Really? Usually spyware installs itself as quietly as possible alongside other applications (ok, you may get a tiny note buried in the EULA but other than that it's practically trojan). I see no reason why the makers of spyware for Linux wouldn't try every trick in the book to get itself installed without the user noticing. Linux users can have accidents too:).
No. The big user-friendly distros have enough software packaged to make unpackaged software "weird" for a normal user.
I also see no reason why new Linux users won't run everything as root,
Because Linux is better set up for such operation. It's hard to run lock down windows, many apps try to acces i.e. C:\program files etc (unnecessarilly). Linux was locked down from the beginning and the normal account is more convenient.
or won't just be so used to the "This program requires root privileges" dialog box that they simply hammer in the root password automatically for everything that demands it.
It's much harder to hammer a root password than click "yes". Most cases of installing trojans were accidents, mind You. And, unusual things frighten people.
True. There are licencing issues with updating other vendors software, but these could certainly be overcome. Currently many applications (including Fx) rely on internal auto-update systems,[snip]
And that solves nothing. Each app has it's own tool, so there is a half of a dozen of auto-update tools. Can get in the way even more than spyware;)
Linux could demonstrate an update service that allows every software group to release patches and updates over the same system, but it'd be difficult to implement in an environment where users can compile the software themselves, and put it in nonstandard locations.
I think Zero-Install could solve that. Anyway, installing non-standard apps in non-standard ways is more of a non-standard user issue. Most users have a big, nice repo handy.
I'll take this as mockery of Slackware.
I'm a Slackware fan. But irrelevant shit is shit because it gets in the way. This time the lack of irrelevant shit were getting in your way, so irrelevant shit was no shit (and not irrelevant).
Slackware is useful as long, as the amount of installed software is low enough to make hand-upgrades feasible.
Just as if everyone switches to Linux, spyware for Linux will appear. Imagine spyware that silently compiles itself into your kernel. Imagine what a pain in the ass removing Spyware from Linux would be.
Probably only a slight one. Linux's security model makes it unusual for an app to request admin privileges, thus decreasing the probability of executable compromise. Of course worms _would_ be a problem, but spyware per se would be rare - user must _install_ the spyware, usually by accident, and that's less probable.
and they have a single, standard automatic patching system in the form of Windows Update
Which is archaic, underfeatured, browser-reliant, slow, centralized, ugly and ms-centered. I cannot upgrade firefox, photoshop or whatever by means of Windows Update.
I use Slackware Linux on my servers
Wow! On servers? Production? Err... ok, now I understand.
I'm not sure (no documentation at hand and I'm no MS guru), but I think that separation of implementation is done. I'm _entirelly_ not sure if it's done well.
2). 99.9% of malware cannot run. If it did, then it'd cause minimal damage (see 1.)
[...]
Even if not running as root, Linux malware can still edit the user's profile to start on login, and act as a spam relay or popup generator, etc. For that matter, if it's really malicious, it can trash all your files. I couldn't care less about system files, they're all "backed up" on the nice, shiny install media. My personal files, on the other hand...
But it quite unprobable that the malware will destroy Your files. It's much more probable that it will use Your computer to DoS whoever and relay whatever.
If You use an admin account, then the whole machine gets compromised - there's no point in
using anti-vir software because it can be compromised as well. Well, you have to go and reinstall everything from scratch.
OTOH if the admin accound was not touched, then the software (including anti-vir et all) remains intact and you can use it to recover from the problem.
Well, just the same in Poland. Somebody mentioned Russia. Well, I have never liked the e-mail design anyway:). Just too bad, that the IM's in question are often badly designed too (in Poland we have a "national" IM, gadu-gadu, which sucks and dominates at the same moment)
Just the guys, who got a new computer and want
to buy themselves a new webpage for their company.
They want the cool look of that cool page over
there, and thay won't check it with an old
browser. And if nobody requires from the webmaster
to make the code good, he will not make it.
Even though I was warning them, it was a shock
for the webmasters, when some guy checked the page
with Netscape, and when some jscript turned out to be a wrong idea, when a customer had his customers in US (here, in
Poland, there are very few guys with older browser
- the net is still young). And they didn't learn.
Only I had to make it all server side. Yeah,
go put it all on the admin's head...
Slashdot Mirror
Probably only a slight one. Linux's security model makes it unusual for an app to request admin privileges, thus decreasing the probability of executable compromise. Of course worms _would_ be a problem, but spyware per se would be rare - user must _install_ the spyware, usually by accident, and that's less probable.
Which is archaic, underfeatured, browser-reliant, slow, centralized, ugly and ms-centered. I cannot upgrade firefox, photoshop or whatever by means of Windows Update.
Wow! On servers? Production? Err... ok, now I understand.
Two words: cryptographic signatures.
(well, there are also more advanced filtering possibilities and offline capabilities of local MUA's, but I would have no problem sacrificing them)
I'm not sure (no documentation at hand and I'm no MS guru), but I think that separation of implementation is done. I'm _entirelly_ not sure if it's done well.
[...] Even if not running as root, Linux malware can still edit the user's profile to start on login, and act as a spam relay or popup generator, etc. For that matter, if it's really malicious, it can trash all your files. I couldn't care less about system files, they're all "backed up" on the nice, shiny install media. My personal files, on the other hand...
But it quite unprobable that the malware will destroy Your files. It's much more probable that it will use Your computer to DoS whoever and relay whatever.
If You use an admin account, then the whole machine gets compromised - there's no point in using anti-vir software because it can be compromised as well. Well, you have to go and reinstall everything from scratch.
OTOH if the admin accound was not touched, then the software (including anti-vir et all) remains intact and you can use it to recover from the problem.
Nah, there will be no exploits :
Firefox will only fetch & cache the stuff, not render it. Of course something could exploit the loader/cache/whatever, but that's pretty unlikely.
...getting warez to my home computer with terabyte density...
It seems like one of those "why didn't anyone think of this before" ideas. They did. Have You never heard of Jogger?
Quiet! You can awaken The Murphies...
Well, just the same in Poland. Somebody mentioned Russia. Well, I have never liked the e-mail design anyway :). Just too bad, that the IM's in question are often badly designed too (in Poland we have a "national" IM, gadu-gadu, which sucks and dominates at the same moment)
And a mass "oooo I don't feel so good" once in a hour...
--
Even though I was warning them, it was a shock for the webmasters, when some guy checked the page with Netscape, and when some jscript turned out to be a wrong idea, when a customer had his customers in US (here, in Poland, there are very few guys with older browser - the net is still young). And they didn't learn.
Only I had to make it all server side. Yeah, go put it all on the admin's head...