Viruses and Market Dominance - Myth or Fact? 736
rocketjam writes "An article at The Register, authored by Scott Granneman of SecurityFocus, examines the conventional wisdom that if Linux or Mac OS X were as popular as Windows, there would be just as many viruses written for those platforms. Mr. Granneman bluntly says this is wrong, then proceeds to detail the fundamental differences between those OS's and Windows which make Windows an easy and inviting target for virus-writers, as opposed to the Unix-based platforms."
I hate this argument. (Score:2, Insightful)
Operating System bugs vs Application level bugs (Score:5, Insightful)
As long as there is software there will be bugs, no matter where it is run.
Linux Is Getting There, too! (Score:5, Insightful)
If Linux becomes more popular, media recognition and increasingly "dumbed down" distros will make it a good platform virus writers.
Its all about the money (Score:3, Insightful)
MS quickly created some powerful internet enabled applications. Outlook is the best example. In order to provide so many 'innovative' goodies and features they had to sacrifice security. Deep system hooks and then trying to justify their inclusion of Internet Explorer forced them to tie IE deeply to the system. A great example of short term profiteering at the cost of long term credibility.
Just my opinion. But I am 37 and my degree is in International Relations!
ONE LOVE!
Grampy
Re:Unix-based ... (Score:5, Insightful)
I'm not sure if this is a troll or not, but Linux is indeed UNIX-based. It is "inspired by" UNIX (as opposed to having code in common).
Linux uses all of the old UNIX concepts of fork(), inodes, etc. For non-UNIX inspired systems, see OS/400, VMS, etc. These do not have UNIX primatives.
As a Linux user, I am proud that Linux is a UNIX derived (at least in spirit) system. It has a base of history, knowledge and experience from which to build. Would starting purely from scratch be better? I hardly think so.
I learned UNIX programming on SunOS. My SunOS knowledge works just fine on Linux (although not on OS/400 and hardly on Windows... unless you count what little POSIX compliance they barely put in).
Long live UNIX/Linux!
Re:What about r00tkits? (Score:5, Insightful)
Personally, I consider viruses, worms and trojans to all fall into the same genus. The differences between the three aren't too important and blurry anyways. They are all hostile code that can affect any system.
But... (Score:3, Insightful)
Not that it matters to those of us who never patch, no matter what OS you're running. I administer a Win2K based server that has remained stable because I patched it religiously and made sure that it was not easily compromised, and so far nothing has happened to it. (In fact, I had a "white hat" come in and try the usual round of exploits on the box, and none worked.)
OTOH, a friend of mine administering a Linux server was too busy bragging about his non-stop uptime to upgrade to a non-exploitable version of Apache and got his site defaced. Twice.
It's not the OS, it's what you do with it.
Windows viruses and GNU/Linux (Score:5, Insightful)
RMS commented on this issue earlier this year:
There are several reasons why GNU/Linux has few viruses:
If everyone switches to GNU/Linux, reason 4 will go away, but not the others. Therefore, people can expect to have much fewer virus problems in a world of GNU/Linux users than then have now with Windows.
--END-OF-RMS-TEXT--
Forget Windows (Score:5, Insightful)
"Normal user" (Score:5, Insightful)
As I've pointed out to the author, being just a "normal user" is enough to let the virus spread and to destroy the "normal" users documents.
I keep seeing this argument over and over again when talking about system stability. But my system would be next to useless if all my documents and configurations would be gone. Maybe it would be easier to recover from backup instead of a full reinstall, but that would be it.
Most pc's out there are single user (or single family) computers, instead of the old multi-user mainframes. All the important data are in reach of the virus.
If I get a response I will let you know...
Re:his worst argument... (Score:5, Insightful)
Further, due to the strong community around Linux, new users will receive education and encouragement in areas such as email security that are currently lacking in the Windows world, which should help to alleviate any concerns on the part of newbies.
Yeah right. I garuntee if my Mom started using Linux all she'd be doing the same things she's doing now. You can lead a horse to water but you can't make them check if it's contaminated first...
ummm (Score:2, Insightful)
Yes, until someone decides to add that functionality to a mail program. Things like having a 4 step process to read email attachments is WHY linux is not seeing mainstream growth. The average person cares a heck of a lot more about convenience than security.
The users are a factor (Score:3, Insightful)
That's why any dominant OS will be a prime target for virus writers.
Jason
ProfQuotes [profquotes.com]
Right (Score:1, Insightful)
Oh yes, there would be a wildly popular Outlook Express equivalent that would give you a "rich internet experience" by allowing aunt Martha to email the joke of the day and executing bash scripts on arrival.
There would also be about 100 distro "vendors" pumping out "teh gratest Linux yet!" with insecure shit running by default out of the box. Take the recent SSH vulnerabilities and apply them to this scenario - millions of zombied boxes pumping out billions of "Taste the latest internet pack from teh $CO corp." messages.
The oft-quoted "given enough eyes, are bugs are shallow" goes to hell real fast when the problem becomes "given enough unpatched boxes, all worms are happy".
And besides, by that time everyone who is '133t' enough would have moved to some other OS because Linux would be too "mainstream" and "lame". Heck, even today most of you people think Lindows and Lycoris (along with RedHat) are the scum of the earth.
So carry on with your wild dreams of technological superiority. Me? I just want to write some code and play some games. Windows works just fine.
Re:Linux Is Getting There, too! (Score:5, Insightful)
And that's what, as far as I know, NO ONE would manage to dumb Linux down to be able to do. All of the big virii like SoBig and Blaster rely on Microsoft's boneheaded insistance on cross-linking every program and giving everything full root rights. Did you know there's one theoretical expoit in Windows, thankfully not done yet, in which an MP3 could be given a corrupt header, which points IE to a virus online, and be activated simply on MOUSEOVER? No joke, it's out in MS's security updates archive.
So even if it becomes easier for lusers to infect themselves, the chances of an Internet crippling worm are FAR reduced. (and that's even assuming a few standardized builds; the huge multitude of programs available for Linux create a form of security through obscurity)
Re:Linux Is Getting There, too! (Score:3, Insightful)
disappointing article (Score:3, Insightful)
Unixcorn (Score:2, Insightful)
I welcome the ease of use of Windows and I am happy to pay for the virus protection and fix an occaisional fuck-up. At least it keeps those blank stares from cluttering up my dreams at night.....
It's not that simple, is it? (Score:3, Insightful)
Once anything has root access, it's tough to stop it from making a great many changes to a system, and worming into other systems with the same vulnerability.
This isn't very different at all from the Windows viruses, where almost everything runs with admin access.
I'd say that Linux is a VERY tempting target on the server front, it's just that those systems aren't only under a more watchful eye than the common workstation, they're also usually locked down more tightly out of paranoia.
Now that Win2000/XP has a "Run As" feature built in, home users really shouldn't have default admin access anyway, so it's more of an issue of defaults than anything else.
This is, of course, coming as long-time Linux admin/Windows PC owner/current Mac OS X user. I've seen all three platforms, and Windows isn't really that bad if you just a) set it up properly, and b) train the users. Perhaps if Microsoft actually made a point of enabling privilege separation out of the box, it wouldn't have all these problems. Of course, this is exactly what's wrong with Lindows, ironically enough. It's engineered just fine, it's just not set up right.
Re:whatever (Score:5, Insightful)
Outlook Express isn't removable from Win2k onwards. MS considers it part of the OS. So it is the OS's fault.
If Linux came with unremovable email clients, then your argument would be valid.
Re:What about r00tkits? (Score:2, Insightful)
Re:YES and NO... (Score:5, Insightful)
Re:his worst argument... (Score:5, Insightful)
For example, OS X installs the first user as an Administrator (though several tasks require they enter their password as a sort of sudo command - but most users would simply do so without thinking of the consequences).
The last time I installed Red Hat (7.2 I believe), it had you set the root user, then create a new normal user - assuming the user logs in as themselves, and not root, then the protections will work.
I think the best note is "if users act like they should" (which is easier in an office environment than a home one), then virses onto UNIX based systems (GNU/Linux, BSD, or otherwise) won't get very far and will find quick death if spread using the standard "social engineering" ways of the MS Windows world.
The difference between UNIX systems and Windows ones is that there are fewer protections on Windows to prevent System-level commands from being run. On a UNIX box, if I'm signing on as me (non-admin type), then I can feel pretty good about general security. If I'm on a Windows box, I'm going to have to be double cautious with everything that crosses my email or my browser - whether I actively run it or not.
So I'd say he made some fallacies, but overall his point is more correct than the cries of "Well, there are less viruses on GNU/Linux and OS X because nobody runs it! Nyah!"
Mod parent up! (Score:3, Insightful)
If and when the so-called great Linux revolution occurs, distros will have to keep the needs of the average consumer in mind. Y'know, the people who outnumber your average slashdot reader in droves? Most of these people have no desire or need to really learn anything beyond what it takes to turn on the machine, open a browser and check their email, maybe running an IM client and the occassional game. Having any expectations of them learning commandline tools such as chmod is pushing it. Microsoft's design choices weren't always out of their own stupidity so much as knowing the majority of potential customers -- the customers with the biggest numbers, thus ones you'd need to be a dominant OS -- aren't informed and *don't wish to be*.
Feel free to wring your hands over it.
What about OS X? (Score:5, Insightful)
OS X was designed from the beginning as a desktop OS, and the designers have taken these issues into account. For one thing, the root account is disabled. It is not trivial to enable the root account, and it isn't even necessary.
Secondly, even though OS X ships with a standard mail client it's a good mail client. It can't run applications or scripts with a single click, HTML email is limited to display, no JavaScript can run, and plug-ins don't work.
I wonder if Apple should thank Microsoft for setting such a bad example!
Re:whatever (Score:3, Insightful)
I just realized, damn it, I've been trolled again.
Re:his worst argument... (Score:2, Insightful)
In fact, the way he's written it, if I were to hack up a linux mail client that automatically set the executable bit of an attachment, but also contained a bug that meant it could be done in preview, I would have disproven the entire section. That should give an idea of the validity of that tripe.
I don't even...the man...Look, the whole point is that he's trying to argue that it would be just as secure if it dominated the desktops of the world. Does he think there's some chemical in RedHat's cellophane wrap that makes people permanently give secure computing tips to an installed base of half a billion people? And a second chemical that makes everyone's grandma actually fucking listen?
That's enough bullet points for the time being. Please, people, if you're going to post a story about this, try and concentrate on maybe OSS having fewer bugs or something, hence being more secure. Sure I won't necessarily go along with it, but at least it won't come across as the incoherent ramblings of a 14 year old zealot like this does.
Re:Linux isn't that much better.. (Score:1, Insightful)
For god's sake let me decide if I want to run it or not. Letting a security-challanged company decide it for me is f***g stupid.
Everyone knows... (Score:1, Insightful)
1. Keep the platform in the news, more exposure more sales.
2. Results in the employment of more people with MSCE's which in turn results in more spending on MS products.
3. The patch exists BEFORE the attack. This means MS knows the attack is coming!
MacOS (Score:2, Insightful)
Why Mr Granneman is Wrong (Score:0, Insightful)
He calles these Social Engineering, and Poorly Designed Software.
With regards to the Social Engineering claim, the logic that Granneman uses is basically that tasks are so difficult to do in Linux that no user would be able to put themselves at risk.
Unfortunately this argument fails to address why Windows is the dominant OS... that being that Microsoft listened to consumers and provided them tools that worked easily. So it is this very functionality which makes Windows popular and weak at the same time.
Mr. Granneman then goes off on a tangent claiming that the real problem is running as local admin.
But this is obviously not true. In most corporate environments end users do not run as root, yet viruses still do great damage. Even as a normal user, a virus still has access to all the files in the users home directory, shared file server shares, etc. Furthermore a virus can run in memory during the users session.
The main impact that running as root as on the spreading of viruses is the cost of having to clean up the local machine, either by running some script or by reinstalling the base OS and applications. This can be a signifigant cost, but it's not related to the spread of viruses.
It's also interesting to note that Mr. Granneman does not make any distinction between worms and viruses... although in todays networked world there is no distinction. Apparently Mr. Granneman thought by not mentioning the term he wouldn't have to discuss the high impact worms have had on Linux installations.
Mr. Granneman also brings up the worn out argument of biodiversity with regards to computer operating systems. Anybody who has had time to study biology certainly understands the issue and the risks associated with having only one strain of bannanas for instance.
But Mr. Granneman ignores the major difference between genetic organisms and computer software... i.e. software is easier to change. Thus making the analogy trite and irrelevant, and if anything he is simply arguing for Security via Obscurity. This may be important in genetics when you have no other choice, but is it the wisest course for computer systems? Few would agree on that one.
Mr. Granneman then talks about software design, but sadly his knowledge is severely outdated. He makes this statement:
But obviously has failed to look at Outlook 2003 to find that it behaves in nearly the exactly same way with regards to external HTML images, and that Outlook 2002 and 2000(with patches) had settings which prevented all scripts, activeX, whatever from executing anyway.
So Mr. Granneman would rather spread FUD, tell us the sky is falling, then
Re:What about r00tkits? (Score:3, Insightful)
Most Unices are good about preventing average users from accessing the core files in the OS, whereas Windows just puts a nice little warning on the screen and lets you go right ahead.
Re:Good and bad points (Score:3, Insightful)
Hard to run executable attachments being a lack-of-feature: no, it IS a feature. 99% of the Windows malware going around depends on users unwittingly running executable attachments. Making it easy for Linux users to suffer the same fate is NOT a feature, and in particular not a desirable one.
Application vs. OS: MS itself is the one that integrated the HTML component into the core OS. And they can't fix it, because things like Windows Help also use that component. If you fix the behavior for e-mail, you break Windows Help. If you leave the behavior available for Windows Help, it's also available in e-mail. This is the price you pay for integration, and it's a high one.
Re:This seems very naive (Score:3, Insightful)
Ease of use is important but then so is intelligent design. Windows arguably has the former , Linux the latter, but OS X seems to get it right on both counts.
Windows problems are not limited to poor kernel design (extraneous graphics routines and such are included in the kernel, bad bad bad...) but also extend to the usability front. Cryptic error messages and bad interfaces compound this problem. The users have been desensitized to reading dialog boxes since they often do not help. Admittedly, many of the viruses use social engineering to spread.. and the reason this is successful is that users are used to seeing tons of very cryptic messages written by engineers-- virus writers take advantage of the ability of the Windows user to blindly click the OK button without reading the dialog box.
Apple dialog warnings on the other hand seem to have been written by humanities majors who seem to speak well to the user. Even GNOME has done an amazing job in making the error warning easy to understand...
Re:What about r00tkits? (Score:3, Insightful)
linux less of a monocolture? (Score:2, Insightful)
This has been known for a while, is definetly a valid point. But is linux really so much less monocolture than windows? and will it be able to keep the diversity it has when the public smartens up and makes the switch?
What percentage of the linux systems in the world run an openssh server, and were volnerable lately? and what would have happened to a worm written to exploite this.
Most systems in linux you have several good alternatives commonly used, but not all. And when creating a system for the masses one of the most important things is to be standard.
You can't expect everybody to learn how to do everything twice!
If linux will ever reach the masses it will have to be a version very similar in behaviou and UI for practicly everyone.
This leads to the dreaded monocolture enviorment.
Me.
Re:Windows viruses and GNU/Linux (Score:3, Insightful)
Re:But... (Score:5, Insightful)
Nope. You should probably read the article. It explains the flaw in your logic. To save you some time, here are the relevant parts.........
We've all heard it many times when a new Microsoft virus comes out. In fact, I've heard it a couple of times this week already. Someone on a mailing list or discussion forum complains about the latest in a long line of Microsoft email viruses or worms and recommends others consider Mac OS X or Linux as a somewhat safer computing platform. In response, another person named, oh, let's call him "Bill," says, basically, "How ridiculous! The only reason Microsoft software is the target of so many viruses is because it is so widely used! Why, if Linux or Mac OS X was as popular as Windows, there would be just as many viruses written for those platforms!"
Of course, it's not just "regular folks" on mailing lists who share this opinion. Businesspeople have expressed similar attitudes
Mr. Clarke is wrong.
AND THESE BULLITS....
**Windows software is either executable or not, depending on the file extension. So if a file ends with ".exe" or ".scr", it can be run as a program (yes, of course, if you change a text file's extension from ".txt" to ".exe", nothing will happen, because it's not magically an executable; I'm talking about real executable programs). It's easy to run executables in the Windows world, and users who get an email with a subject line like "Check out this wicked screensaver!" and an attachment, too often click on it without thinking first, and bang! we're off to the races and a new worm has taken over their systems.
**Microsoft's email software is able to infect a user's computer when they do something as innocuous as read an email! Don't believe me? Take a look at Microsoft Security Bulletins MS99-032, MS00-043, MS01-015, MS01-020, MS02-068, or MS03-023, for instance. Notice that's at least one for the last five years. And though Microsoft's latest versions of Outlook block most executable attachments by default, it's still possible to override those protections.
**Further, due to the strong separation between normal users and the privileged root user, our Linux user would have to be running as root to really do any damage to the system. He could damage his
Those are just a few points from the article. So the real issue has much less to do with market penetration and a lot more to do with Microsoft building an Operating system that seems to be meant to be insecure.
Re:his worst argument... (Score:1, Insightful)
It says basicly 'people are stupid and do stupid things'. Well GEE DUH.
Lets say tommorow everyone decided linux was the way to go. In a year we would be basicly where we started. There would be so many boxes out there that have been rooted it would not even be funny.
How many people ACTUALY patch their windows machines? I have gone over to friends and families houses dialed in to windowsupdate and seen PAGES of fixes they should have. Lets again say everyone had linux. How many would pay any attention to SSH has a security vulin? Or any of the other default services that some distros run BY DEFAULT.
Its not a matter of even making them do something stupid. They will do it all by themselves. Check out this cool program I found... OH just click on this and you will see X its FUnnnnnnY.
To say linux is more secure because people on windoze are st00pid. That argument does not fly with me.
Windows has a history of software to build on. So the virus devs have that history to build on as well. It would not take long before people are working around linux's security model because its expidiant to code for. That is where the security breaches would come from.
I am not saying windows is more secure. I am saying that the argument that it is built that way is silly. IF you build your application correctly it will work just fine. But if you work around MS's security model you will find yourself in a world of hurt.
I had an argument a few weeks ago with another programmer over this very fact. He was going around the MS security model. I SHOWED him how to use it correctly. I SHOWED him WHY to do 'the right way'. Guess what he did? Yep you guessed it, he did it the way that was easiest to code for him. Why? He's lazy. How many other programmers are there like that out there? Do you REALLY trust all of em? All it takes is 1 or 2 to screw things up big time.
As for the system level thing thats just not true. You can config a windows box so ONLY certian people can run things. Out of box it is not secure. Its called groupings and policies. They work fairly well. I watch changelogs in some of the distros. They are CONSTANTLY chmoding things to make it more secure. You can effectivly do the same thing in windows. MS just doesnt do it for you. In fact that is one of his points some distros are even taking the same route as windows. Everything is wide open.
A properly configured NT box is hard to root. On the same side of that coin so is a Linux box. On the flip side a improperly configured NT box (most of em out there) is EASY to root. On the same side of that coin a system where everything runs as root is EASY to subvert.
A couple of things (Score:5, Insightful)
While I agree with the gist of his article, there are a couple of obvious problems:
Further, due to the strong community around Linux, new users will receive education and encouragement in areas such as email security that are currently lacking in the Windows world
That's unlikely. As Linux takes over corporate desktops, the users are not going to be joining LUG's or mailing lists. This has been mostly true up to this point, but mass acceptance will change the demographic of the user community to be more like that of Windows.
Further, due to the strong separation between normal users and the privileged root user, our Linux user would have to be running as root to really do any damage to the system. He could damage his /home directory, but that's about it.
It's mind-boggling that this stupid line of reasoning is still used. First, my home directory is the part of the system that I'm most concerned about protecting. Holy shit! That's where my files are. The rest of the OS can be downloaded off the internet or from any CD that I have. But what about the files that I have created? A program destroying my home directory is a far larger problem than a program that mucks up executables or something.
Second, the modern worm/virus on Windows doesn't need any elevated privileges. The whole point is to spread, and there is absolutely nothing about that process that needs or uses any elevated privileges. Being root is not terribly relevant for the modern worm.
With all the lost money and productivity over the last decade caused by countless Microsoft-borne viruses and worms, you'd think the company could have changed its procedures in this area, but no.
And it wouldn't have made a damned bit of difference for the most destructive email worms. Is the author from another planet? I have to wonder.
Re:yes, but the effect might be different (Score:3, Insightful)
An article that links Windows exploits and theft of code as a reflection of Open Source is the sanest thing you've read about this incident? What other black-helicopters-from-Open-Source-world stories have you been reading?
The author of this article does not understand the culture nor history of what he criticizes. Or he understands it well enough to know what buttons to push.
Misguided. Maybe sociopathic. Hardly sane.
Only /home? (Score:5, Insightful)
Remember, it is the *DATA* that is important, not the programs. There are boxes and boxes of the same program on most computer store shelves -- or tons of
Security vs. Convenience. (Score:2, Insightful)
And people wonder why Linux isn't sweeping the market. Simplicity sells, and for good reasons. I'm a technophile and I value security, but even I don't want to go through a dozen and a half steps just to open a file that I 'know' to be safe.
The Windows operating systems certainly have their problems - particularly with how certain defaults are set up. However making life more difficult for the end user definitely won't win any support.
Re:yes, but the effect might be different (Score:2, Insightful)
His other point in comparing linux to communism is really silly. Those who participate freely give their time to the project, and very few actually are trying to "break" capitalism in some way; they simply want an alternative. It is about freedom to choose another solution to a problem, it does not force people to stop using other software.
Ummm... Morris Worm? (Score:2, Insightful)
It's clear that the author includes worms in his definition of "viruses." The first worm I had ever heard of was the Morris Worm [wikipedia.org], which most certainly did impact UNIX machines, and was very widespread in terms of percentage of infected machines back in 1988.
I agree with the premise to some degree, but I consider a significant amount of the author's "evidence" to be FUD, distorted or simply wrong.
Ease-of-use ~ Ease-of-infection (Score:5, Insightful)
The very features which make Linux less vulnerable to virii also insure that it will
never be as popular as Windows.
Try explaining 'chmod' to your mother-in-law.
Difficulty is a factor too (Score:5, Insightful)
The author does point out, quite correctly, that even if Linux viruses became more widespread, most of them would probably only affect the user space and not currupt the system itself.
Re:yes, but the effect might be different (Score:5, Insightful)
Re:yes, but the effect might be different (Score:5, Insightful)
I think that was the first sentence:
It could be analogous to blaming the engineers if they had painted a big target on sensitive areas of the building, and provided planes a lighted approach for hitting them.
But, it gets even better:
When are you notified that you may need a kevlar vest? Again, this would be a more fitting analogy if the person not wearing a vest was in, say.. Iraq 8 months ago and had a US Army emblem stitched on their uniform. If you buy software, I think it's a reasonable expectation that it won't be broken due to negligence. If I purchased a car, I'd be pretty pissed off if I found out the company made it very easy to open it without my keyless entry fob. That's a much more fitting analogy. Analogies suck to argue with, so lets just keep on the real subject:
Yes, this is why we demonize Microsoft. Not because they violate HTTP, SSL, CSS, and countless other standards. Not because they violate business laws, and are sued for it. We demonize them because they attract idiots better than us. I'm glad he cleared that up for me, because I was wondering why I didn't run Windows. It's not just my surprise, Ed has one too:
I suppose I'm part of the culture, and I don't glorify nor justify. In fact, I say it's wrong. So do a lot of people. So, again, half-baked claims with no factual backing. Yes, I'm sure several people did say that Half-Life will now have Linux binaries. If any of them said it seriously, I doubt they have the capabilities to build them anyway. Any joke taken out of context can make someone look like a dick. Or a Communist, right Ed?
I didn't realize that thieves were happy only getting what they need and no more. Perhaps you should ask Microsoft since it's documented that they have stolen a few things. I can definitely see how they take only what they need. Like $40B in cash reserves.
But when we talk about P2P, that's when Communism really rears it's ugly head. Not Capitalism and market dominance nor supply and demand, which is the very cornerstone of capitalist economics:
The replacement to the RIAA? I'm not sure, how about CDBaby or the other houses that are opening up? Why are there so many famous artists that loathe the RIAA? How many famous artists have you sat down and talked to about record contracts. I can name one, and he makes more money now touring as a legendary band (from the 60s) than he ever did from his 6 platinum records. Even he wants to get on the internet distribution bandwagon. But,
debunking "Linux Vs. Windows VIruses" (Score:2, Insightful)
Here are the arguments from the article:
"a Linux user would have to read the email, save the attachment, give the attachment executable permissions, and then run the executable."
The default behavior of *nix mail clients is to save files if instructed, and not executable. However, There isn't anything inherent to *nix which dictates this. A mail client that claims to be more user friendly can also save a file and run it automatically as well. There just hasn't been a popular one in use yet.
"Further, due to the strong separation between normal users and the privileged root user, our Linux user would have to be running as root to really do any damage to the system. He could damage his
The configuration that Linux has been trying to increase its numbers with, and OS X's main configuration is the single user desktop machine with no automatic backups. To the home user, blowing away
"Windows XP, supposed Microsoft's most secure desktop operating system, automatically makes the first named user of the system an Administrator, with the power to do anything he wants to the computer.
Ok, I agree with these points. However, as Linux penetrates the home user market, the limited capabilities of the regular user will be increased. Remember Lindows? I believe (all) user(s) run as root. The author address Lindows near the end of the article, but he dismisses it as an exception rather than the rule. Ask yourself *why* the developers chose this route. It's because they want more home user/desktop penetration. Expect more of these types of decisions to be made in the future.
"Even worse, the collection of files on a Windows system - the operating system, the applications, and the user data - can't be kept apart from each other. Things are intermingled to a degree that makes it unlikely that they will ever be satisfactorily sorted out in any sensibly secure fashion."
Ever look at
"Linux runs on many architectures, not just Intel, and there are many versions of Linux, many packaging systems, and many shells. But most obvious to the end user, Linux mail clients and address books are far from standardized."
Again, as Linux becomes more popular with home users, one or two mail clients (depending on if one or two desktop environments will survive in 5 years) could possibly dominate the market, on possibly one type of architecture, the x86. As well, Linux prides itself on supporting standards, across different applications.
"Microsoft continually links together its software, often not for technical reasons, but instead for marketing or business development reasons"
Here I will agree with the author,
Re:interesing (Score:2, Insightful)
Each little stumbling block that is beneath the notice of a Linux user translates to thousands of tech calls out in the real world.
People hate to have to learn to jiggle the door handle to get the key to work. They hate to have to hit the TV on the top left side, just and so.
In spite of popular opinion, these OS's have [b]not[/b] been put thru the wringer...
Slight flaw in your logic (Score:3, Insightful)
Every install of RedHat I've ever done sure as hell doesn't install and run an SSH daemon by default. And if you turn it on, you can turn it off.
Hundreds of posts, and not one Slashdotter has pointed this out: the most recent RPC vulnerabilities are all the proof you need to show why Windows, in its current incarnations, is far less secure than any Linux distro I've ever seen. An unpatched Windows system on the internet can be compromised within minutes, and it's not because there are "oh so many Windows viruses". It's because the RPC service is enabled by default, "run as root" insofar as Windows does that, and YOU CAN'T TURN THE DAMN THING OFF. So even if I'm clueful, don't open email attachments, only use plain text email, never run foreign binaries, I can still get "rooted" trivially.
Show me a Linux distro that does that. Hell, RedHat goes one further and runs IPtables by default for you these days. I'd love to see you try to root my box without being able to connect to it first. With a Windows machine, you as user leave a half-dozen almost unclosable ports open by default.
(Note: I realize that Apache, OpenSSH, and every other server daemon under the sun has known vulnerabilities. But I'm comparing apples to apples here, and Joe Sixpack doesn't often run a webserver off his WindowsXP box).
Re:his worst argument... (Score:3, Insightful)
Which is why I said "any consumer Windows OS". The first NT based OS targeted at consumers (as opposed to businesses) was WinXP.
Yes, a lot of software assumes admin rights when it really has no place doing so (even OpenOffice for Windows requires Admin rights to install!) However, for a similar task under unix, try installing Perl and a bunch of CPAN modules on a per-user basis rather than a system-wide basis. (we do this a lot because different 3rd party apps require different perl versions). Don't even get me started on gcc.
I can see how this would be a problem for you, I've always thought of things like Perl & GCC as the sorts of things that would be installed system wide. Maybe VMware or User Mode Linux would be a better choice. I was thinking more in terms of installing programs as root/admin but still being usable by all users (complete with their own preferences etc) based on their login info. In *NIX almost everyone solves this in the same way, a single system wide preferences file plus a seperate set of preferences in the users home directory. At least in the case of Debian the packages also take care of making sure the programs appear in each users desktop/menues and lets you know if there might be permissions issues. It's not allways pretty but at least it's fairly consistant. With Windows apps, there doesn't appear to be any pattern at all. Some apps. just show up in the admins Start Menu while others show up for everyone. Some have seperate preferences for each users and some don't. A few want access to c:\windows whenever they run (or at least whenever you change anything) and some (most thankfully) don't. Some use the built in Windows facilities for profiles/preferences and some (most) use their own oddball method. Your right that the entire WinNT line of Windows has had all (or at least most) of the facilities to handle this stuff in a nice consistant manner but until recently the vast majority of users were still running Win9x/ME and even now these people still probably represent half or more of the Windows users. The whole thing tends to be self perpetuating, the developers get used to the programs they use behaving this way and the users are already used to it so nothing changes.
Re:What about r00tkits? (Score:2, Insightful)
You know, you just described a Trojan (Horse), not a Virus.
Unless, of couse, you mean stupid users are the real virus. In that case, I do have to agree with you
Re:Linux Is Getting There, too! (Score:2, Insightful)
No. What you want is to make running attached executables safe and secure. Running in a sandbox could be easy and safe, for instance. The sandbox could prevent access to the network and the local filesystem in the same way as Java's security model
Making it more complicated doesn't make it any safer, and once the user gets the steps to make an attachment under Linuz memorised it won't slow them down much even.
And seriously, how is zipping up an exe going to make it safer? - the user is still going to open it and run the contents.
Yes, *but* (Score:3, Insightful)
For one thing, the root account is disabled. It is not trivial to enable the root account, and it isn't even necessary.
On the other hand, he doesn't mention that all you have to do is convince someone to enter their Administrator password, and all hell can break loose. I would say you are far more likely to sucessfully socially engineer someone to do that (Check out this wicked screen-saver; you just need to enter your administrator password to install it (a common install procedure)) than to get a *NIX user to run something as root.
Re:Ease-of-use ~ Ease-of-infection (Score:2, Insightful)
I've actually done this. She wasn't all too pleased with my answers but agreed that beeing able to prevent other users from hampering with your files was a good thing. She was even happier when I told her Nautilus and Konqueror could set the permissions in a GUI that she completely understood.
One does not need to understand chmod in order to use a *nix system. One need only understand the concept behind it.
Re:Only /home? (Score:4, Insightful)
"I'd rather wipe out my system, and not touch
Not possible. Either your system *and* home directory is wiped, or your home directory only.
What would you prefer:
1. A full system install *and* data restore.
2. Only data restore.
Re:"Normal user" (Score:2, Insightful)
Joe User uses the virus, loses his data, but has no permissions either to affect the system nor to destroy the backup, owned by "backup". "buckup" doesn't execute any program save from "cp" and "gzip", so it is doubtful his home can be infected...
Re:interesing (Score:3, Insightful)
While the workings of consumer electronics can be made transparent to end users, computers are a different entity all together.
My original point is based on the problem that a lot of IT decisions are made by non-technically minded management based on the effect it will have on the company accounts in the current financial year. How many IT people have put educated, well developed ideas forward and had them shot down not for technical reasons but because there's no money. At the same time, the CEO's getting a $/3 million bonus and a new Mercedes. How do you accurately calculate TCO? How much to include for the cost of having to pull in IT staff, on overtime, over the weekend in order to carry out disaster recovery when the latest virus wreaks havoc. What if a virus as prolific as SoBig.F started overwriting hard disk sectors that store drive geometry info forcing whole corporations to fix or replace every HDD in the company. Imagine the chaos. Is it luck that this hasn't happened? Is it on the cards? Who knows, but if it does happen I know the shit will really hit the fan.
All I'm saying is that if you can integrate other OS's into a business it would be a good insurance policy to do so. OK if you use AutoCAD you're more or less stuck with Windows on the desktop because as good as LinuxCAD or others may be there's too much built around AutoCAD for many people to use it as a drop in replacemnt.
On the other hand if your servers are sharing files and printers, delivering e-mail and not a lot else, why the hell are you running Windows. Now that Opengroupware [opengroupware.org] is out even Exchange (the holy grail) may be replaceable and there are Linux server solutions that will fulfill all the requirements of an awful lot of offices. In exchange you get a mail server that is immune to Windows viruses, loads of extra odds and sods that'd cost a fortune on Windows and an extra degree of seperation in the event of an attack.
Support will develop as Linux usage expands. Or why not use a MAC? Known company, good reputation and it ain't Windows giving you many of the benefits of Linux with Apple paid support. BSD, whatever, it's not the OS you use that makes the difference it's removing the uniformity of weaknesses that a network of 100% identical machines on a network gives you.
There really is enough room for more than one OS in the world and at the end of the day, how many SoBIG.F's will it take to cost business the price of supporting it.
Does anyone think the author had any valid points? (Score:2, Insightful)
I personally dont use OE and prefer Linux over Windows, but the points he made in this article are well.....pointless.