Nautilus does not let you run executables the last I checked.
Evolution also does not. It allows you to Open a file, surely, but not execute it.
Executing a file requires chmod +x. Unless these programs do that for you, they won't be able to... and at this time, they don't.
And that's a good thing.
By nobody I know, I mean, none of the users I admin.
As has been said many times, security is only as good as the admin responsible for it. Yes, there can, and will be a Linux blaster... There might some day be a email worm too... but not like sobig.
Lets examine the reasons why blaster and not sobig. Blaster exploits a buffer overflow, requires no user interaction. Find a overflow in Apache, you'll have a worm. Not a whole lot admins can do to prepare for this except application level filtering. It will happen. Those of us who are "in the know" will be patched long before.
SoBig: This is a user spread virus. It does not exploit any vulnerbility. It mearly requires the User to click on the attachment and hit open. It relies on badly designed software, that allows a user to execute code legally, easily. Windows lets you click Open.
Contrast that to most unix mailers: You have to deliberatly save the file to disk, chmod +x it, and then run it with./. Yeah, a bit harder eh? Nobody I know will be able to manage this.
About the web site defacements. Linux is more complicated to administer, I dont think anybody can argue that. Lately, people have been given this sense of "if I replace Windows with RedHat i will be more secure". That is not true. Security is up to the ADMIN and the ADMIN alone. I would venture to say that a Linux box is MORE dangerous in the wrong hands than a Windows box. Hence your 60%.
Nothing about this changes anything at all. Those "in the know", generally Unix admins, will not be exploited, weither on Windows or Unix.
This doesn't mean Unix doesn't raise the bar of your security... you just need an admin that knows how to use it for it to be even close to it's potential. With Windows you are always stuck at whatever MS deams "secure enough".... bar writing your own IIS filter or something.:D
What we need are more smart admins using Unix, not sucky admins that give us all a bad face.
I think MS is to blaim. But not because they left a hole, in fact, they didn't with SoBig. SoBig is a simple executable attachment.
What they did however was put no effort into making it hard for these programs to be launched! Look at any unix mailer, does it have an "Open" button to launch a downloaded program? Mozilla? No. You have to go out of your way to save a file to disk, mark it executable, and run it.
Windows was designed to make it easy to spread virus, until MS fixes that, yes, they are at fault.
Good. Any service that could ever potentially be connected to the network, and cause the sort of problems we witness today with MSBlast, must be blocked. There is simply no other way. Even if Samba is listening, there have been Samba exploits!
So, what runs on port 135? RPC end point mapper? You can turn this off right? It's not turned on by default, right?:D
A good linux/unix/whatever comes with absolutly no services enabled by default. Of course, this excludes most Linux distributions except for Debian and Gentoo. RedHat is just as bad as Windows, maybe even worse, unless you enable the firewall.
I don't know where I place the blame for MS's horrible track record with bugs. I think, initially, it falls to the users. The users are idiots, they don't know how to properly secure their systems. They don't know to firewall everything, inside and out, and disable stuff like RPC where it's not used.
However, why don't the user's know this? Because MS doesn't want them to. MS wants Windows to be point and click and not involve thinking. I think that's where disasters like this start.
People need to be educated about how to secure their systems. Making everything as easy as point and click without thinking does not help people to understand how a system works, and how it needs to be protected. XP's firewall should have been enabled by default, protecting EVERYTHING. If the User found something didn't work, then the system should explain why.
MS makes it EASY to be unprepared.
What really is Free Software? After reading the responses to this article, I can see that some people are severely divided on what exactly Free Software is.
The first group of people talk about Community. The Open Source Community, The Free Software Community. They speak about Free Software as if it exists to make a certain group of people happy. And when somebody attacks that perceived community, the community should respond to protect itself.
As you can see, the "enemy" SCO is supported by "us", because GCC includes support for their products in their own? Hardly.
The other group believes Free Software is a tool, just like any software. It is to be used and improved so that PEOPLE CAN USE IT, as opposed to making a certain group of people happy.
Me, I tend to side with the second group. There is no such thing as the "Open Source Community". Open source is not an exclusive group in any way. There are simply tons of programs, whose individual authors have decided to release the project source under certain conditions that warrent it being "free". There is no community to fight for. There is no community to protect or defend.
Software is a tool. Free software, open software, is a BETTER tool. But it is still a tool. The sooner we drop these religious I art Holier than Thou arguments, the sooner we will all get to doing what we like: coding.
Open source is not just a competitor to closed source systems. It is the only way for the public to trust the voting system.
You might liken it to the freedom of information act. The people have a right to know what is going on in their government, because they pay for that government.
As soon as that trust is broken, we cease to be a democracy as laid out in the constitution.
If I told my mom that it was secure, she would believe me. Most of my co-workers too.
If *some company* tells my mom that it is secure, she will not believe them.
I think this is pretty obvious.
What the poster wants is a pipe dream. Linux is not Windows, and it has it's own set of rules and design guidelines. A Unix network is a totally different beast from a NTLM/Active Directory network. THe protocols used are standard, and do not come in a package.
What teams such have Samba have done is pretty amazing by all accounts. They have gone from NOTHING, to a product which can enable a Linux server to server a Windows network without loosing many abilities.
The otherway is different. Yes a Linux computer can access Windows networks, and of course, no it won't behave just like Windows. But it does a damned mean job of accessing NFS shares.
You have to keep in perspective what we fight against. Creating interoperbility with Windows is chasing a moving target. MS will keep adding new things, like differnet encryption in XP, different encryption in Server 2003, and we will keep playing catch up.
This is a never ending cycle. For Linux to "win" the desktop, we need a clear goal of our own set that has advangates over Windows.
Yes, we need interoperbility, and we have that. It's not hard to set up a Linux SMB server, move Windows shares to it, and map it out over Samba and NFS, but it isn't plug and play, and probably never will be.
What it gives us though is a stepping block in order to migrate other boxes. Once Windows is out of the picture (as it is at my company), 100% interoperbility ceases to matter, and it becomes WIndows that needs to interoperate with us.
Slashdot Mirror
Nautilus does not let you run executables the last I checked. Evolution also does not. It allows you to Open a file, surely, but not execute it. Executing a file requires chmod +x. Unless these programs do that for you, they won't be able to... and at this time, they don't. And that's a good thing. By nobody I know, I mean, none of the users I admin.
As has been said many times, security is only as good as the admin responsible for it. Yes, there can, and will be a Linux blaster... There might some day be a email worm too... but not like sobig.
./. Yeah, a bit harder eh? Nobody I know will be able to manage this.
:D
Lets examine the reasons why blaster and not sobig. Blaster exploits a buffer overflow, requires no user interaction. Find a overflow in Apache, you'll have a worm. Not a whole lot admins can do to prepare for this except application level filtering. It will happen. Those of us who are "in the know" will be patched long before.
SoBig: This is a user spread virus. It does not exploit any vulnerbility. It mearly requires the User to click on the attachment and hit open. It relies on badly designed software, that allows a user to execute code legally, easily. Windows lets you click Open.
Contrast that to most unix mailers: You have to deliberatly save the file to disk, chmod +x it, and then run it with
About the web site defacements. Linux is more complicated to administer, I dont think anybody can argue that. Lately, people have been given this sense of "if I replace Windows with RedHat i will be more secure". That is not true. Security is up to the ADMIN and the ADMIN alone. I would venture to say that a Linux box is MORE dangerous in the wrong hands than a Windows box. Hence your 60%.
Nothing about this changes anything at all. Those "in the know", generally Unix admins, will not be exploited, weither on Windows or Unix.
This doesn't mean Unix doesn't raise the bar of your security... you just need an admin that knows how to use it for it to be even close to it's potential. With Windows you are always stuck at whatever MS deams "secure enough".... bar writing your own IIS filter or something.
What we need are more smart admins using Unix, not sucky admins that give us all a bad face.
My two cents.
Free as in speech software. Open Source is an entirely different thing.
I think MS is to blaim. But not because they left a hole, in fact, they didn't with SoBig. SoBig is a simple executable attachment. What they did however was put no effort into making it hard for these programs to be launched! Look at any unix mailer, does it have an "Open" button to launch a downloaded program? Mozilla? No. You have to go out of your way to save a file to disk, mark it executable, and run it. Windows was designed to make it easy to spread virus, until MS fixes that, yes, they are at fault.
Good. Any service that could ever potentially be connected to the network, and cause the sort of problems we witness today with MSBlast, must be blocked. There is simply no other way. Even if Samba is listening, there have been Samba exploits!
So, what runs on port 135? RPC end point mapper? You can turn this off right? It's not turned on by default, right? :D
A good linux/unix/whatever comes with absolutly no services enabled by default. Of course, this excludes most Linux distributions except for Debian and Gentoo. RedHat is just as bad as Windows, maybe even worse, unless you enable the firewall.
I don't know where I place the blame for MS's horrible track record with bugs. I think, initially, it falls to the users. The users are idiots, they don't know how to properly secure their systems. They don't know to firewall everything, inside and out, and disable stuff like RPC where it's not used. However, why don't the user's know this? Because MS doesn't want them to. MS wants Windows to be point and click and not involve thinking. I think that's where disasters like this start. People need to be educated about how to secure their systems. Making everything as easy as point and click without thinking does not help people to understand how a system works, and how it needs to be protected. XP's firewall should have been enabled by default, protecting EVERYTHING. If the User found something didn't work, then the system should explain why. MS makes it EASY to be unprepared.
What really is Free Software? After reading the responses to this article, I can see that some people are severely divided on what exactly Free Software is. The first group of people talk about Community. The Open Source Community, The Free Software Community. They speak about Free Software as if it exists to make a certain group of people happy. And when somebody attacks that perceived community, the community should respond to protect itself. As you can see, the "enemy" SCO is supported by "us", because GCC includes support for their products in their own? Hardly. The other group believes Free Software is a tool, just like any software. It is to be used and improved so that PEOPLE CAN USE IT, as opposed to making a certain group of people happy. Me, I tend to side with the second group. There is no such thing as the "Open Source Community". Open source is not an exclusive group in any way. There are simply tons of programs, whose individual authors have decided to release the project source under certain conditions that warrent it being "free". There is no community to fight for. There is no community to protect or defend. Software is a tool. Free software, open software, is a BETTER tool. But it is still a tool. The sooner we drop these religious I art Holier than Thou arguments, the sooner we will all get to doing what we like: coding.
Open source is not just a competitor to closed source systems. It is the only way for the public to trust the voting system. You might liken it to the freedom of information act. The people have a right to know what is going on in their government, because they pay for that government. As soon as that trust is broken, we cease to be a democracy as laid out in the constitution.
If I told my mom that it was secure, she would believe me. Most of my co-workers too. If *some company* tells my mom that it is secure, she will not believe them. I think this is pretty obvious.
Sounds like they wanted Samba to server Windows, and NFS/AFS to serve Linux. I dont see why this is so hard.
What the poster wants is a pipe dream. Linux is not Windows, and it has it's own set of rules and design guidelines. A Unix network is a totally different beast from a NTLM/Active Directory network. THe protocols used are standard, and do not come in a package.
What teams such have Samba have done is pretty amazing by all accounts. They have gone from NOTHING, to a product which can enable a Linux server to server a Windows network without loosing many abilities.
The otherway is different. Yes a Linux computer can access Windows networks, and of course, no it won't behave just like Windows. But it does a damned mean job of accessing NFS shares.
You have to keep in perspective what we fight against. Creating interoperbility with Windows is chasing a moving target. MS will keep adding new things, like differnet encryption in XP, different encryption in Server 2003, and we will keep playing catch up.
This is a never ending cycle. For Linux to "win" the desktop, we need a clear goal of our own set that has advangates over Windows.
Yes, we need interoperbility, and we have that. It's not hard to set up a Linux SMB server, move Windows shares to it, and map it out over Samba and NFS, but it isn't plug and play, and probably never will be.
What it gives us though is a stepping block in order to migrate other boxes. Once Windows is out of the picture (as it is at my company), 100% interoperbility ceases to matter, and it becomes WIndows that needs to interoperate with us.
My two cents.