UNIX Security: Don't Believe the Truth?

OSNews has an interesting editorial about security on UNIX-like systems. "One of the biggest reasons for many people to switch to a UNIX desktop, away from Windows, is security. It is fairly common knowledge that UNIX-like systems are more secure than Windows. Whether this is true or not will not be up for debate in this short editorial; I will simply assume UNIX-like systems are more secure, for the sake of argument. However, how much is that increased security really worth for an average home user, when you break it down? According to me, fairly little"

I'll Field a Few Questions

[eldavojohn]

How much is that increased security really worth for an average home user, when you break it down? According to me, fairly little. Here's why.

Yes, it is duly noted that you're the only person from which this information is originating.

But what is more important to a home user? His or her own personal files, or a bunch of system files?

If "Johnny's first day at school" is more important that system critical resources, perhaps you should have hard copies (CD, DVD, tape, etc.) of this media.

Of course, they should make backups-- but wasn't Linux supposed to be secure? So why should they backup?

You're right, you should make backups. You have a love-affair-dependency on your hard drive. Everyday you need it to retain the ones and zeros it holds that forms your data. One day, your personal hard drive isn't going to be there for you. That's why you should back up regardless of how secure you feel. Most "normal home users" don't have redundant RAID arrays running. Furthermore, it isn't "secure period," it's touted to be one of the most secure operating systems. Wait, weren't we talking about Unix?

Isn't Linux immune to viruses and what not? Isn't that what the Linux world has been telling them?

I don't think anyone but Mac users claim that. And anyone that claims that for any processing device is lying to you. There are Linux Viruses out there, just use your favorite search engine.

UNIX might be more secure than Windows, but that only goes for the system itself.

Oh good, we're back on Unix here (they're not exactly the same, you know). I disagree, both sides (user and system) are more secure in the case of Unix or Linux for that matter.

In the end, the result of a devastating virus or other malware program can be just as devastating on a UNIX-like system as it can be on a Windows system

While this might be true, I think you should take into account the frequency of said viruses. When's the last time a massive virus attack has taken down entire networks of Unix machines?

To blatantly copy Oasis: don't believe the truth.

So you talked about Unix security without quoting a single authoritative source on the issue. And to finish off this article, you rely on a one-hit wonder brit pop band to prove your thesis. May Slashdot have mercy on your soul, Thomas. Endure the onslaught.

Doesn't Matter So Long As It Works

[American+AC+in+Paris]

That sucks, but: UNIX rocks, the system keeps on running, the server-oriented security has done its work, no system files were affected, uptime is not affected. Great, halleluja, triumph for UNIX.

and a triumph for the home user. If you had to choose between having a virus that both destroys your personal files and compromises your system or a virus that only destroys your personal files, which would you pick? He's making light of a very significant thing for most home users--a full wipe and reinstall of the operating system and applications. That's a day's work for your typical user, more if you have a bunch of programs you need to go hunting for.

But what is more important to a home user? His or her own personal files, or a bunch of system files? I can answer that question for you: the pictures of little Johnny's first day of school mean a whole lot more to a user than the system files that keep the system running.

What's the value of Johnny's first day of school photos if you can't boot the damned computer? Again, the author makes light of the value of the system to the home user. Just because John Q. Public cares more about his cup holder than his engine block doesn't mean he won't care when the cylinder head cracks.

Of course, they should make backups-- but wasn't Linux supposed to be secure? So why should they backup? Isn't Linux immune to viruses and what not? Isn't that what the Linux world has been telling them?

Actually, no. I have yet to speak with a single techie who says that you don't need to back up important files under any circumstances. In fact, viruses are almost always a "secondary" reason for backing up files; the primary driving reason behind backing up your files has traditionally been that of hardware failure.

The crux of his entire argument rests on the supposition that, to the home user, the system simply doesn't matter. In a most cosmetic sense, this is true; home users don't give a damn about kernels and drivers. The instant something goes wrong with that system, however, it's a nightmare for that archetypical home user (who, remember, doesn't know and doesn't care how the thing works). When everything works, they can open and print Johnny's files just fine, but what the heck are you supposed to do when the omgwtf32.dll pops up an error message when you try to open Johnny's picture?

Re:Backup

[RailGunner]

So if an OS is to make a daily backup

Google "How to use cron".

The OS already can be set up to do this. The premise of the article is flawed; and based on a premise that I reject. Chances are, if you're smart enough to run Linux, then you're probably smart enough to backup your important files.

Plus, given the author's scenario - let's flip it around: A Windows virus can bork your data and your OS. At least with UNIX, backups notwithstanding, the OS is still there and you'd have a much better chance at recovering your data than you would with Windows.

Mod article -1, Flamebait.

Wrong.

[matt+me]

Even if you read the RTFA, which says that rather than computer exploding windows-style, nix hackage will just wreck your home, which is supposedly all that matters to a home user. Still wrong. Think multiple users for a start. But that's totally wrong when it amounts to time lost. If windows gets fucked as it often does i've seen many a user stick in their oem disk, reinstall completely, and then go through painfully reinstalling everything they had before. Say my /home was wrecked? All I'd need to do is fdisk the drive and create a new user? Besides, as in unix only exectuable files can be a source of infection, rather than screwed up images and office files, I can safely copy away anything I want. It's dumb. Sorry OSnews.

Re:Wrong.

[vidarlo]

Besides, as in unix only exectuable files can be a source of infection, rather than screwed up images and office files, I can safely copy away anything I want.

So a libpng buffer overflow, allowing a png image rendered in mozilla to execute code can't be harmfull? Sorry pal, but this is not a problem with the OS, but the applications and libraries.

His objections are utterly unfounded (also stupid)

[karmaflux]

This is the false sense of security I am talking about. UNIX might be more secure than Windows, but that only goes for the system itself. The actual content that matters to normal people is not a single bit safer on any UNIX-like system than it is on any Windows system.

This idiot is stating that because some users don't understand the UNIX security model, the UNIX security model is flawed. Apparently, as far as he's concerned, if ~ gets destroyed, the whole system may as well be destroyed. He's blathering about a "false sense of security," but I have never, anywhere, ever, heard anyone say that you don't have to back up your data if you run UNIX.

Sound and fury, understanding nothing. Typical of OSNews, but sad that Slashdot's carrying this crap.

Classic "Straw Man" argument

[sarastro_us]

Security equals security for *your* files, and Unix can't do that, so Unix must be just as insecure as Windows. Only when you define "security" in your own, narrow way, and then never implicitly say what that definition is in your 'article'.

and one egregious error

[Quadraginta]

The guy skips lightly over the fact that it's the system that mediates interactions between the Big Bad World (a/k/a the Internet) and the user and his precious files, so that if the system is well-designed and set up properly, it will do a great deal to protect the user even from his own actions.

An analogy one might usefully make is to the highway: good system-level security is like a well-designed, well-lit highway. Sure, the user (driver) can still kill himself, but he has to behave unusually recklessly. On the other hand, poor system-level security is like a rutty, unexpectedly curving dark country road. Even reasonably careful drivers at moderate speeds can get in trouble.

The guy is focussing on the fact that in both cases the driver can get himself killed. But that isn't the whole story. One "road" (system) makes it easier for a moderately careful "driver" (user) to survive. The other puts even careful "drivers" at risk. And, of course, there's the obvious fact that no "road" (system) can possibly protect the completely reckless "driver" (user).

Re:Interesting

[htd2]

I am fairly sure that UNIX is more secure than Windows for a number of reasons.

1. While there is a great deal more Windows around than UNIX, UNIX is where the money is. If you want to extract large sums of money or steal swathes of identities then UNIX servers tend to be the systems hosting these backend services. So UNIX should be the target of hackers wanting to make serious money while much of the Windows activity is concentrated on hacks designed to produce the maximum public impact most of which cost because they down systems rather than extract cash from systems. The fact that almost all the money making hacks concentrate on Windows is testiment to the factthat it is difficult todo on UNIX.

2. Much of UNIX is OpenSource or available as source code, despite this there have been very few examples of ethical hacks or demos of vunerability that have been viable generated by security research companies or ethical hacking groups.

3. Stack overflow holes account for a huge chunk of the Windows vunerabilities mainly because Windows and x86 lack generic protection against these specific overflows. This is not true of UNIX particularly if it isn't running on Intel. Solaris for example has specific controls which limit the options for stack overflows as does the SPARC processor. These controls make it more difficult for hackers to generate exploits that remain viable.

4. There have been vanishingly tiny numbers of viable reported UNIX virii, none in the case of Solaris.