherals and didn't sell a reasonably priced computer until the Mac was already 10 years old.
If it were possible to comfortably run Windows as a regular user and not an administrator, most if not all of Windows' security problems would be solved. The problem is that many software vendors often write their software for the least common denominator, which for the longest time was Windows 95/98/Me, which had _no_ idea of user security. This is changing as Windows NT/2000/XP becomes the standard. It's just hard for Microsoft to arbitrarily start enforcing security when it borks so much older software that people still use every day. But it looks like they're finally going to take the plunge with Windows Vista.
You have to understand that Windows was originally a single-user operating system. Windows NT added the idea of user accounts with differing privileges and a file system with ACLs (which most Linux distributions still, btw, don't fully support), but it had the challenge of retaining compatibility with not only the old single-user Windows 3.1, but also the single-user OS/2! And it had to retain compatibility with FAT and HPFS file systems, as well.
Unix systems for years shipped with inetd running and configured for every needless service known to man. Most had no concept of ACLs and had only the simple ugo-rwx concept of file security. You had daemons that ran as root and didn't drop privileges! Saying that it takes Microsoft 3 versions to fix its problems is unfair when you consider how far along Unix has come in those years, never mind Mac OS, which until version 10 had no concept of protected memory or even pre-emptive multi-tasking!!
I realize that it's "cool" to slam Mi
But the computer IS NOT a single, monolithic appliance.
Trouble is that approximately half of people have IQ below the mean, and most bottom-halfers can generally only comprehend a single, monolithic appliance.
Back in the days of floppies, people understood where there files were, because there was a physical, manipulable object that held them.
Trouble is that as people migrate their data to physical, manipulable objects, it becomes harder to search through them than it would be for a single data partition. A lot of the popular desktop indexing tools support only fixed media, not removable media.
I take it you want an "object-oriented" operating system, wherein user data is precious and locked up tight, with access rigidly controlled by public and semi-public methods (the methods doing the job the present OS does).
Problem is that many prominent "object-oriented" operating system designs allow user accounts to create data that remains hidden even from the owner of a machine. This model leads directly to digital restrictions management if business models are such that heavily advertised computer resources are available only to users who create remotely-operated accounts named ColumbiaTristar, WarnerBros, WaltDisney, etc.
He has a point - the PC doesn't necessarily need to be *nix or similar so long as it is under the adult supervison of a firewall router running embedded *nix and the host OS on the PC is set up and used sensibly. The same can go for files with the rise of cheaper network disks which are really embedded *nix fileservers.
The OS is on a silver disk with the PC.
Not under the system-builder business model of Microsoft Windows OS distribution. Too many PC vendors neglect to include restore discs with the PC and refuse to sell restore discs to PC owners, or the restore discs wipe the user accounts and their data from the hard drive in the process of restoring the operating system.
Turn off fast user switching and you'll be back to the Win2K way of doing things. :)
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
What if I told you I didn't pay a dime for my OS?
The only thing I read in this "article" that was worth reading was the fact that *nix operating systems don't let a normal user infect the entire system. Frankly, how does the author suggest the OS protect the user from his/her own foolishness? Should it confirm each and every action ad-nauseum to the point where users turn off the feature? If we're to beleive that users are so foolish as to blindly run anything they see, the same user base would click "yes" for each action anyway, and probanly cry until they could set an "always say yes" option. Should it just not allow a user to edit his/her own file? That would defeat the purpose of having user data on the machine. Should users not be able run script? That would break java/perl/php enababled websites and seriously stop people from using bash/perl/python/etc scripts they write themselves. The answer: Make backups, just like sys admins have been preaching for years. No one listens tho, and why should they when they can instead just go and blame the OS. The hassle of burning a cd sure doesn't seem to stop the same users from copying their favorite distro or backing up cd software. Welcome to reality: no one protect a foolish user from himself/herslef without physically removing the computer.
Linux versions or direct replacements for all of those over hyped pieces of commercial software you just named are indeed on the average GNU/Linux install disk. Mepis, for instance, comes with Acrobat, Macromedia Flash and Real Player directly, and Open Office, Gimp, XMMS and Amorak, Gaim, Azureus, Digikam as superior replacements for most of the rest. Wikipedia, of course, is a superior replacement for Encarta and kdict, kthesaurus and countless other utilities are included which have no direct Windoze substitute. The time to install this "lifetime collection" is 20 minutes. Copying your home directory moves all of your settings in a way no windoze user ever could and the install respects home directories if they are present.
What were you trying to tell us?
Friends don't help friends install M$ junk.
Disable the welcome screen in XP and you'll get the easy way back.
"Bother," said Pooh, as lightning knocked out hi%#&(F*@NO CARRIER
Man, someone already said that! What the hell's wrong with you? Were you hoping the less observant mods would slip up and grant you some karma, you whore?
"Bother," said Pooh, as lightning knocked out hi%#&(F*@NO CARRIER
It is flawed. It has a class of user to which no restrictions are applied, nor ever can be.
OK - somebody, please, tell me ....... when did unix/linux et al become designed for server systems?
Unix is a multi-user, multi-tasking operating system, that was originally written to allow MANY people to use scarce computing resources. It was never designed to be a server system. Hell - servers, as we now understand them, didn't even exist when unix was written.
Windows is a single-user, multi-tasking operating system. Unix is a multi-user, multi-tasking operating system. The fact that unix happens to make a good server o/s is entirely coincidental to the design.
This article is wrong because it only looks at one security issue within the *nix realm: normal users cannot fuck up system files. Furthermore, it is wrong because it makes the claim that viruses can still do major damage to personal data on a *nix computer, yet it it omits the critical point that you have a (statistically) smaller chance of being infected on a *nix system.
I use both OS's, but I have many digital albums(and other personal data) on a windows box. This windows box does not have a virus scanner, and it is used by average people (family members) that use it for everything from weather,ebay, and news to pr0n, limewire, and junkware. All my data is fine, even at the expense of my carefree attitude towards viruses. It does sit behind a firewall. Little Johnny's picture is in more danger from a corrupted system file not allowing me to boot then a virus hitting it, but this is only my perspective on it from the practical experience I've gained. And if I do lose one of those system files (corrupt RAM, failing hard drive, inconsistent OS?), which happens more often then a virus taking out the personal data, I can always bootup a knoppix disc and copy the data to another drive on the network, which is an experience the laymen is unaware of. If a laymen finds themselves in the situation where they cannot boot their operating system, are they going to know how to backup Johnny's pictures?
I do not know why I am reading this random junk on the internet anymore. The author of this article is obviously not a professional.
What about from cheap CD-R media that develops uncorrectable errors after 2 years in storage?
In my experience, two years is longer than one month, and if you can't afford one CDR a month what are you doing with a computer?
Throw that two month old CDR away man!
"There is more worth loving than we have strength to love." - Brian Jay Stanley
How many serious Unix-like OS users actually try to push it as a desktop system though? I personally never would, nobody I know that uses it would, nobody that they know would, and so on, and so forth. In one sense, this article is completely right, it was made for servers and workstations with very specific uses in mind. The article however seems to make it sound like a huge abundance of Unix-like OS users are pushing for some desktop version of the systems. We're not, read around, ask your neighborhood geek. Most of the people I know can tell you just why it's not a desktop system for the common user right off the bat.
This wasn't something pushed by the entire community, but by the people wanting to profit on the "security" and "stability" of Unix and it's offspring. How many of you in the slashdot community have ever had a boss that sees something "neat", like podcasting or blogging, then immediately wastes the companies money and bandwidth on pet projects (hardware and software alike) without approval from the higher ups, then has the entire project blow up in their face even after you and everyone else in the department has warned them? How much did they actually study about it before they tried to implement it? A webpage or 2? Perhaps they skimmed a book?
Yes, i'll come out and say it now. I've told people Unix and it's derivatives are stable and secure if used and administered properly, but I don't stop there, i'll tell them how, and i'll tell them why they shouldn't use it unless they believe it's right for them. I don't advocate it to my next door neighbor and everyone in town because "Microsoft sucks and you should get Linux". As many of you have already said, intelligence is needed to completely the security puzzle, it doesn't matter if you have the most "secure" computer in the world if you allow root logins on SSH without a password, or leave your Windows shares open on all your Windows machines, or open executable e-mail attachments from a rich aunt you've never heard of in deepest darkest Africa, or, heaven forbid, rm -rf your / while logged in as root. It only takes one slip up to compromise your entire system.
So the people you've talked to aren't lying, Unix-like systems CAN be rather secure in the hands of a competent user, but in the same sense, a Windows system can also be reasonably secure in the hands of a competent user. Unfortunately not all of the people out there are well versed in their security-fu. So do us all a favor next time you write an article, be a bit more specific about who it was that was praising the "security" of *nix. I'm not a script kiddy, or a zealot, or a Microsoft hater, or a "1337 h4x0r", or whatever else you meant to be refering to. I for one didn't want the pointy-clicky desktop users over here on the *nix side to begin with. If they have the interest and the intellect then I invite you with open arms and would be more than glad to help you along the way, but don't put words in our mouths. We've all seen far far too many Linux VS Windows articles already, we should just be allowed to call dupe at this point since they're not making any new points.
(I appologize if any of this seemed vague. It's late, I have work in the morning, sorry for any spelling/grammarical errors. If you're going to respond, please only do so if you're not going to flame. It's a waste of both of our time. First person to find a spelling error gets a cookie. *snicker* Let the word hunt begin!)
OTOH existing "Trusted code" initiatives are the equivalent of delcaring a root-only system secure, because you only let a few hundred "trusted" users log into that machine.
IMHO, Operating systems should move towards the "Principle of Least Authority", that each software module should have the least authority required to function. The ideal way of doing this is for the system to enforce ObjectOriented/Functional/Procedural constraints that all OO, functional and procedural programs define implicitly. For example, if you run "uncompress(const File A,File B)" then obviously "uncompress" does should not be able to access File C because File C is outside its scope. Likewise, if you click on "bunnies.doc" in Konqueror and Konqueror runs "OpenOffice(UI ui, FileSystem::open("~/bunnies.doc")), then OpenOffice should not be able to open "~/.bashrc" because OpenOffice was not passed FileSystem. OpenOffice would only be able to access "~/.bashrc" if it is passed the file by an object which has rights to "~/.bashrc", for example ui::FileOpenDialog. The EROS Operating system is built around this principle.
PLASH is an attempt to retrofit this principle into Linux, and Looks really promising. A program constrained by Plash can only open a file if it is passed it on the command-line or by a GTK fileopen dialogbox.
I have a 5-digit UID on GameFaqs, you insensitive clod!
PLASH is a hack that allows you to do something similar under Linux. E.g. it passes in rights to file opened with the GTK file open dialog so that you don't have to confirm that you want to open a files that you have already "passed in" by selecting them in a dialog box.
He must ave been inspired by the ex-ex-Xbox-box-box.
Do you have a smoke detector? If you do, you should get rid of it. I doubt it has ever gone off so what good is it? I know mine has never gone off while I was at home (except to signal the battery is low or steam got to it) in the 30 years a detector has been in the house. We just keep on feeding it batteries. No fire. Big waste of money.
The point is that weak security is a huge risk to you and your well being. Someone could steal your identity, conduct criminal activity using your machine, many undesireable activities. Some activities could really ruin your day if you get caught holding the bag.
p0wned
I have never, anywhere, ever, heard anyone say that you don't have to back up your data if you run UNIX
If you run UNIX, you don't have to back up your data.
There, now you've heard someone say it.
Or at least, not that stupid. Having to type a rootpassword is no nuisance at all. People are used to passwords, for the terminal at work, for gmail, their bank account, whatever. Jan Modaal carries keys for his home, his car, his bicycle. Everyone understands you need security codes for your credit card and your account on the DB-ticketservice. You only have to tell them, if they don't ask themselves for it.
A text like 'To make sure no programs are installed without your permission, there is a special password [...]. This is needed to protect your computer from attacks.' is not too hard for anyone. If it is, the person won't be able to buy a computer, since he doesn't understand the security code of his bank card.
Trust me, I work for the government.
Data security: Windows XP has a auto backup function. How ever, it's sole purpose is limited to backing up configuration data for the system. For all the data to be securely backed up, you have to have user intervention. This requires taking time ocassionally to burn some disks. Most unix users are aware of this, and that fateful day when the harddisk dies they are ready. Most Windows users don't think about it.
Just because you have . in your $PATH, doesn't mean everyone has.