Slashdot Mirror

← Back to Stories (view on slashdot.org)

UNIX Security: Don't Believe the Truth?

Posted by Hemos on from the the-flame-war-begins dept.

OSNews has an interesting editorial about security on UNIX-like systems. "One of the biggest reasons for many people to switch to a UNIX desktop, away from Windows, is security. It is fairly common knowledge that UNIX-like systems are more secure than Windows. Whether this is true or not will not be up for debate in this short editorial; I will simply assume UNIX-like systems are more secure, for the sake of argument. However, how much is that increased security really worth for an average home user, when you break it down? According to me, fairly little"

8 of 520 comments (clear)

  1. He's just a kid by BlueQuark · · Score: 4, Informative

    Thomas Halwedra is a young'in with very little real world experience and any practical experience. They kid is in college and has a bunch of machines at home. I think he takes an extremely simplistic view of windows and unix security.

    His 'OSNEWS' bio: http://www.osnews.com/editor.php?editors_id=11

    I was doing systems programming on UNIX BSD 4.2 Tahoe when he was born. :-)

    I am surprised that his article was even published/posted, I can't really even see his argument or what point is he trying to make. Oh that's right he's a 'managing editor' WTF?

    Back to work.

  2. Re:Backup by arkanes · · Score: 4, Informative
    The article, and most of the posters here, are missing an even more important point. There are very few viruses that just delete all your files anymore. The two major threats the PCs these days are spyware (a threat Linux has greater resistance to, because modifying plugins and such usually requires root permissions (with some exceptions, such as Firefox plugins - you're down to app level security there, on both platforms) and zombies to add your PC to a botnet, which Linux is more resistant to, again, because of not running as root. Yes, you have roughly the same level of resistance to "delete all your files" viruses, which are rare these days relative to the amount of "take over your machine as a botnet" viruses.

    All that, of course, is ignoring practical differences in the security history of the platforms and common applications, as well as the lower profile of Linux in terms of automated threats. Direct attacks (ie, someone is specifically attacking you) are just as much of a threat, and many distros are vulnerable to attacks in an unpatched state. Linux is *not* a panacea against threats (and only idiots portray it as such), but it is a very different threat profile than a Windows machine.

  3. That's not exactly correct by autopr0n · · Score: 4, Informative

    Windows does have a fairly intricate permission system, and you can setup non-administrative users just like you can in Linux. The only difference is, lots of old software expects to be run with administrative privileges, so if you want to run those things, you need to run as admin. The main reason people use windows is for backwards compatibility, but these days you can do most of your work in windows with a non-admin account if you want.

    --
    autopr0n is like, down and stuff.
  4. Re:Backup by pmjordan · · Score: 5, Informative

    What I continually fail to understand is why everyone I know logs in as an Administrator under Windows, even after falling victim to a virus, spyware, etc. I don't necessarily mean the account with that name, having a personal user in that group amounts to the same thing.

    I'm a fulltime Linux user (4 years on the desktop, 7 years otherwise, so no veteran, and no newbie either) and I'd never even consider using logging in as root for any activities that aren't associated with system administration. (guess where "Administrator" comes from) Typing in the root password to install software isn't something I'd call a nuisance or even mildly irritating.

    The same thing is of course possible under Windows: Make your main login a 'Power User', or if you feel that's not safe enough, put it in a group with the same policies as the 'Users' group and slowly increase its permissions until you can work productively. (there are problems with debugging code and other niggles by default) Recent versions of Windows will prompt you for an Admin password for stuff your user isn't allowed to touch, although in some cases you have to explicitly right-click the link/executable and select 'run as'. I think there even are some utilities around to make the process even less painful.

    If you're doing extensive admin stuff, you can also log in as an Admin explicitly of course, and since XP you can switch between users quite easily without logging out.

    It always astounds me how incredibly adverse peoples' reactions are to this suggestion. Sure, it doesn't provide absolute security (ActiveX springs to mind) but that, together with frequent Windows Updates, an enabled WinXP SP2 firewall, and not using IE, I can't imagine you'll have a problem. You might be able to lose some data if you catch a virus, but you're very, very unlikely to bone your system. I do occasionally boot into Windows to play games (Cedega doesn't really work on ATI graphics cards) and I've never caught a virus or spyware, and I don't have an antivirus program installed, as they slow the system down to an infuriating degree IMO.

    ~phil

  5. Re:Backup by Scoth · · Score: 4, Informative

    I recently had to flatten a friend's box and do a restore as it had a similar situation to a previous post - literally every executable on the system was infected with something. I set him up with all the usual security software, got it running, and then switched his user to Limited, made sure his business software still worked properly, and let him run. A week later he calls me back and tells me he's having more problems, and when I go back I find out he's put a virus'd exe attachment on the desktop from his e-mail and used the Run As to run it as the Admin.

    My point about all this is no amount of security or proper setup will prevent stupidity. Although this is a case where Linux/UNIX would suffer from the same problem. Social Engineering is still the greatest exploit out there, for any OS.

  6. It's called "Google". by khasim · · Score: 4, Informative
    http://www.windowsnetworking.com/articles_tutorial s/Running-Windows-Under-Non-Admin-Accounts.html

    That starts you off on shares and setting the time/date.

    Do you want to know one of the coding practices lead to this problem?
    http://blogs.msdn.com/aaron_margosis/
    A common example is when an application saves its runtime settings to a registry key under HKEY_LOCAL_MACHINE (which is read-only to LUA users), instead of to HKEY_CURRENT_USER.


    You might want to spend some time looking up Powerpoint 2003, too.
  7. Re:Because it makes things work. by carnifex0 · · Score: 4, Informative

    Windows:
    1. Click 'Start'.
    2. Go to Settings > Control Panel (or click on 'Control Panel' if using the XP menu)
    3. Double-click on 'User Accounts' and wait for applet to load.
    4. Click on account name.
    5. Click on 'Change Password' (or 'Create Password' if none is set)
    6. Type in current password (only if 'Change Password' was selected), new password, and again to confirm. Also type in a hint.
    7. It may ask if you want to make folders private. Choose yes or no.
    8. Close window. Done.

    See, that's strange, because all I do is hit CTRL + ALT + DEL, then click "Change Password". Enter the old, then the new twice and click "OK"

    No need to complicate things overly. And no need to compare the O/S's. each has it's place.

    I feel fairly comfortable with admining Windows.

    Maybe we've just discovered why so many Windows systems have problems.

  8. Re:Are you on Drugs? Adios Mod Points... by Floody · · Score: 5, Informative
    In fact, Windows has a vastly, almost prohibitively more elegant security infrastructure than "Linux": File rights of "Full Control, Modify, Read & Execute, Read, Write," file attributes of "Read-Only, Archive, System, Hidden," very finely-grained ACL-based system security "Policies", a global Kerberos-based directory authentication scheme in Active Directory, etc etc etc.


    Complexity does not equal elegance. If you find yourself uttering something as foolish as "prohibitively more elegant", you've stumbled into that territory.

    "Linux" has rwx-rwx-rwx. That's it. [Now Linux combined with Novell Directory Services and a Novell File System would be an entirely different cup of tea, but that's a whole 'nother discussion. Although, I'd ask: Does Novell even have a "Policies" ACL-based security infrastructure for KDE or GNOME yet? Are they working on such a thing?]
    Indeed. It would appear that the world has moved on since you last looked at "Linux" in the 90s. POSIX 1003.1e/1003.2c access control lists: http://www.suse.de/~agruen/acl/linux-acls/online/.