Slashdot Mirror
NYT Security Tip - Choose Non-Microsoft Products
Giorgio Maone writes "The New York Times article 'Tips for Protecting the Home Computer' follows a story we recently discussed about the proliferation of botnets, and contains some statements which may sound quite unusual from mainstream press, especially if targeted to home users: 'Using a non-Windows-based PC may be one defense against these programs, known as malware ... Alternative browsers, like Firefox and Opera, may insulate users ... NoScript, a plug-in utility, can limit the ability of remote programs to run potentially damaging programs on your PC'."
Funny, where I come from, we call that the "don't use insecure products" solution.
Does this mean the main stream is finally (slowly) catching on to the reality of choices? It would make my day if the world would wake up and realize that they have options when they sit down in front of a computer.
Users don't like having to make choices about the innards of their computer; they just want shit to work.
This isn't security through obscurity. Security through obscurity would be saying "I'm safe because I run Windows and it's closed source". This is the claim that uncommon software is more secure because there are less exploits. While untrue mathematically, the reality is that you are still currently less likely to be exploited when running Mac OS X or Linux since script kiddies don't really care about you so much (for the same reason game developers don't, incidentally).
Same is true for biological systems - diversity is a good thing as it is less likely to be infected with a disease. Genetic diversity implies a more robust "operating system" species that's harder to destroy. Remember all the hell around the blaster worm. Imagine that MS, Apple, RedHat, Ubuntu... only had 10% marketshare each... it'd be bad, but not nearly as bad as it was.
If you're talking about a focussed professional attack on a specific system: to be honest, the OS you're running is probably pretty insignificant; the chances are there's a simple admin error somewhere along the line.
NoScript is nice, but it could use a large default whitelist, something like the AdBlock Plus subscription options. It gets pretty tedious to allow every site manually, especially when some only break in subtle ways.
LOAD "SIG",8,1
While we all want people to run Free Software (at least a Free OS) all the time, it's just not practical right now. His advice could mean, use a Mac, which is what I have been recommending to people I've fixed computers for, despite the fact that Linux/BSD/GNU may be better for the long run. iTunes works with Mac, so does quite some other programs (not talking about DirectX games). The common sentimental for people who switched from Windows XP to OS X is usually, why did I used that crap before? Especially when they went to a Windows based computer for whatever reason. I recently got my mother set up on a computer (who never used one before) and I installed Linux, and she thought it was easy enough to use. For a non-power user who just casually browse the web, email, maybe Skype for VoIP, Linux is good enough. For people who are used to proprietary software and not wanting to change, OS X might be a better choice.
Please direct all bug reports to
May be? MAY be? MAY BE?
<SARCASM>Sure, I have to worry about my Mac getting co-opted into a botnet 24/7, because we all know how many active threats there are to Macs! </SARCASM>
Man, talk about "understating the case."
The honest way to put it is that running Windows is the #1 way to get yourself into trouble. Adware, outright co-opting of your resources, virus problems... Windows boxes are insecure and risky, more so than any other machine, right out of the packaging.
You want security and simplicity of use? Mac isn't just "an" answer, it is the *only* answer. You want security and not too worried about simplicity? Linux or a Mac. You willing to re-work of all Microsoft's incorrect settings, patch all the browser vulnerabilities, play the target role in the hacker version of whack-a-mole, reboot your PC every few days because MS has discovered another severe vulnerability in their spaghetti code? Buy a Windows PC. Endless entertainment for puzzle solvers who don't care about their data security or computer availability. Been there, done that, found the solution, not going back.
I've fallen off your lawn, and I can't get up.
Is this really true? Anecdotal pronouncements like this never seem to come with any references. Everyone says the sky is firmly in place, but how many have looked up recently? It's falling at an amazing speed!
If you want news from today, you have to come back tomorrow.
It's all about diversity! If everyone has the same exact program running under the same exact OS with the same exact security flaw one blackhat can ruin millions of people's day with one little hack. Nature knows how important diversity is, hell, economic systems are supposed to know it too. It's unfortunate that Microsoft continues to be allowed to operate as an illegal monopoly based in the United States.
Haiku for you!
Let me put it to you this way: I sell Windows software for a living. Not Mac-ware. Not yet. . Still, I recommend to everyone I know that they get a Mac. I can't, in good conscience, recommend Windows. Malware, yes, that's certainly a huge problem. DRM issues in Vista are another (such as degrading audio if unsigned.) Ridiculous license terms are another (no virtualization for home? Change your hardware, lose your authorization? ridiculous!) Constant reboots and restarts are another. Incorrect configuration out of the box is another - not just privileges, but what is running and what is not, what is turned on and what is not. As near as I can tell, the key Microsoft OS policy is "Wreck the user's day. Every day."
I've fallen off your lawn, and I can't get up.
easy way to have the Luserbase understand how to tell if a free program is good/safe
/uses Sourceforge as a mirror farm (+points)
1 GPL
2 not GPL but has a Linux version or has source downloadable (+half points)
3 site has massive ads and or flash based ads (- double points)
4 site mentions in a positive way Gator/Claria Bonzi buddy weatherbug or any of the KOS programs (warm up the BGF9000 and pick up a QD glyph)
Any person using FTFY or editing my postings agrees to a US$50.00 charge
> So Markoff doesn't like the benefits of running
> Microsoft software. So what?
What benefits?
I am not totally convinced that automated silent virus/malware installation is a "benefit".
For some people that's the only benefit they care about.
No, the reality is most non-MS products are more secure by design.
The fact is that years ago MS adopted an insecure architecture, at the time was roundly criticized for this, and has spent the years since being every malware's convenient bitch.
It's not "'cause that is where the money is", it's "'cause the front door is open".
Furthermore playing the numbers games is a fool's contest: MS doesn't publish their problems. Other folks have partial lists (we can assume MS knows of more) and every so often MS deigns to fix some of their problems and release patches, but that in no way is equivalent of maintaining a public bug tracker. Oh, and don't for a moment delude yourself MS's public documentation covers a tenth of their errata, not even MS pretends that.
So please, next time you post, let it not be burping up this old, well debunked, trope yet again. As sad has /. has gotten recently the standard still remains well above the old smaller-target argument.
I don't read ACs: If a post isn't worth so much as a nom de plume to its author then I wont bother either.
The first part is simply google for crackers interviews and see what they say. They will always tell you that they go for what is easy. Why? Because a number of them are there to make money and time is money. If the systems were equally easy to attack, then yes, go after the most numerous. But when one has so many easy points, then you persue it rather than the ones that are difficult.
The 2'nd part is compare bank robberies to 7-11 robberies. Back in the 60's, banks were robbed. BWhy? because they were easy and had lots of money. But then in the 70',s the banks took actions and made it difficult. They still had the money, but it became very difficult to rob them. So the robbers turned to convinence stores who had say a thousand dollars (acceptable), and were easy. At first 7/11 ignored it, but then their ppl were being killed. So they made it very hard for robberies to get a thing. Now, banks and 711 are == difficult, so the robbers are back after banks. WHy? Because if you are going to risk it, then go for the big score. Interestingly, the banks now limit how much money is available to the tellers as well as every teller has a loaded stash.
So what does that mean for Windows vs. OSS. While Windows is easy to crack, everybody will hit it. If ever it becomes >= to *nix in terms of security, then *nix will be hit, because overall, there is much more money on the *nix systems. And if *nix and Windows become better than mainframes, then they will turn to there because there is REAL money.
I prefer the "u" in honour as it seems to be missing these days.
I use NoScript but my wife found it very annoying that all the sites she wanted to visit would not work without having to allow them first. I don't think recommending it to the average home PC user is very helpful because they will just think that it broke Firefox.
:(){
I'd say that post wasn't very eloquent but it's true. If you're not smart enough to realize that modern Unices are more secure by design you haven't actually looked into things. They're not optimal(a capability system would be better) but they're better than that of any Microsoft solution. Nimda attacked Microsoft Windows servers. There is no equivalent to Nimda for Apache/Unix servers even though Apache/Unix servers are more common than Windows servers.
Please, for the good of Humanity, vote Obama.
Then why isn't the world using a Mac?
They're slowly catching on but consumer's brains don't move as fast as the market. They still think Macs are stupendously expensive (they aren't) and they think Macs aren't "compatible" (whatever that means) and they think they'll be viewed as an alien outsider (which is happening less and less) and they think there's no software for the Mac (yeah, right!) and they don't think they can learn a Mac (it takes 10 minutes) and they don't think there's an alternative to the PC (stupid consumers).
I know several of people who have told me these excuses recently and they won't even (literally) walk across the street to the Apple Store to see for themselves. They don't want to know. On the other hand, after introducing a few dozen Macs to my workplace of 80 people a few years ago, about half the company has drop kicked their home PCs and bought Macs for themselves. We have more Mac owners now than PC owners in the company and most had never touched a Mac before. The only element that will actually change people's minds is experience with the product and you can watch all the old excuses quickly disappear from their comments. The number one reason they switched to Macs turns out to be "it just works".
For the ones that yell "but you can't play games", I tell them "fine, then use a PC or buy fucking Xbox - see if I care". They're the ones who criticize my preference for a Mac while I'm helping them fix their PC.
Most of the stuff on
Most likely because people are cheap? Macs are prohibitively expensive in comparison to an equivilent PC (equivilent according to the enduser walking down the aisles of your local FutureShop).
Your average user doesn't know what they need a computer for, they just know they need it. So they'll just look at what the salesmen point them at, try to find something cheaper, and get it. They won't care whether or not it runs Windows or Mac (though if they think they're savvy they might swing towards one or the other).
The product is only as secure as its users. If the mainstream Windows userbase switched to Linux, they'd take their bad habits (neglecting security hole patches, installing supposedly-required software to view web pages, logging in as root by default, etc.) with them. Linux would be the new hot target for malware. The same goes for OSX or any other operating system. Sure, there would be fewer holes, assuming that people made sure to apply the appropriate security patches, but we're assuming again that they wouldn't take their bad habits with them again, aren't we?
These are the people who click OK just to get the box to go away. No operating system is going to save them from themselves without removing the luxury of convenience they insist on keeping.
I'm a firm believer in the theory that regular users need System Administrators. Maybe home users do too. If I could come up with a business model for a company that provided System Administrator services to home computer users i'd be rich!
If you must!
- Most OEM installations of Windows will have administrator as the default user, not requiring any logon at startup. In most Linux distros, you are disuaded or even cannot do this (e.g. Ubuntu), instead you work as a non-root user and sudo to do admin tasks.
- Even with SP2 Windows XP enabled the infamous NetBIOS file and print services, just for one example. Nice summary of this and other "features" here
- A Windows user can readily execute an EXE or VB script etc, e.g. a dodgy email attachment or download from a shady website, simply by double-clicking it from Explorer. Depending on the level of access to resources (see 1) the system may be totally compromised. In Linux by contrast, executing anything beyond what can safely be installed through the software repository requires knowledge of setting file permissions (and often how to build and install from source).
- Similarly for ActiveX, given the user confirms they want to run it, the system is left totally open to abuse.
Small wonder all the spambots, key loggers, spyware and viruses out there in the real world live in Windows, right? Its not simply because of Windows' popularity, doesn't the Mac have 5-10% market share?