I wish your argument would be accurate, but let us use another example. If I lend my car out and you run a red light camera in it, I'm going to get the ticket. I'm the registered owner of the car I'm ultimately responsible. My only recourse is to pay the fine, then go after the actual driver to repay me. The situation here is similar but the owner of the connection is leaving himself open to the point that he won't be able to go after the person who made the illegal connection.
I can't count how many dogs and cats have been dropped off at the rural crossroads near my house.
In Maryland and Virginia, we are seeing the release of non-native pets (Snakehead Fish in Maryland)which can greatly affect the native creatures. I agree with you totally that taking care of an animal means taking care for life (be that yourself or putting it up for adoption). Releasing most animals back to the wild is cruel.
As for the vegetarian issue, I've got several friends/coworkers that have been living this lifestyle for a while (10+ years in most cases). None have shared any problems outside of some difficulties in restaraunts offering the vegetarian meals.
Me, I bought my grill and my local policy is no tofu.
When I first joined up with my current employer, I found that UNIX admins were abundant and MS Win32 admins were rare to find. This ratio is odd compared to my previous employers where I was the rare UNIX admin. The TCO when considered against my previous employers would have been higher for UNIX systems compared to MS Win32 systems for the admin staff. For my current employer though, the cost of MS Win32 was higher (although over the last couple of years the admin skills (UNIX vs. MS Win32) has balanced out).
In a MS Win32 shop, the TCO will obviously show MS products as being cheaper given the current staff and the converse is true with UNIX shops. Being that Linux is a relative new player in the OS market, the TCO for Linux will be higher if converting from MS and less significant from UNIX.
competant admins that cost more
A skilled administrator for any OS will cost more than an untrained administrator. What I find amusing is that many of the local MS training shops cite salary examples in the $76,000 range which is pretty comparable the UNIX range. One would think the cost of administrators wouldn't be a factor in these studies (given the salary surveys). Maybe what the studies need to factor in is how many companies are using the employee who "knew more than any of the other employees about computers" as their under paid system administrator. This of course may lead one to believe that administrators for MS Win32 require less skills, but while partially true, those systems are likely less secure than what a competent administrator (MS Win32 or UNIX) would put together.
1) Switch on computer
2) Login
3) Wait until everything is loaded and the disk stops chunking
4) Plug in network
Is that really hard?
OK, so when I go to authenticate against Active Directory, that will be accomplished by what protocol/transport mechanism?
In most environments where you have more than a handful of users, authentication is going to be handled in a centralized location rather than creating a management nightmare. Your also going to find that not everyone is fully comfortable disconnecting cables from the backs of the PC. You'll also find that in the larger user environments, PC's are bought in bulk and distributed over a period of time (varies, but one could imagine a couple of weeks before some are even turned on) and these would be subject to any new flaws/exploits since they were imaged by the manufactor.
The better solution is to protect your network (firewalls, scanning, etc...) and to produce a more secure operating system (secure startup process and minimal services until user or centralized control enables them).
Both comparisons are flawed. About the only close comparison I can think of would be a car with numerous defects that has been to the dealer for recall service and then losing all those recall repairs the next time you reinstall tires (and I certainly wouldn't want to visit that mechanic again). A fresh installation of MS Win32 will have all the flaws/exploits that have been discovered since your source disk was created.
Obviously a reinstall of an operating system will need to be repatched to obtain the updates unless you obtain a more recent version of the OS with patches included. I haven't noticed MS doing this but then my company rarely has something other than system restore media for MS Win32 systems (maybe Microsoft does this but I haven't seen it). For my Solaris systems, I can locate a newer media pack to get much closer to a patched environment.
I'm sure that the additional content provides the loophole, especially for video content. For audio content, the improved quality is only because of the media limitations, and you really aren't buying anything new (unless of course they add a "bonus" track or something).
Hopefully "fair use" wins out for the consumer. I don't know how many Barney tapes were destroyed by my kids when they were younger, but I'd really have benefited from being able to make archive copies. I'd also like to have a copy of my Metallica and Rush CDs replaced (lent them to a friend who destroyed them by throwing them into his trunk - had the disc changer - and letting them get all scratched up). If I get a copy off my brother to replace them, is it really breaking the intent of the law?
Also consider that as technology changes, you may have to convert older formats to new. Imagine your favorite movie that you originally bought on VHS, then bought on DVD, and eventually buy on . You should only have to purchase the content once.
I'd love to see companies/agencies sharing their GIS data through WMS or preferably WFS (getting the vectors would be nice) services. Doubt we'll see it as most people consider their data too valuable to do that, but it would be nice.
First off, I don't want to see the data pulled/restricted.
The issue isn't necesarily just the geolocation of specific buildings. Consider features that may not be visible above ground and features that represent a generalization (i.e. population densities/make-up, religious data (might be interesting to locate islamic dense areas), etc...). Part of the problem with the availability of data is that it allows analysis to be done remotely. Picture a workstation with a GIS application (see ESRI's website for applications and various GIS papers), public datasets, and a determined analyst. The analyst can provide "ideal" targets based on various criteria.
My problem with limiting the data is that once it was available, you really can't pull it as people can find it cached off somewhere. Even though it may make getting the data easier for terrorist, it wouldn't make it impossible. All removing would do is make the general population have to work harder to find the data too.
Mapquest.com and MS Streets use the public domain data and resell it. So does every other mapping company.
These companies provide value added datasets based on TIGER data. TIGER data itself tends to be attribute rich, but geospatially generalized/inaccurate for most usages. Companies like MapQuest, Rand McNally, etc... often have arrangements with local governments to obtain more accurate information based on aerial photos, cadastral datasets (tax maps), site plans (future roads), e911 maps, etc.... The underlying data (TIGER, DLG, VMap, DNC, DEM, etc...) is freely available or at a low price (generally the cost of media and preparation) but the value added data can be quite expensive, especially if you require frequent updates. The mapping companies do however collect/verify data for resale, so it's not necessarily "public domain".
The real value to the data is that analysis that can be done to it. I think the main concern is that with analysis of the data, the terrorist can more easily determine high value targets.
My background involves working with GeoSpatial data and the types of datasets available on the web is really useful to the public. Data from USGS and NGA alone provide quite a bit of information on the US and the rest of the world. Anyone with a GIS application can perform spatial queries to locate ideal targets based on whatever criteria they input.
Example:
buffer radius X around schools and airports and return area of overlap
remove buffer radius X of police and military
overlay buffer radius X of chemical facilities
plot suitable targets
select target
Companies use similar strategies when locating properties (picture McDonalds looking at population data from the Census, economic data from various vendors, zoning data from counties, etc...).
I have to agree with you that pulling the data will not keep it out of the hands of terrorist. All it will do is limit what legitimate users will have access to.
The availability of information has nothing to do with who is president. The data from NGA (formerly NIMA), National GeoSpatial Data Warehouse, USGS, etc... has been availble for many many years and will continue to be available. Removing access to the data now will only ensure that people won't be able to get it from the "authoritative" sources. Anyone who wants it will either already have it or they'll find another source. Consider that removing the information would be similar to banning the sale of guns - terrorist/criminals will still find a way to get it and the innocent will be the only ones without.
Most of the powerful exploits are currently worms, and unpatched (sp2 disabled pirated copies)systems may serve as propogation nodes to either attack those legitimate(read wealthy)users that have not yet installed SP2 or to exploit windows issues that remain unfixed by SP2.
I can see where your argument is coming from, but the likely situation will be that even legitimate installations will not all be patched either. MS doesn't have an obligation to the illegal installations. I imagine that if the problem you describe becomes a reality, the obligation to the legitimate consumers will necessitate offering the patches to illegal consumers.
Either way MS handles releasing the update, I have to believe that a crack will be availble very soon after the official version is released.
As the other reply stated, you don't know which way to start, so you could almost walk 1 mile if you didn't keep track of where the last call box was. I worked on a E911 (enhanced 911) project where we provided geographic centerline data for roadways. Part of our project involved several major roadways where we wanted to use the exits (either number or name) for our cross street information. The E911 staff said that the information would be practically useless as most drivers either don't keep track of which exit they are between. Most drivers just don't pay attention because they drive it so often or they are not local to the area and focus on other issues.
So while it is true that the greatest distance would really be less than a mile, it could be pretty darn close, especially depending on the terrain.
The Pennsylvania Turn Pike uses these, but unlike the woods, the Turn Pike is a limited path. PATP places the phones along the more remote areas at (I believe) 1 mile intervals so that a drive knows they have at most a 1 mile hike to get assistance. In the woods, locating these phones may be difficult as your path isn't very limited.
I realize that not everyone has a cell phone, but maybe increasing cell phone coverage would help more than anything else. Most phones can provide at least a rough geographic location and they would deter prank calls as you can trace the incoming ID. If the person is alone and incapacitated, obviously this doesn't work well.
Thanks for the link. Interesting to read and see how long the idea of transfering ownership has been goind on. Also interesting to see that it doesn't appear to have been resolved yet.
I can sell my old CD's, why can't I sell my old iTunes purchases?
Now that's an interesting point I hadn't considered before. I don't have a large collection of CDs, but I'd say at least 30% of them came from used CD shops. I wonder if any of the online music stores will start to offer the ability to trade in old songs for credit to new ones through revoking your license. Maybe I need to patent the idea of "trading in" DRM media (just kidding).
Did a search to see if I could find any additional information and found that Flamingo Travel has incorrectly had calls going to their number. They have their front page modified to point people to the correct number as other posters have listed. They also have this link to fcc.gov for filing complaints against unwanted faxes.
Sounds like some people have hit the wrong target.
Just to play devils advocate a bit (for the most part I agree with you though)...
NOTE: I am not a musician so maybe I'm way off on this.
Who distributes the demo CD's to radio stations?
Yes, I'm aware that with the Internet, bands could directly distribute, but not everyone uses the Internet for music (i.e. car, portable radio, etc...).
The industry does advance money to help bands along. Expecting money back from the investment is normal
Obviously the amount of return will always be in question, but bands negotiate this and some do better than others.
Marketing is really a way of ensuring their investments do well.
Personally I wish that more artist would take to distribution over P2P, a band website, or some other online option. Artist would be able to cut out the middle man (or at least get a much cheaper version of the "middle man") if they embrace the ideas of direct distribution. Unfortunately, this seems to be limited at this time. Remember that the artist may not be tech experts and will look to traditional processes to get their music to market. I think if a couple artist can successfully use alternative methods and get media attention, you'll find the alternative becomes the new standard.
I'm not familiar with Mandrake's configuration, but on Solaris, you can change the behavior to allow/disallow root login. I'd have to guess that Mandrake has the same capabilities (Do you have a/etc/default/login file to control it?).
The "runas" command is not obvious to most users and it isn't available in older MS Win32 OS's. I do realize that for some processes, the runas does provide a GUI interface, particularly when you start an installer, but like another responder to your post has stated, you can't do everything with "runas" (Windows Explorer for example).
Question then - How do I assign file ownership to a user? I know how to assign rights to a user, but I want the user to actually own the file/directory and the only way I know is to log in as the user and then "take ownership". There has to be a process where you can assign ownership, but I am not familiar with it.
Ultimately though, this topic has more to do with the worm problem. These worms seem to have an easy time gaining elevated privileges on the system because of flaws and/or users with greater privileges than they need for day to day task. I work at a large IT company and their solution to desktop management was to give all users administrative rights on their personal desktop as opposed to giving them the administrator account. Ideally MS Win32 will come out with something like "sudo", but I haven't heard of plans for that.
OK, so I didn't give step by step details. Obviously the "chown -R/" will only work if you have root level access. Should I include login or su steps as well (because just giving the actual command doesn't seem to satisfy you).
You do realize that you don't need to stay logged in as root, right? The "su" or "sudo" commands, similar to MS Win32's "runas" command, are available to users (unless you apply additional security by limiting access via access and ownership permissions) so that they do not run as root. Unlike MS Win32 though, just about any process (actually can't think of any that wouldn't) can be run using "su" or "sudo" while logged in with your regular user account. If you need to display a GUI, simply add the "xhost +" (or a more limited argument to the "xhost" command) and your set.
The concept of running with as a priviledged account by default seems to be based on MS Win32 practices. Users didn't want to put up with logout as user, log in as administrator, install/config, log out as administrator, log in as user. For UNIX, that isn't necessary. I do think though that users converting from MS Win32 will likely continue that bad habit, but it's not a fault of the OS, just years of a limited OS.
While no system can be 100% secure, I feel much more comfortable securing a UNIX box over a MS Win32 box. Obviously, patching a system is critical for any OS, but getting these out to a UNIX based system tends to be much simpler (my experience with Sun and SGI boxes, can't speak toward a Linux box, but have no reason to believe it wouldn't be easy too).
The virus writers for UNIX attacks will be more limited in their attacks as long as users aren't running by default as root. Hopefully this is stressed to anyone working with UNIX based systems. You can "su" or "sudo" to root for anything that "requires" root level access, but you wouldn't run as root by default. A virus would need to exploit a flaw in the OS in order to do damage to the OS, and generally you wouldn't do that type of attack as an email attachment. As for email attachment virus's, those would be more limited in their effects to the system. A user (unless they've done something stupid like running as root, or a "chown -R :/" will really only be able to affect their own directories.
So I guess to some extent, you could say that virus numbers for UNIX based systems would go up, but the attack methods will have to be much different and will likely be less damaging. The limited damage would probably be less in a corporate environment compared to a home environment, but still, it should be simpler than a MS Win32 environment in either.
Slashdot Mirror
I wish your argument would be accurate, but let us use another example. If I lend my car out and you run a red light camera in it, I'm going to get the ticket. I'm the registered owner of the car I'm ultimately responsible. My only recourse is to pay the fine, then go after the actual driver to repay me. The situation here is similar but the owner of the connection is leaving himself open to the point that he won't be able to go after the person who made the illegal connection.
I can't count how many dogs and cats have been dropped off at the rural crossroads near my house.
In Maryland and Virginia, we are seeing the release of non-native pets (Snakehead Fish in Maryland)which can greatly affect the native creatures. I agree with you totally that taking care of an animal means taking care for life (be that yourself or putting it up for adoption). Releasing most animals back to the wild is cruel.
As for the vegetarian issue, I've got several friends/coworkers that have been living this lifestyle for a while (10+ years in most cases). None have shared any problems outside of some difficulties in restaraunts offering the vegetarian meals.
Me, I bought my grill and my local policy is no tofu.
When I first joined up with my current employer, I found that UNIX admins were abundant and MS Win32 admins were rare to find. This ratio is odd compared to my previous employers where I was the rare UNIX admin. The TCO when considered against my previous employers would have been higher for UNIX systems compared to MS Win32 systems for the admin staff. For my current employer though, the cost of MS Win32 was higher (although over the last couple of years the admin skills (UNIX vs. MS Win32) has balanced out).
In a MS Win32 shop, the TCO will obviously show MS products as being cheaper given the current staff and the converse is true with UNIX shops. Being that Linux is a relative new player in the OS market, the TCO for Linux will be higher if converting from MS and less significant from UNIX.
competant admins that cost more
A skilled administrator for any OS will cost more than an untrained administrator. What I find amusing is that many of the local MS training shops cite salary examples in the $76,000 range which is pretty comparable the UNIX range. One would think the cost of administrators wouldn't be a factor in these studies (given the salary surveys). Maybe what the studies need to factor in is how many companies are using the employee who "knew more than any of the other employees about computers" as their under paid system administrator. This of course may lead one to believe that administrators for MS Win32 require less skills, but while partially true, those systems are likely less secure than what a competent administrator (MS Win32 or UNIX) would put together.
1) Switch on computer
2) Login
3) Wait until everything is loaded and the disk stops chunking
4) Plug in network
Is that really hard?
OK, so when I go to authenticate against Active Directory, that will be accomplished by what protocol/transport mechanism?
In most environments where you have more than a handful of users, authentication is going to be handled in a centralized location rather than creating a management nightmare. Your also going to find that not everyone is fully comfortable disconnecting cables from the backs of the PC. You'll also find that in the larger user environments, PC's are bought in bulk and distributed over a period of time (varies, but one could imagine a couple of weeks before some are even turned on) and these would be subject to any new flaws/exploits since they were imaged by the manufactor.
The better solution is to protect your network (firewalls, scanning, etc...) and to produce a more secure operating system (secure startup process and minimal services until user or centralized control enables them).
Both comparisons are flawed. About the only close comparison I can think of would be a car with numerous defects that has been to the dealer for recall service and then losing all those recall repairs the next time you reinstall tires (and I certainly wouldn't want to visit that mechanic again). A fresh installation of MS Win32 will have all the flaws/exploits that have been discovered since your source disk was created.
Obviously a reinstall of an operating system will need to be repatched to obtain the updates unless you obtain a more recent version of the OS with patches included. I haven't noticed MS doing this but then my company rarely has something other than system restore media for MS Win32 systems (maybe Microsoft does this but I haven't seen it). For my Solaris systems, I can locate a newer media pack to get much closer to a patched environment.
I'm sure that the additional content provides the loophole, especially for video content. For audio content, the improved quality is only because of the media limitations, and you really aren't buying anything new (unless of course they add a "bonus" track or something).
Hopefully "fair use" wins out for the consumer. I don't know how many Barney tapes were destroyed by my kids when they were younger, but I'd really have benefited from being able to make archive copies. I'd also like to have a copy of my Metallica and Rush CDs replaced (lent them to a friend who destroyed them by throwing them into his trunk - had the disc changer - and letting them get all scratched up). If I get a copy off my brother to replace them, is it really breaking the intent of the law?
Also consider that as technology changes, you may have to convert older formats to new. Imagine your favorite movie that you originally bought on VHS, then bought on DVD, and eventually buy on . You should only have to purchase the content once.
I'd love to see companies/agencies sharing their GIS data through WMS or preferably WFS (getting the vectors would be nice) services. Doubt we'll see it as most people consider their data too valuable to do that, but it would be nice.
/.
Good to see another GIS person on
First off, I don't want to see the data pulled/restricted.
The issue isn't necesarily just the geolocation of specific buildings. Consider features that may not be visible above ground and features that represent a generalization (i.e. population densities/make-up, religious data (might be interesting to locate islamic dense areas), etc...). Part of the problem with the availability of data is that it allows analysis to be done remotely. Picture a workstation with a GIS application (see ESRI's website for applications and various GIS papers), public datasets, and a determined analyst. The analyst can provide "ideal" targets based on various criteria.
My problem with limiting the data is that once it was available, you really can't pull it as people can find it cached off somewhere. Even though it may make getting the data easier for terrorist, it wouldn't make it impossible. All removing would do is make the general population have to work harder to find the data too.
Mapquest.com and MS Streets use the public domain data and resell it. So does every other mapping company.
These companies provide value added datasets based on TIGER data. TIGER data itself tends to be attribute rich, but geospatially generalized/inaccurate for most usages. Companies like MapQuest, Rand McNally, etc... often have arrangements with local governments to obtain more accurate information based on aerial photos, cadastral datasets (tax maps), site plans (future roads), e911 maps, etc.... The underlying data (TIGER, DLG, VMap, DNC, DEM, etc...) is freely available or at a low price (generally the cost of media and preparation) but the value added data can be quite expensive, especially if you require frequent updates. The mapping companies do however collect/verify data for resale, so it's not necessarily "public domain".
My background involves working with GeoSpatial data and the types of datasets available on the web is really useful to the public. Data from USGS and NGA alone provide quite a bit of information on the US and the rest of the world. Anyone with a GIS application can perform spatial queries to locate ideal targets based on whatever criteria they input.
Example:
buffer radius X around schools and airports and return area of overlap
remove buffer radius X of police and military
overlay buffer radius X of chemical facilities
plot suitable targets
select target Companies use similar strategies when locating properties (picture McDonalds looking at population data from the Census, economic data from various vendors, zoning data from counties, etc...).
I have to agree with you that pulling the data will not keep it out of the hands of terrorist. All it will do is limit what legitimate users will have access to.
The availability of information has nothing to do with who is president. The data from NGA (formerly NIMA), National GeoSpatial Data Warehouse, USGS, etc... has been availble for many many years and will continue to be available. Removing access to the data now will only ensure that people won't be able to get it from the "authoritative" sources. Anyone who wants it will either already have it or they'll find another source. Consider that removing the information would be similar to banning the sale of guns - terrorist/criminals will still find a way to get it and the innocent will be the only ones without.
Most of the powerful exploits are currently worms, and unpatched (sp2 disabled pirated copies)systems may serve as propogation nodes to either attack those legitimate(read wealthy)users that have not yet installed SP2 or to exploit windows issues that remain unfixed by SP2.
I can see where your argument is coming from, but the likely situation will be that even legitimate installations will not all be patched either. MS doesn't have an obligation to the illegal installations. I imagine that if the problem you describe becomes a reality, the obligation to the legitimate consumers will necessitate offering the patches to illegal consumers.
Either way MS handles releasing the update, I have to believe that a crack will be availble very soon after the official version is released.
As the other reply stated, you don't know which way to start, so you could almost walk 1 mile if you didn't keep track of where the last call box was. I worked on a E911 (enhanced 911) project where we provided geographic centerline data for roadways. Part of our project involved several major roadways where we wanted to use the exits (either number or name) for our cross street information. The E911 staff said that the information would be practically useless as most drivers either don't keep track of which exit they are between. Most drivers just don't pay attention because they drive it so often or they are not local to the area and focus on other issues.
So while it is true that the greatest distance would really be less than a mile, it could be pretty darn close, especially depending on the terrain.
The Pennsylvania Turn Pike uses these, but unlike the woods, the Turn Pike is a limited path. PATP places the phones along the more remote areas at (I believe) 1 mile intervals so that a drive knows they have at most a 1 mile hike to get assistance. In the woods, locating these phones may be difficult as your path isn't very limited.
I realize that not everyone has a cell phone, but maybe increasing cell phone coverage would help more than anything else. Most phones can provide at least a rough geographic location and they would deter prank calls as you can trace the incoming ID. If the person is alone and incapacitated, obviously this doesn't work well.
Thanks for the link. Interesting to read and see how long the idea of transfering ownership has been goind on. Also interesting to see that it doesn't appear to have been resolved yet.
I can sell my old CD's, why can't I sell my old iTunes purchases?
Now that's an interesting point I hadn't considered before. I don't have a large collection of CDs, but I'd say at least 30% of them came from used CD shops. I wonder if any of the online music stores will start to offer the ability to trade in old songs for credit to new ones through revoking your license. Maybe I need to patent the idea of "trading in" DRM media (just kidding).
Did a search to see if I could find any additional information and found that Flamingo Travel has incorrectly had calls going to their number. They have their front page modified to point people to the correct number as other posters have listed. They also have this link to fcc.gov for filing complaints against unwanted faxes.
Sounds like some people have hit the wrong target.
The WMD's are really the Ocarina of Time.
NOTE: I am not a musician so maybe I'm way off on this.
Who distributes the demo CD's to radio stations?
Yes, I'm aware that with the Internet, bands could directly distribute, but not everyone uses the Internet for music (i.e. car, portable radio, etc...).
The industry does advance money to help bands along. Expecting money back from the investment is normal
Obviously the amount of return will always be in question, but bands negotiate this and some do better than others.
Marketing is really a way of ensuring their investments do well.
Personally I wish that more artist would take to distribution over P2P, a band website, or some other online option. Artist would be able to cut out the middle man (or at least get a much cheaper version of the "middle man") if they embrace the ideas of direct distribution. Unfortunately, this seems to be limited at this time. Remember that the artist may not be tech experts and will look to traditional processes to get their music to market. I think if a couple artist can successfully use alternative methods and get media attention, you'll find the alternative becomes the new standard.
I'm not familiar with Mandrake's configuration, but on Solaris, you can change the behavior to allow/disallow root login. I'd have to guess that Mandrake has the same capabilities (Do you have a /etc/default/login file to control it?).
The "runas" command is not obvious to most users and it isn't available in older MS Win32 OS's. I do realize that for some processes, the runas does provide a GUI interface, particularly when you start an installer, but like another responder to your post has stated, you can't do everything with "runas" (Windows Explorer for example).
Question then - How do I assign file ownership to a user? I know how to assign rights to a user, but I want the user to actually own the file/directory and the only way I know is to log in as the user and then "take ownership". There has to be a process where you can assign ownership, but I am not familiar with it.
Ultimately though, this topic has more to do with the worm problem. These worms seem to have an easy time gaining elevated privileges on the system because of flaws and/or users with greater privileges than they need for day to day task. I work at a large IT company and their solution to desktop management was to give all users administrative rights on their personal desktop as opposed to giving them the administrator account. Ideally MS Win32 will come out with something like "sudo", but I haven't heard of plans for that.
OK, so I didn't give step by step details. Obviously the "chown -R /" will only work if you have root level access. Should I include login or su steps as well (because just giving the actual command doesn't seem to satisfy you).
You do realize that you don't need to stay logged in as root, right? The "su" or "sudo" commands, similar to MS Win32's "runas" command, are available to users (unless you apply additional security by limiting access via access and ownership permissions) so that they do not run as root. Unlike MS Win32 though, just about any process (actually can't think of any that wouldn't) can be run using "su" or "sudo" while logged in with your regular user account. If you need to display a GUI, simply add the "xhost +" (or a more limited argument to the "xhost" command) and your set.
The concept of running with as a priviledged account by default seems to be based on MS Win32 practices. Users didn't want to put up with logout as user, log in as administrator, install/config, log out as administrator, log in as user. For UNIX, that isn't necessary. I do think though that users converting from MS Win32 will likely continue that bad habit, but it's not a fault of the OS, just years of a limited OS.
While no system can be 100% secure, I feel much more comfortable securing a UNIX box over a MS Win32 box. Obviously, patching a system is critical for any OS, but getting these out to a UNIX based system tends to be much simpler (my experience with Sun and SGI boxes, can't speak toward a Linux box, but have no reason to believe it wouldn't be easy too).
/" will really only be able to affect their own directories.
The virus writers for UNIX attacks will be more limited in their attacks as long as users aren't running by default as root. Hopefully this is stressed to anyone working with UNIX based systems. You can "su" or "sudo" to root for anything that "requires" root level access, but you wouldn't run as root by default. A virus would need to exploit a flaw in the OS in order to do damage to the OS, and generally you wouldn't do that type of attack as an email attachment. As for email attachment virus's, those would be more limited in their effects to the system. A user (unless they've done something stupid like running as root, or a "chown -R :
So I guess to some extent, you could say that virus numbers for UNIX based systems would go up, but the attack methods will have to be much different and will likely be less damaging. The limited damage would probably be less in a corporate environment compared to a home environment, but still, it should be simpler than a MS Win32 environment in either.
Jim