UNIX Security: Don't Believe the Truth? 520
OSNews has an interesting editorial about security on UNIX-like systems. "One of the biggest reasons for many people to switch to a UNIX desktop, away from Windows, is security. It is fairly common knowledge that UNIX-like systems are more secure than Windows. Whether this is true or not will not be up for debate in this short editorial; I will simply assume UNIX-like systems are more secure, for the sake of argument. However, how much is that increased security really worth for an average home user, when you break it down? According to me, fairly little"
Backup (Score:4, Insightful)
Re:Backup (Score:5, Insightful)
Google "How to use cron".
The OS already can be set up to do this. The premise of the article is flawed; and based on a premise that I reject. Chances are, if you're smart enough to run Linux, then you're probably smart enough to backup your important files.
Plus, given the author's scenario - let's flip it around: A Windows virus can bork your data and your OS. At least with UNIX, backups notwithstanding, the OS is still there and you'd have a much better chance at recovering your data than you would with Windows.
Mod article -1, Flamebait.
Re:Backup (Score:2)
Re:Backup (Score:5, Informative)
I'm a fulltime Linux user (4 years on the desktop, 7 years otherwise, so no veteran, and no newbie either) and I'd never even consider using logging in as root for any activities that aren't associated with system administration. (guess where "Administrator" comes from) Typing in the root password to install software isn't something I'd call a nuisance or even mildly irritating.
The same thing is of course possible under Windows: Make your main login a 'Power User', or if you feel that's not safe enough, put it in a group with the same policies as the 'Users' group and slowly increase its permissions until you can work productively. (there are problems with debugging code and other niggles by default) Recent versions of Windows will prompt you for an Admin password for stuff your user isn't allowed to touch, although in some cases you have to explicitly right-click the link/executable and select 'run as'. I think there even are some utilities around to make the process even less painful.
If you're doing extensive admin stuff, you can also log in as an Admin explicitly of course, and since XP you can switch between users quite easily without logging out.
It always astounds me how incredibly adverse peoples' reactions are to this suggestion. Sure, it doesn't provide absolute security (ActiveX springs to mind) but that, together with frequent Windows Updates, an enabled WinXP SP2 firewall, and not using IE, I can't imagine you'll have a problem. You might be able to lose some data if you catch a virus, but you're very, very unlikely to bone your system. I do occasionally boot into Windows to play games (Cedega doesn't really work on ATI graphics cards) and I've never caught a virus or spyware, and I don't have an antivirus program installed, as they slow the system down to an infuriating degree IMO.
~phil
Because it makes things work. (Score:4, Interesting)
This isn't necessarily the fault of Windows
And that is only because the FIRST step is learning enough about the system to know that there is a problem. It's easy for most of us who spend time and read
It's called "Google". (Score:5, Informative)
That starts you off on shares and setting the time/date.
Do you want to know one of the coding practices lead to this problem?
http://blogs.msdn.com/aaron_margosis/ [msdn.com]
You might want to spend some time looking up Powerpoint 2003, too.
It's called "reading". (Score:3, Insightful)
I had said:
"Yep. It is possible. But it is more work than the average Windows user will want to put into it."
Then you asked:
So I provided you with s
Re:Because it makes things work. (Score:4, Informative)
Ask and ye shall receive: Keith Brown's Hall of Shame [pluralsight.com].
Re: (Score:3, Informative)
Re:Because it makes things work. (Score:4, Informative)
1. Click 'Start'.
2. Go to Settings > Control Panel (or click on 'Control Panel' if using the XP menu)
3. Double-click on 'User Accounts' and wait for applet to load.
4. Click on account name.
5. Click on 'Change Password' (or 'Create Password' if none is set)
6. Type in current password (only if 'Change Password' was selected), new password, and again to confirm. Also type in a hint.
7. It may ask if you want to make folders private. Choose yes or no.
8. Close window. Done.
See, that's strange, because all I do is hit CTRL + ALT + DEL, then click "Change Password". Enter the old, then the new twice and click "OK"
No need to complicate things overly. And no need to compare the O/S's. each has it's place.
I feel fairly comfortable with admining Windows.
Maybe we've just discovered why so many Windows systems have problems.
Re:Backup (Score:5, Informative)
My point about all this is no amount of security or proper setup will prevent stupidity. Although this is a case where Linux/UNIX would suffer from the same problem. Social Engineering is still the greatest exploit out there, for any OS.
Re:Backup (Score:3, Insightful)
The same reason that Linux users don't have reasonably strict SELinux policies in place on their machines - a lot of applications are still stuck in the older model and don't play nice with Windows if you aren't the Adminstrator, or Linux if you try and confine their access to reasonable least privilege. What I find interesting is that both Linux and Windows have this issue but people keep ignoring the Linu
Why Windows People Run as Admin (Score:3, Insightful)
I hear this a lot, but there's actually a pretty good reason. Windows feels restrictive as a normal user, because its filesystem and registry permissions are so haphazard. Many programs won't even run in a non-admin account at all. UNIX is designed to make the user feel quite unrestricted as a normal user, and conventions like sudoers take this princip
Re:Why Windows People Run as Admin (Score:3, Informative)
Well, let me begin by saying I am not just some random UNIX nut, but that I was actually an NT admin for years (although I am not one currently). But one point is that the NTFS permission and security concepts in NT5+ are sufficiently complicated that I am unable to explain them adequately here in a single post; I for one could spend a few thousand words just on the topic of
Re:Backup (Score:3, Informative)
Users of software suites called "operating systems" and "filesystems". An "executable image" is a file (generally on disk) that is (more or less) an image of the program's initial state when it is loaded into memory. Users who are less careful with wording than GP often call them "executable files" (even though not all executable files are executable images), .exe's (even though not all operating systems do magic by file extension), or just "programs".
Re:Backup (Score:3, Funny)
- (Insert Evil Grin Here) Pug
Re:Backup (Score:5, Funny)
Re:Backup (Score:3, Insightful)
That's rather presumptuous, isn't it? Not everyone that installs linux on their pc is automatically a linux-nerd... In fact, these days, there are probably just as many people running linux that wouldn't be able to set up a cron script to backup their stuff. The vast majority of linux users that I've known were not professional admins, and would never have had the patience to install lin
That's not exactly correct (Score:5, Informative)
Re:That's not exactly correct (Score:3, Insightful)
I would agree with your statement, just adding that software written to run only as admin is considered poor programming practice on Windows, even if it is often the norm.
Re:Backup (Score:3, Insightful)
Re:Backup (Score:3, Insightful)
Re:Backup (Score:5, Informative)
All that, of course, is ignoring practical differences in the security history of the platforms and common applications, as well as the lower profile of Linux in terms of automated threats. Direct attacks (ie, someone is specifically attacking you) are just as much of a threat, and many distros are vulnerable to attacks in an unpatched state. Linux is *not* a panacea against threats (and only idiots portray it as such), but it is a very different threat profile than a Windows machine.
Re:Are you on Drugs? Adios Mod Points... (Score:5, Informative)
Complexity does not equal elegance. If you find yourself uttering something as foolish as "prohibitively more elegant", you've stumbled into that territory.
Indeed. It would appear that the world has moved on since you last looked at "Linux" in the 90s. POSIX 1003.1e/1003.2c access control lists: http://www.suse.de/~agruen/acl/linux-acls/online/ [www.suse.de]
Re:Are you on Drugs? Adios Mod Points... (Score:3, Informative)
That's simply false, unless for some stupid reason you're using an antiquated filesystem. There is full support for file-system level ACLs in Linux. For example, XFS [sgi.com] supports POSIX ACLs, and the SuSE folks include instructions on implementing POSIX ACLs in Linux (pdf) [www.suse.de] on a couple of different filesystems in their administration guide.
It's not like this is particularly new, either. It's just that you aren't forced to use ACLs, and by default they are configured to be ove
Re:Backup (Score:2, Interesting)
Who determines what the emergency is? The system itself? If there really is an "emergency," will the system even be in a state to realize it? The last thing users need is to be lulled into a sense of security by automatic backups that can't be retrieved when you really need them.
Get a mac (Score:2)
As for locking it away add something like the following to your cron jobs running as root:
find / -depth | cpio -dpl
this makes a virtual backup of your files sufficient for most user's anti-viral backup needs. It does not protect you a
Re:Backup (Score:2)
The core technical idea of FreeNet is an excellent one,
Re:Backup (Score:5, Interesting)
and you get a day by day (or however much you fancy) snapshot so you can roll back your files to any snapshot in time you have recorded, on a process by process basis. I.E. you can have two different days open at the same time in different processes.
And, to add compliment to health, it doesn't use up extra space but uses Venti [bell-labs.com]
Venti is also available for Unix-likes via plan9port [swtch.com]
while I'm here, plan9 is secure BY DESIGN. No super user, networked authentication, networked file storage, diskless terminals etc. et bloody cetera.
Re:Backup (Score:3, Interesting)
I have a number of Unix/Linux users who use their systems as desktop workstations and don't use root (at all - I set them up and do all maintenance remotely)
Their systems do daily backups of home directories to a protected area that is read-only by their IDs. Whether or not the overall systems are less virus/worm prone is not really the issue, the fact is that only an attack that can get root access can actually do (locally) irretrievable damage.
The better thing IMHO about Linux/
I'll Field a Few Questions (Score:4, Insightful)
If "Johnny's first day at school" is more important that system critical resources, perhaps you should have hard copies (CD, DVD, tape, etc.) of this media.
You're right, you should make backups. You have a love-affair-dependency on your hard drive. Everyday you need it to retain the ones and zeros it holds that forms your data. One day, your personal hard drive isn't going to be there for you. That's why you should back up regardless of how secure you feel. Most "normal home users" don't have redundant RAID arrays running. Furthermore, it isn't "secure period," it's touted to be one of the most secure operating systems. Wait, weren't we talking about Unix?
I don't think anyone but Mac users claim that. And anyone that claims that for any processing device is lying to you. There are Linux Viruses [viruslibrary.com] out there, just use your favorite search engine.
Oh good, we're back on Unix here (they're not exactly the same, you know). I disagree, both sides (user and system) are more secure in the case of Unix or Linux for that matter.
While this might be true, I think you should take into account the frequency of said viruses [theregister.co.uk]. When's the last time a massive virus attack has taken down entire networks of Unix machines? So you talked about Unix security without quoting a single authoritative source on the issue. And to finish off this article, you rely on a one-hit wonder brit pop band to prove your thesis. May Slashdot have mercy on your soul, Thomas. Endure the onslaught.
Re:I'll Field a Few Questions (Score:3, Insightful)
So, in effect, the user who was attacked was quarantined, making things _more_ secure.
Re:I'll Field a Few Questions (Score:2)
Mac users don't think their system is immune (at least not intelligent ones). They just know that because so much OSS software is included, the patches for vulnerabilities tend to come quickly.
And there's no point in paying Symantec for virus software that quarantines the swapfiles anyway.
Re:I'll Field a Few Questions (Score:3, Informative)
Re:I'll Field a Few Questions (Score:5, Funny)
I don't know if it was intentional or not, but that's pretty funny.
It's not funny ... (Score:3, Funny)
Still laughing?
Re:It is funny ... (Score:2, Funny)
Yes, thank you. This time at you.
Re:It's not funny ... (Score:3)
Re:It's not funny ... (Score:3, Informative)
Re:It's not funny ... (Score:3, Funny)
Re:I'll Field a Few Questions (Score:2)
Re:I'll Field a Few Questions (Score:5, Interesting)
I think it is tautologically true. Devastation is a noun, like "unique" that does lend itself to qualification. I think it's also true that Windows users meet with devestation and the hands of malefactors much more often than Unix users; in part this is due to the prevelance of Windows of course. But it hardly explains the mountain giving birth to a mouse response of Microsoft when it comes to improving the situation for their users.
There probably isn't a single kind of vulnerability in Windows that has not been in Unix. The only difference is that in Unix is a choice and Windows is a fact of life. Providers of Unix compete with each other, whereas Microsoft, while it may labor mightily on various things, only works barely hard enough to make life bearable. Nor should we expact it to do "better"; as a business they do what the market tells them to, and if the customer bears much, then the vendor does little. I was fascinated during the MS anti-trust trial of the idea of splitting MS up into competing windows providers. If there were competing providers for Windows variants, Windows would be ust as good as Unix, possibly better.
I expect as more customers desert Windows for Linux (there is no place to go but up), Windows security will improve greatly.
I am reminded of Lord Macaulay's speech on copyright, in which he explains that perpetual copyright is bad for books, "I believe, Sir, that I may with safety take it for granted that the effect of monopoly generally is to make articles scarce, to make them dear, and to make them bad. "
and one egregious error (Score:5, Insightful)
An analogy one might usefully make is to the highway: good system-level security is like a well-designed, well-lit highway. Sure, the user (driver) can still kill himself, but he has to behave unusually recklessly. On the other hand, poor system-level security is like a rutty, unexpectedly curving dark country road. Even reasonably careful drivers at moderate speeds can get in trouble.
The guy is focussing on the fact that in both cases the driver can get himself killed. But that isn't the whole story. One "road" (system) makes it easier for a moderately careful "driver" (user) to survive. The other puts even careful "drivers" at risk. And, of course, there's the obvious fact that no "road" (system) can possibly protect the completely reckless "driver" (user).
Linux is only EFFECTIVELY immune. (Score:5, Interesting)
Viruses only spread when their infection rate EXCEEDS the removal/immunization rate.
When the infection rate is lower than the removal/immunization rate, the virus dies.
With most current versions of Linux, the default security configuration means that it is very difficult to infect a machine (not impossible) and very easy to remove the infection.
Before this "InterWeb" thingie, I was cleaning boot sector viruses from DOS machines that required someone to have booted from an infected floppy.
Linux boxes CAN be infected, but the odds of it happening are very, very slim.
Haha (Score:5, Funny)
Pointless (Score:3, Funny)
Re:Pointless (Score:3, Informative)
Re:Pointless (Score:2)
--dave
Re:Pointless (Score:2)
I'm not a Super Linux Master(tm) and doubt I ever will be, but I can say that Linux is more fun. Recently I got a copy of DSL, and it's cool. It's quite nostalgic to boot up a computer with only one disk. Reminds me of my old 8086 I used in high school. Two floppy drives, no hard drive, and it even had a dot matrix printer. Computers like that are just more fun...ok, so I'm weird.
Re:Linux at home (Score:3, Interesting)
There is a good wikipedia article on this topic actually. [wikipedia.org]
In my own personal opinion, the generically asked question - "What is Unix?"
Doesn't Matter So Long As It Works (Score:5, Insightful)
and a triumph for the home user. If you had to choose between having a virus that both destroys your personal files and compromises your system or a virus that only destroys your personal files, which would you pick? He's making light of a very significant thing for most home users--a full wipe and reinstall of the operating system and applications. That's a day's work for your typical user, more if you have a bunch of programs you need to go hunting for.
But what is more important to a home user? His or her own personal files, or a bunch of system files? I can answer that question for you: the pictures of little Johnny's first day of school mean a whole lot more to a user than the system files that keep the system running.
What's the value of Johnny's first day of school photos if you can't boot the damned computer? Again, the author makes light of the value of the system to the home user. Just because John Q. Public cares more about his cup holder than his engine block doesn't mean he won't care when the cylinder head cracks.
Of course, they should make backups-- but wasn't Linux supposed to be secure? So why should they backup? Isn't Linux immune to viruses and what not? Isn't that what the Linux world has been telling them?
Actually, no. I have yet to speak with a single techie who says that you don't need to back up important files under any circumstances. In fact, viruses are almost always a "secondary" reason for backing up files; the primary driving reason behind backing up your files has traditionally been that of hardware failure.
The crux of his entire argument rests on the supposition that, to the home user, the system simply doesn't matter. In a most cosmetic sense, this is true; home users don't give a damn about kernels and drivers. The instant something goes wrong with that system, however, it's a nightmare for that archetypical home user (who, remember, doesn't know and doesn't care how the thing works). When everything works, they can open and print Johnny's files just fine, but what the heck are you supposed to do when the omgwtf32.dll pops up an error message when you try to open Johnny's picture?
Re:Doesn't Matter So Long As It Works (Score:2)
I think you give that author way too much credit
Re:Doesn't Matter So Long As It Works (Score:3, Insightful)
Actually, for "your typical user", it's a lot worse than that. It's dropping the computer off for a week or more, paying $100 or more, and getting it back not working the way you want it to, and struggling to get your settings and preferences and programs back the way y
Re:Doesn't Matter So Long As It Works (Score:2)
On a traditional university or engineering system, files are routinely backed up, and the design of Unix kept anyone but the admin from breaking anything system-wide or for other users.
On a home system, files are almos
Re:Doesn't Matter So Long As It Works (Score:3, Insightful)
Re:Doesn't Matter So Long As It Works (Score:2)
Amen brother... having personally experienced two catastrophic hard disk failures... I don't want to go down that road ever again... I save important stuff off to cdrw AND usb sticks and also u
Re:Doesn't Matter So Long As It Works (Score:4, Insightful)
System files are fungible; user files are not.
If my OS gets trashed but my photos are unscathed, I can still view them if I rebuild the OS using the install discs -- or I can even switch to a different OS entirely, and the photos will be viewable there. It may take some time to recover, but it's possible and even likely.
If my photos get trashed, though, and I don't have a a good backup copy, they're gone forever. There's nothing that can be done.
Re:Doesn't Matter So Long As It Works (Score:3, Informative)
If you get hacked you need to reinstall your OS, no matter what. There's no way to kn
Open Source (Score:2, Insightful)
The ability to change and fix problems within the code? I mean I'm not a top level programmer who is constantly editing his kernel source code, but I have changed quite a few applications to benefit my needs.
Bastille-Linux (Score:3, Insightful)
Re:Bastille-Linux (Score:2)
If you are willing to run Bastille-Linux (hardening script, really, and not only for Linux) why not install OpenBSD [openbsd.org]? Hardening scripts not supplied by the Linu distro has a tendency to make administration harder and break your installed
Wrong. (Score:5, Insightful)
Re:Wrong. (Score:5, Insightful)
So a libpng buffer overflow, allowing a png image rendered in mozilla to execute code can't be harmfull? Sorry pal, but this is not a problem with the OS, but the applications and libraries.
Security from the ground up? (Score:2)
How hard would it be to start fresh, apply the Linux method to MULTICS or something like it, to have a an networking-oriented o/s with comprehensive security?
I know, I know: commitment of effort and resources is the main issue. I am just hoping someone is already doing it somewhere...
Re:Security from the ground up? (Score:2)
Yes Unix was inspired by Multics. I don't know about the security of Multics, Unix was written by Kernighan/Ritchie because they saw defiencies in Multics. I believe Multics didn't have a good scheduler, it slowed down with multiple users, and back then when computer time was alloted, that meant everything. I don't think security was a particular problem like it is
less risk of any holes being exploited (Score:3, Insightful)
Unix can be hacked/cracked too, just there's less likelihood and there less risk associated with running a *nix based O/S.
His objections are utterly unfounded (also stupid) (Score:4, Insightful)
This idiot is stating that because some users don't understand the UNIX security model, the UNIX security model is flawed. Apparently, as far as he's concerned, if ~ gets destroyed, the whole system may as well be destroyed. He's blathering about a "false sense of security," but I have never, anywhere, ever, heard anyone say that you don't have to back up your data if you run UNIX.
Sound and fury, understanding nothing. Typical of OSNews, but sad that Slashdot's carrying this crap.
Isn't that obvious? (Score:5, Interesting)
But why would a home user care about Unix-type security? I'll give you a few reasons of my own.
(a) Smaller target. Yes, that's right, I'm saying that the largest increase in security that home users get is because they're using something that 90% of the home user market isn't. This isn't a feature inherent to Unix, obviously--but I still think it's a reason to switch. "But if everyone switches, won't that get rid of the security increase?" Perhaps a little, but the only way it would completely vanish is if everyone switches to the same flavor of Unix. If we have a Unixy, more secure home computing environment, but slightly different flavors, then viruses and malware will have a more difficult time propagating in such a non-homogenous environment.
(b) Remote exploits. This, I think, is a lesser issue, but not a trivial one--there are a considerable number of remote exploits in Microsoft software, and there have been a non-trivial number of viruses and malware that spread through this vector. Unix-based systems are historically less vulnerable to such attacks, and often the remote processes that are vulnerable run under a different user than the desktop user anyway.
Dlugar
Re:Isn't that obvious? (Score:2)
From a home user standpoint there is only one reason to use linux/unix when mac is available, if you want a free OS, but if you're coming from windows, you should be used to paying for your os.
(yes i know mac runs linux whatever underneath, but from a home user standpoint, this is irrelevant)
Come on guys (Score:4, Insightful)
Are the editors even paying attention here? How can a 500-word, Grade 6 public speech-quality editorial makes it to the frontpage? Where is the quality here, folks?
J2ME security (Score:3, Interesting)
Now, J2ME is a flawed platform in many ways, but in terms of security they're light-years ahead of where desktop computing is. There are many things we could learn from it.
Just the fact that... (Score:2)
Don't even get me started on the stupidity of how installing an app in windows allows it to extend the whole OS.
Derr (Score:2)
Now, workstations, with actual valuables on it and that are needed for day to day operations of the company, need to have better security than just a NAT box and Norton.
And servers, where Unix really excels, let's just say Bank of America ATM's down because of a SQL Server Worm and leave it at that.
Home users? Who cares? I work from home and h
Unix was a joke for years (Score:3, Insightful)
Its laughable today because it was before the holes in Windows2k were discovered but there is some truth. VMS and MVS were standard and rock solid with security. Unix like Windows was written in C with parts of c++ scattered here and there with userspace apps. Buffer overflows galore are everywhere.
Even MacOS (not Macosx) was more secure for the reason that it did bounds checking on types. Add to that the fact that x86 can not tell the difference between cache stored for ram and cache stored for applications where you can just point to where a program is stored for execution and you have a nightmare on yoru hands.
Keep in mind I am no expert and I dont even have my 2 year degree yet. Perhaps someone more knowledgable can clarify how the compilers work?
Unix is surely better than Windows but VMS is about gone and who uses mainframes anymore besides a selected few users who need them?
Standards are good but there is no diversity left in platforms. Its too bad VMS just died and stayed closed. It would be nice to have something besides just unix and Windows
Re:Unix was a joke for years (Score:2, Informative)
Windows NT and VMS are cousins (Score:3, Informative)
Classic "Straw Man" argument (Score:4, Insightful)
Unix Security: don't believe the FUD (Score:3, Interesting)
Windows situation, While trying to download hotmidgetdonkeypornheaven.exe, Little Johnny accidently picks up uber.worm. Uber.worm deletes Johnny's files, suzie's files, mom's files, dad's files, system files, makes the system useless, and you go from a windows computer to a nice paperweight until you reformat. *nix situation, While trying to download hotmidgedonkeypornheaven.sh, Little Johnny accidentally picks up the uber.deletion.script. Uber-del deletes johnny's entire home directory!
Of course, Mom, Dad, and Suzie are entirely unaffected because Johnny doesn't have permission to overwrite those files.
Wonder why the asshat, er, I mean, article writer didn't bring up that snippet?
catch NullObjectBetweenEarsException { (Score:2)
He's just a kid (Score:4, Informative)
His 'OSNEWS' bio: http://www.osnews.com/editor.php?editors_id=11 [osnews.com]
I was doing systems programming on UNIX BSD 4.2 Tahoe when he was born.
I am surprised that his article was even published/posted, I can't really even see his argument or what point is he trying to make. Oh that's right he's a 'managing editor' WTF?
Back to work.
Re:He's just a kid (Score:2, Interesting)
Diseases that kill their hosts don't spread well (Score:2)
See, for example, this thread [google.com].
Successful malware tries to hide itself and keep the user from noticing anything's amiss. This is much much harder if you can't subvert the OS.
A real issue, but with an obscure solution (Score:2)
This is a very good point. Due to the cracker/virus having the same exact privileges as the user who was infected, it/they get access to that user's files via UID. Other than setting up a special account to browse the net with, there is no solution to this problem on a Unix system.
Or is ther
Not true at all (Score:4, Insightful)
However, in UNIX culture, there is something. The first rules of security.
First, the default installation should not act as a server operating system. The system should not respond to ANY outside requests for anything unless enabled to by the system admin.
Second, no action on the system should be performed with any more than the minimum set of privileges necessary. Everything should be done with user privileges, not system privileges, unless absolutely necessary.
The use of these basic security rules applied more or less throughout the UNIX world, and for MAC OS X as well. Windows INTENTIONALLY ignores these rules in order to "maximize the user experience", and in doing so spawned a multi-billion dollar anti-virus industry.
Hmmm (Score:2)
Huh? It's the applications, stupid. (Score:2)
Huh? Maybe that's the talk among the amateur kiddies on IRC and Slashdot.
However, of all the professionals (Software Engineers) and academics (Linguists, Sociologists, etc) I know that use UNIX desktops, not one of them has told me they use it for the security -- they use it for the applications. Security is an afterthought for most people. Instead, they use it because it offers an environment in whic
Security?! (Score:3, Insightful)
For most home users THAT'S important (bank details, order details, hell even my address and phone number). You imagine how well a phishing attack would work on most users if they knew about open orders (from say Amazon) by reading your files. I think that's much more important to most users!
Of course we all backup our files! Jeesh this is
He misses a big benefit for a "Family Computer" (Score:4, Insightful)
Sure poor computing practice by the user that owns the files could result in their destruction. Nothing gained versus Windows there. But in a family computer scenario, more is gained than the author admits. On Windows systems, many programs are (mis-)designed to require administrator rights even just to run them. This is not generally the case on UNIX-derived systems. As a result, accounts for family members will often be in the local admin group. So on a family computer if you give Little Johnny an account to run his software and play games, and he goes and downloads the latest malware and runs it, it can nuke your data as well as his.
Under a typical scenario under a UNIX-like system he can only destroy his homework and saved games, not your pictures of his first day of school along with them.
That's got to be a non-negligible benefit to the family user that the author completely discards.
Bravo (Score:2)
Ooooh but wait a minute. A typical home user wouldn't be concerned with group policy. Let's please compare apples to apples, or at least try.
I think we should replace the word "security" with "awareness". I am aware of certain things, so I run my Windows XP pro laptop a certain way. I choose Linux for my home workstation. A typical home user isn't awar
Good article for 1982 (Score:5, Interesting)
Another thing he does not account for is time. Time is a valuable commodity to all users, and anything that can prevent a virus or spyware from reaching further into the computer reduces the amount of time and knowledge needed to remove probelms from the system. That is at the core the value that UNIX brings to the security equation. Not absolute protection but like a teflon pan, easier cleanup when you do create a mess.
And last of all by not explicitly mentioning how much more inherantly secure UNIX systems are that start off with a base of no open ports are. Sure spyware and viruses can get in through the browser, but it's a much harder attack route than just scanning and finding a hole wide open that requires no effort on the part of the computer user to install.
In the end his rant boils down to noting that users should really back up files often - but even this message is dated, as a few years of sketchy consumer hard drives with short warranties has started to drive home this lesson in spades through failed hard drives. Forget hackers; little johhny's pictures today are in far greater peril from a simple lack of using the CD-burner.
I didn't RTFA (Score:2)
I'm sorry, but spyware makes UNIX superior (Score:3, Informative)
The 1990s called... (Score:3, Insightful)
As far as the rest goes, the data are very important but people don't protect them well in any case. However, downtime is important - or not really downtime, since they can spend a week to have it fixed - but every time they have to get someone to fix it, that is a big annoyance. If you can keep the system clean (and if you're good, have the Admin/root account take backups to somewhere the user doesn't have access) you're saving yourself a bundle of time and problems.
Four points. (Score:3, Interesting)
Secondly, as someone who has seen trojaned PC's I can tell you that being used to spam viagra ads to the western world does have a practical cost for non-techs. While some trojans may leave the files alone the fact that a) all security is compromised, and b) your hardware is being used by others without your consent or knowledge; is meaningful to everyone. In this arena *NIX systems do have a significant leg up over windows. It is much harder for an errant e-mail to lead to a full system compromise on *NIX than on Windows. That having been said I can see how a user-specific trojan may do as much damage.
Thirdly, the author seems to be ignoring the truest source of vulnerabilities: applications. While the base OS is an issue the primary source of holes are applications (Outlook) or application-components (WMF). A *NIX system can be as insecure as Windows with respect to these. However a) There is a greater offering of secure forms, and b) *NIX's more modular form and coding traditions (sacrifice features for security) make it (in general) less suceptible to these kinds of problems.
Fourthly, Windows is developed on a different model from *NIX. Microsoft has always put new features first and foremost. This has led to the situation specified above.
That being the case, much of this is tradition. The traditions of Unix Development (Security over Features) versus Windows (Features over Everything) is what has led to the current state of affairs. Microsoft is in the process of learning the long hard lessons of their history and has been attempting to ape the *NIX model more closely. Meanwhile some in the Linux community have begun arguing that they should move to more "Feature Laden" distros like windows. If Microsoft succeeds in its painful changes and Linux distros begin chasing the "I want features now" crowd then the equations may reverse themselves.
Car Analogies for Operating Systems (Score:5, Funny)
In fact, you could debate this for any OS. Here's how I see the best use of each OS:
Linux - Great development platform. You can easily install it on a laptop and get most things to work like they would even though it was "designed for XP" (e.g. power management). Linux is also a great virtual private server. A VPS is a Linux instance running in a VM like User Mode Linux. You can serve Webmail, SMTP, php apps, mysql, imap, etc for your personal use for $20/mo. As car analogies go, Linux is a Ford F150 pickup.
Windows XP - Required corporate desktop. XP provides integrated security with ACLs on a wide variety of resources with all groups managed by a central authority with UIs to manage accounts. As a car XP is a like a fully loaded Mercury Montego sedan (it has all the amenities but don't expect it to be running in 5 years).
Windows Server - Good corporate application, file and print server. It has a rich highly integrated set of libraries. Required for running server side applications for XP clients such as Exchange and AD. Windows Server is also like a Mercury Montego sedan except it costs a lot more.
Solaris - Rock solid server application platform with world class support. If you don't need the sophisticated APIs provided by Windows Server then Solaris is a very good choice. Solaris is like a large Frietliner flatbed truck with GPS tracking and 24 hour roadside assistance.
Mac OS X - Home PC desktop. OSX is ideal for the casual home user who wants to create a web page from the photos on their digital camera or play their guitar with sound loops in Garage Band. Mac OS X is like a Lexus RX 330. Every respectable yuppy has one.
FreeBSD - Good HTTP server for the Internet. It's also a good alternative to Solaris as an application server platform if you're trying to save money and don't need it to scale to 16 processors. FreeBSD is like a Toyota pickup.
The solution is snapshots (Score:4, Interesting)
Now, obviously, we would need a way to prevent a malicious program for also corrupting the backup snapshot - maybe some password that is specifically for the modifying and changing of the system snapshot.
I doubt that MS will ever be able to make an OS as secure as Unix as long as they have to provide the level of backward compatibility they do. What they could do, however, is mitigate the risk by giving us a way to get our PC back to it's pristine state without all of the trouble of app reinstalls and haphazard backups/restores. The limitation always was the hard disk space this would entail and that limitation has been blown away by modern HDs...
That Old Thing Again? (Score:3, Informative)
Marketshare is a straw man argument (Score:3, Insightful)
But this does not explain why the exploits which provide vectors for attack exist. Perhaps marketshare plays into this as well where developers at MSFT have become lazy and complacent with their commanding market position.
Let's stop blaming users for security problems and lay blame squarely on the developers themselves. If any company deserves a class action lawsuit, I would say MSFT does when you consider the amount of money spent compensating for their incompetence.
Windows is only worth using (Score:3, Informative)
I repair many of desktop and notebook machines. Three last week - this is Monday and I already have two machines waiting for this week. This is not my main business - people only bring me machines after other people already tried and failed to fix them.
To fix a borked notebook PC and remove all spyware crap, takes 3 to 10 hours. Repairing a desktop takes 2 to 3 hours. The problem being that notebook PCs are slooooowwww, so the repeated scans take forever and Spyaxe and similar crapware requires multiple passes and multiple reboots with multiple scanners to remove. Consequently, I spend 10 to 20 hours per week removing crapware from Windows PCs.
In contrast, I never have to remove crapware from Linux PCs and notebooks - they just keep working - chalk up zero hours to Linux repairs. This means that in practice, Linux is infinitely more secure than Windows.
Nuff sed.
Re:Interesting (Score:4, Insightful)
1. While there is a great deal more Windows around than UNIX, UNIX is where the money is. If you want to extract large sums of money or steal swathes of identities then UNIX servers tend to be the systems hosting these backend services. So UNIX should be the target of hackers wanting to make serious money while much of the Windows activity is concentrated on hacks designed to produce the maximum public impact most of which cost because they down systems rather than extract cash from systems. The fact that almost all the money making hacks concentrate on Windows is testiment to the factthat it is difficult todo on UNIX.
2. Much of UNIX is OpenSource or available as source code, despite this there have been very few examples of ethical hacks or demos of vunerability that have been viable generated by security research companies or ethical hacking groups.
3. Stack overflow holes account for a huge chunk of the Windows vunerabilities mainly because Windows and x86 lack generic protection against these specific overflows. This is not true of UNIX particularly if it isn't running on Intel. Solaris for example has specific controls which limit the options for stack overflows as does the SPARC processor. These controls make it more difficult for hackers to generate exploits that remain viable.
4. There have been vanishingly tiny numbers of viable reported UNIX virii, none in the case of Solaris.