Slashdot Mirror

← Back to Stories (view on slashdot.org)

UNIX Security: Don't Believe the Truth?

Posted by Hemos on from the the-flame-war-begins dept.

OSNews has an interesting editorial about security on UNIX-like systems. "One of the biggest reasons for many people to switch to a UNIX desktop, away from Windows, is security. It is fairly common knowledge that UNIX-like systems are more secure than Windows. Whether this is true or not will not be up for debate in this short editorial; I will simply assume UNIX-like systems are more secure, for the sake of argument. However, how much is that increased security really worth for an average home user, when you break it down? According to me, fairly little"

5 of 520 comments (clear)

  1. Isn't that obvious? by Dlugar · · Score: 5, Interesting

    I think the author of the editorial makes a rather trivial point. (They could have made the point a lot stronger, pointing out that malware, spyware, adware, trojans, etc., are all able to be run from within unprivileged user-space.)

    But why would a home user care about Unix-type security? I'll give you a few reasons of my own.

    (a) Smaller target. Yes, that's right, I'm saying that the largest increase in security that home users get is because they're using something that 90% of the home user market isn't. This isn't a feature inherent to Unix, obviously--but I still think it's a reason to switch. "But if everyone switches, won't that get rid of the security increase?" Perhaps a little, but the only way it would completely vanish is if everyone switches to the same flavor of Unix. If we have a Unixy, more secure home computing environment, but slightly different flavors, then viruses and malware will have a more difficult time propagating in such a non-homogenous environment.

    (b) Remote exploits. This, I think, is a lesser issue, but not a trivial one--there are a considerable number of remote exploits in Microsoft software, and there have been a non-trivial number of viruses and malware that spread through this vector. Unix-based systems are historically less vulnerable to such attacks, and often the remote processes that are vulnerable run under a different user than the desktop user anyway.

    Dlugar

    --
    Computer Go: Writing Software to Play the Ancient Game of Go
  2. Re:I'll Field a Few Questions by hey! · · Score: 4, Interesting

    >>the end, the result of a devastating virus or other malware program can be just as devastating on a UNIX-like system as it can be on a Windows system

    >While this might be true,


    I think it is tautologically true. Devastation is a noun, like "unique" that does lend itself to qualification. I think it's also true that Windows users meet with devestation and the hands of malefactors much more often than Unix users; in part this is due to the prevelance of Windows of course. But it hardly explains the mountain giving birth to a mouse response of Microsoft when it comes to improving the situation for their users.

    There probably isn't a single kind of vulnerability in Windows that has not been in Unix. The only difference is that in Unix is a choice and Windows is a fact of life. Providers of Unix compete with each other, whereas Microsoft, while it may labor mightily on various things, only works barely hard enough to make life bearable. Nor should we expact it to do "better"; as a business they do what the market tells them to, and if the customer bears much, then the vendor does little. I was fascinated during the MS anti-trust trial of the idea of splitting MS up into competing windows providers. If there were competing providers for Windows variants, Windows would be ust as good as Unix, possibly better.

    I expect as more customers desert Windows for Linux (there is no place to go but up), Windows security will improve greatly.

    I am reminded of Lord Macaulay's speech on copyright, in which he explains that perpetual copyright is bad for books, "I believe, Sir, that I may with safety take it for granted that the effect of monopoly generally is to make articles scarce, to make them dear, and to make them bad. "
    --
    Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
  3. Good article for 1982 by SuperKendall · · Score: 4, Interesting

    Security issues have moved on a little since the 80's, where his point of view is from - very few security breaches today result in loss of data, because computers are really more valuable as zombies and so not many viruses really attempt to mess with much (even the most recent public example of a destructive virus on WIndows was pretty much a dud).

    Another thing he does not account for is time. Time is a valuable commodity to all users, and anything that can prevent a virus or spyware from reaching further into the computer reduces the amount of time and knowledge needed to remove probelms from the system. That is at the core the value that UNIX brings to the security equation. Not absolute protection but like a teflon pan, easier cleanup when you do create a mess.

    And last of all by not explicitly mentioning how much more inherantly secure UNIX systems are that start off with a base of no open ports are. Sure spyware and viruses can get in through the browser, but it's a much harder attack route than just scanning and finding a hole wide open that requires no effort on the part of the computer user to install.

    In the end his rant boils down to noting that users should really back up files often - but even this message is dated, as a few years of sketchy consumer hard drives with short warranties has started to drive home this lesson in spades through failed hard drives. Forget hackers; little johhny's pictures today are in far greater peril from a simple lack of using the CD-burner.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  4. Re:Backup by DrSkwid · · Score: 4, Interesting

    plan9 does this

    and you get a day by day (or however much you fancy) snapshot so you can roll back your files to any snapshot in time you have recorded, on a process by process basis. I.E. you can have two different days open at the same time in different processes.

    And, to add compliment to health, it doesn't use up extra space but uses Venti

    Venti is also available for Unix-likes via plan9port

    while I'm here, plan9 is secure BY DESIGN. No super user, networked authentication, networked file storage, diskless terminals etc. et bloody cetera.

    --
    There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
  5. Linux is only EFFECTIVELY immune. by khasim · · Score: 4, Interesting
    Isn't Linux immune to viruses and what not? Isn't that what the Linux world has been telling them?
    I don't think anyone but Mac users claim that. And anyone that claims that for any processing device is lying to you. There are Linux Viruses out there, just use your favorite search engine.
    Linux is not completely immune to viruses. It is only EFFECTIVELY immune.

    Viruses only spread when their infection rate EXCEEDS the removal/immunization rate.

    When the infection rate is lower than the removal/immunization rate, the virus dies.

    With most current versions of Linux, the default security configuration means that it is very difficult to infect a machine (not impossible) and very easy to remove the infection.

    Before this "InterWeb" thingie, I was cleaning boot sector viruses from DOS machines that required someone to have booted from an infected floppy.

    Linux boxes CAN be infected, but the odds of it happening are very, very slim.