Slashdot Mirror

← Back to Stories (view on slashdot.org)

UNIX Security: Don't Believe the Truth?

Posted by Hemos on from the the-flame-war-begins dept.

OSNews has an interesting editorial about security on UNIX-like systems. "One of the biggest reasons for many people to switch to a UNIX desktop, away from Windows, is security. It is fairly common knowledge that UNIX-like systems are more secure than Windows. Whether this is true or not will not be up for debate in this short editorial; I will simply assume UNIX-like systems are more secure, for the sake of argument. However, how much is that increased security really worth for an average home user, when you break it down? According to me, fairly little"

7 of 520 comments (clear)

  1. Doesn't Matter So Long As It Works by American+AC+in+Paris · · Score: 5, Insightful
    That sucks, but: UNIX rocks, the system keeps on running, the server-oriented security has done its work, no system files were affected, uptime is not affected. Great, halleluja, triumph for UNIX.

    and a triumph for the home user. If you had to choose between having a virus that both destroys your personal files and compromises your system or a virus that only destroys your personal files, which would you pick? He's making light of a very significant thing for most home users--a full wipe and reinstall of the operating system and applications. That's a day's work for your typical user, more if you have a bunch of programs you need to go hunting for.

    But what is more important to a home user? His or her own personal files, or a bunch of system files? I can answer that question for you: the pictures of little Johnny's first day of school mean a whole lot more to a user than the system files that keep the system running.

    What's the value of Johnny's first day of school photos if you can't boot the damned computer? Again, the author makes light of the value of the system to the home user. Just because John Q. Public cares more about his cup holder than his engine block doesn't mean he won't care when the cylinder head cracks.

    Of course, they should make backups-- but wasn't Linux supposed to be secure? So why should they backup? Isn't Linux immune to viruses and what not? Isn't that what the Linux world has been telling them?

    Actually, no. I have yet to speak with a single techie who says that you don't need to back up important files under any circumstances. In fact, viruses are almost always a "secondary" reason for backing up files; the primary driving reason behind backing up your files has traditionally been that of hardware failure.

    The crux of his entire argument rests on the supposition that, to the home user, the system simply doesn't matter. In a most cosmetic sense, this is true; home users don't give a damn about kernels and drivers. The instant something goes wrong with that system, however, it's a nightmare for that archetypical home user (who, remember, doesn't know and doesn't care how the thing works). When everything works, they can open and print Johnny's files just fine, but what the heck are you supposed to do when the omgwtf32.dll pops up an error message when you try to open Johnny's picture?

    --

    Obliteracy: Words with explosions

  2. Re:Backup by RailGunner · · Score: 5, Insightful
    So if an OS is to make a daily backup

    Google "How to use cron".

    The OS already can be set up to do this. The premise of the article is flawed; and based on a premise that I reject. Chances are, if you're smart enough to run Linux, then you're probably smart enough to backup your important files.

    Plus, given the author's scenario - let's flip it around: A Windows virus can bork your data and your OS. At least with UNIX, backups notwithstanding, the OS is still there and you'd have a much better chance at recovering your data than you would with Windows.

    Mod article -1, Flamebait.

  3. Isn't that obvious? by Dlugar · · Score: 5, Interesting

    I think the author of the editorial makes a rather trivial point. (They could have made the point a lot stronger, pointing out that malware, spyware, adware, trojans, etc., are all able to be run from within unprivileged user-space.)

    But why would a home user care about Unix-type security? I'll give you a few reasons of my own.

    (a) Smaller target. Yes, that's right, I'm saying that the largest increase in security that home users get is because they're using something that 90% of the home user market isn't. This isn't a feature inherent to Unix, obviously--but I still think it's a reason to switch. "But if everyone switches, won't that get rid of the security increase?" Perhaps a little, but the only way it would completely vanish is if everyone switches to the same flavor of Unix. If we have a Unixy, more secure home computing environment, but slightly different flavors, then viruses and malware will have a more difficult time propagating in such a non-homogenous environment.

    (b) Remote exploits. This, I think, is a lesser issue, but not a trivial one--there are a considerable number of remote exploits in Microsoft software, and there have been a non-trivial number of viruses and malware that spread through this vector. Unix-based systems are historically less vulnerable to such attacks, and often the remote processes that are vulnerable run under a different user than the desktop user anyway.

    Dlugar

    --
    Computer Go: Writing Software to Play the Ancient Game of Go
  4. Re:I'll Field a Few Questions by xappax · · Score: 5, Funny

    redundant RAID arrays

    I don't know if it was intentional or not, but that's pretty funny.

  5. Re:Backup by MandoSKippy · · Score: 5, Funny

    My grandmother would like to know what this "cron" you speak of is... it sounds like a old science fiction movie, but she can't figure out the connection between movies and backups....

  6. Re:Backup by pmjordan · · Score: 5, Informative

    What I continually fail to understand is why everyone I know logs in as an Administrator under Windows, even after falling victim to a virus, spyware, etc. I don't necessarily mean the account with that name, having a personal user in that group amounts to the same thing.

    I'm a fulltime Linux user (4 years on the desktop, 7 years otherwise, so no veteran, and no newbie either) and I'd never even consider using logging in as root for any activities that aren't associated with system administration. (guess where "Administrator" comes from) Typing in the root password to install software isn't something I'd call a nuisance or even mildly irritating.

    The same thing is of course possible under Windows: Make your main login a 'Power User', or if you feel that's not safe enough, put it in a group with the same policies as the 'Users' group and slowly increase its permissions until you can work productively. (there are problems with debugging code and other niggles by default) Recent versions of Windows will prompt you for an Admin password for stuff your user isn't allowed to touch, although in some cases you have to explicitly right-click the link/executable and select 'run as'. I think there even are some utilities around to make the process even less painful.

    If you're doing extensive admin stuff, you can also log in as an Admin explicitly of course, and since XP you can switch between users quite easily without logging out.

    It always astounds me how incredibly adverse peoples' reactions are to this suggestion. Sure, it doesn't provide absolute security (ActiveX springs to mind) but that, together with frequent Windows Updates, an enabled WinXP SP2 firewall, and not using IE, I can't imagine you'll have a problem. You might be able to lose some data if you catch a virus, but you're very, very unlikely to bone your system. I do occasionally boot into Windows to play games (Cedega doesn't really work on ATI graphics cards) and I've never caught a virus or spyware, and I don't have an antivirus program installed, as they slow the system down to an infuriating degree IMO.

    ~phil

  7. Re:Are you on Drugs? Adios Mod Points... by Floody · · Score: 5, Informative
    In fact, Windows has a vastly, almost prohibitively more elegant security infrastructure than "Linux": File rights of "Full Control, Modify, Read & Execute, Read, Write," file attributes of "Read-Only, Archive, System, Hidden," very finely-grained ACL-based system security "Policies", a global Kerberos-based directory authentication scheme in Active Directory, etc etc etc.


    Complexity does not equal elegance. If you find yourself uttering something as foolish as "prohibitively more elegant", you've stumbled into that territory.

    "Linux" has rwx-rwx-rwx. That's it. [Now Linux combined with Novell Directory Services and a Novell File System would be an entirely different cup of tea, but that's a whole 'nother discussion. Although, I'd ask: Does Novell even have a "Policies" ACL-based security infrastructure for KDE or GNOME yet? Are they working on such a thing?]
    Indeed. It would appear that the world has moved on since you last looked at "Linux" in the 90s. POSIX 1003.1e/1003.2c access control lists: http://www.suse.de/~agruen/acl/linux-acls/online/.