One of the biggest reasons for many people to switch to a UNIX desktop, away from Windows, is security. It is fairly common knowledge that UNIX-like systems are more secure than Windows. Whether this is true or not will not be up for debate in this short editorial; I will simply assume UNIX-like systems are more secure, for the sake of argument. However, how much is that increased security really worth for an average home user, when you break it down? According to me, fairly little. Here's why.
Post a Comment
Member since:
2005-10-01
Fans: 0
Member since:2005-06-29
Fans: 5
Hypothetically a dumb user would save the file, make it executable, and then run it purposefully. I don't know about anyone else but that sounds like a lot more trouble than it's worth for free porn of Miss Lebanon 2006 (alluding to Kama Sutra worm for those who don't know) when porn sites are much easier to get to.
In Windows the process is much easier, get the e-mail with promise of free porn, click the attachment, choose the open option and you're infected.
Really the lowest common denominator in malware is dumb users, the worst security hole is simplifying things to accomodate them because in the end you're just making it easier for them to get their computers infected.
Member since:2005-11-13
Fans: 3
1. How would a *nix user get the virus?
2. How would it excute?
Probably through some application (especially media program) that has some buffer overflow exploit that allows remote execution of code. Either that, or social engineering.
That second one is the one to be most concerned about. In order for Linux to work for the masses, it has to be easy to install and run applications. And once that is possible (it probably is already) and you put Joe Sixpack on it, all I gotta do is send him an email promising him nude pics of J-Lo and all he has to do is execute this file. And presto .. you've got an epidemic on your hands.
Of course, Unix/Linux is more secure than Windows. But keeping a Windows box secure isn't that complicated, as I've said before. If I could spend about 30 minutes with each and every Windows user and install Firefox or Opera for them, Windows security issues would be pretty much non-existant.
Member since:2005-07-06
Fans: 13
Clearly you have not got a clue what you are talking about.
You can send Joe Sixpack an email with malware on it. It will not run. It has been said before over and over, there will be no execution rights on attachments.
Social engineering would work of course, you can get some dopeydick to type rm -f * as root with silly promises, but that is not a fault of the system.....
There is a fundemental difference between Windows and Linux.
Around 1994 Bill Gates & Co. decided that making everything automatic was good for the user. this is the root cause of all the problems with Windows.
You can spend all the time in the world with Windows users, and convert them to Opera and Firefox all you want, however, the problem is just not with the browser.
Windows has problems with email, messengers, browsers and media players, all having access to the system areas and all being able to interoperate with each other.
People do live with their head in the sand. Windows can never be secure if Microsoft are trying to make it as easy to use as possible. Linux and Unix are ultimately more secure because they have been designed with security in mind from the ground up.
Member since:2005-07-06
Fans: 11
Member since:2005-07-10
Fans: 1
AdamW,
"1. www.reallycoolsoftware.com/shinythings.rpm
2. double click the rpm"
You seemed to have missed some other security points related to package management in Linux distributions. After doing what you said the Linux distribution would first request a Root (Administrator) password prior to opening the package manager such as YAST. YAST would then verify the digital signature is valid for the package, check for any dependencies/conflicts and install the software. Unlike Windows where the user double mouse clicks on the "packagename.exe" and it installs to the system. By defualt installation set-up Microsoft makes all users for Windows have Administrator (Root) access and leaves it up to the end user to create Limited User accounts. This is unlike Linux distributions where users are set up in the beginning to have Limited User rights.
It is typically a Windows system Administrator headache to get applications to run properly on Limited User accounts with out opening to much security. Hopefully when Windows Vista is released Microsoft will hold true to their promise to make the system more secure unlike how it is today. Such as everyone runs as Limited Users by default, except the Administrator account which is not visible and only accessible with the Administrator password.
Member since:2005-12-28
Fans: 0
Member since:2006-02-06
Fans: 0
You've obviously got no idea of how an rpm is installed. A user would have to have administrator level priviledges to install anything. Also, it's a pretty strange *nix system that would actually work by simply clicking on the file... Every setup I have ever seen required the user to follow through with some type of package manager (YAST, ap4rpm, SOMETHING) and that exponentially reduces the chances of this happening. Besides, again we are talking about user abuse of the system, something NO OS, EVEN LINUX, BSD and the rest of the *nix, can ever do and still be a useful tool or toy for the user.
Member since:2006-01-06
Fans: 7
Virus writers are a bit more clever than you're giving them credit for. They don't need to execute their code from a rpm at all. The best choice is from firefox or another browser. They can trigger a buffer overflow and then use that launching pad to trigger additional buffer overflows in the Linux kernel (they have to find them first, but nobody should be daft enough to suggest that they don't -- or can't -- exist), since one was found as recently as November 2005 (http://secunia.com/advisories/17384/).
Member since:2006-01-09
Fans: 3
Member since:2005-07-02
Fans: 23
Member since:2006-02-06
Fans: 0
Actaully, it's fairly simple.
1) Use any java version released before 11/29/05 and visit page hosting malicous applet.
2) The java vulnerabilities allow the applet to bypass the java sandbox and execute anything it likes in the context of the java process (usually user).
There are numerous examples of windows java malware utilizing runtime.exec() which could work just as easily on *NIX.
Member since:
2005-10-20
Fans: 0
...it is black, I tell you! Because lot of people says so, it doesn't mean to be truth, does it?
<sarcasm off>
And while I just reading this, I could clean my computers from viruses, adwares and that junk...wait a minute, I don't have to. Ohhh, I DON'T use Windows.
I just tired from such stuff. Yes, we all want fame, we all want to claim such big things like this want and earn some moment of fame...but there are things which it is as it is. You can flame away, claiming that Windows is most secure operational system ever, but it is not. It is totally absurd to saying things like that, according to common knowledge.
No virus can install himself on my OS X and Linux/BSD boxes. None. And there comes hint of the story.
Member since:2005-06-29
Fans: 20
You can flame away, claiming that Windows is most secure operational system ever, but it is not. It is totally absurd to saying things like that, according to common knowledge.
Where did I mention ANYTHING about Windows being secure? I even SPECIFICALLY mentioned that stuff at the intro!
Look, this article is about the false sense of security; not about X vs. Y. Not everyone gets stuck in that stage.
Member since:2005-07-06
Fans: 13
It was a good article about *nix users false sense of security.
I am one of them users....
It is true that if you downloaded malware, gave it execution rights, and run it, it could damage all files in your /home
but you should always have backups, even if the system is secure, just in case of a hardware failure.
another thing.... do not let ANY program run from your /home
Member since:2005-07-24
Fans: 0
another thing.... do not let ANY program run from your /home
imho you are overrating the value of that restriction, and don't seem to appreciate the merit of installing things in a homedir.
Though not allowing executables in homedirs is a possible layer of defense, it's not a very strong one. If an exploit can write a malicious executable file, it can probably also append something to your .bashrc, for instance.
On the other hand, being able to install stuff in your homedir prevents it from contaminating the rest of your system - who sais this installation procedure will restrict itself to /usr/local as advertised?
Member since:2005-11-19
Fans: 0
Uh...if its a deb or RPM I can expand it and check, and if it is a script, I can look at the lines of the script.
I can also set up a *different* home dir/user for a suspect program to run from, or even do it in a chroot where there is no possibility of it affecting the system.
What else can you want?
Member since:2005-10-06
Fans: 0
A significant part of that security, Thom, is from the simple fact that at this time there are no virus' for linux. Or practically none, I do not know any. There's little or no malware targetted at linux OR osx.
But I am curious, how do you suggest fixing this security hole. Demand a password for every file in your own home you access? Prevent programs from accessing your home?
I am not sure...
RE[2]: Yeah, don't believe that white is white...
Member since:2005-06-29
Fans: 20
Member since:2006-01-11
Fans: 0
Yes of course, because it's perfectly fine to make things up when you want to make a flamebait article, but not when I want to prove a point.
You've completely failed to show any source for your alleged "false sense of security", you seem to react pretty badly when someone makes up things that you don't approve of.
Consider yourself warned as well... that people are going to start noticing that you're a rabble rouser and a bullshitter if you continue this way.
RE: Yeah, don't believe that white is white...
Member since:
2006-02-05
Fans: 0
Member since:2005-06-29
Fans: 20
Member since:2006-02-05
Fans: 0
Member since:2005-11-14
Fans: 0
Member since:2006-01-12
Fans: 0
Member since:2005-07-06
Fans: 0
Member since:2006-01-12
Fans: 0
Member since:2005-07-06
Fans: 0
You're incredibly naive (in fact I don't think you are, this is really a bash-anything-than-Windows article, nothing more) if you think that you can fix that via software: what you're asking for is not a secure operating system (there already quite a few if you care to look besides Linux/BSD), but a cure for stupidity.
There is no way you can prevent people from harming themselves in a zillion different ways, even installing a full AI telling the user "Look, that is not a pron movie, it's a virus!" wouldn't work because how many users would choose not to believe it?
Unless, of course, you really want users treated like idiots, kept in their sandbox where only approved software could run (approved by big brother Microsoft, who else?) thanks to TPM chips and an operating system that will decide for you what you can and cannot do: is that the "future of computing" you'd like, Thom? It sure sounds you can't wait to have your hand held by Microsoft ...
rehdon
Member since:2005-07-02
Fans: 23
There will always be people clicking on "GET FREE PRON HERE FOREVER".
Even then, these won't execute unless the player specifically tells the OS to (by setting the execute bit on). That extra step is enough for most people to go "wait a minute..."
The fact that you can make a file executable simply by giving it the appropriate file extension makes a HUGE difference as far as home users go.
Also, realize that most viruses don't wipe out directories anymore - they are used to set up spam bots and network relays, etc. These require Admin rights, and are much more likely to affect Windows-based system than UNIX-based systems.
So while you make some interesting points, ultimately your conclusions are wrong. The UNIX model is in fact better for home users, though they should of course always backup their personal files, whatever the OS (and not only because of malware - disk drives fail, that's an inescapable fact of life...)
Member since:2005-07-21
Fans: 0
The pointis that from a practical perspective for homeusers wether or not their computer is spreading is irrelevant compared to their personal folders.
And backing up personal data is like righting perfect C++: everyone talks abotu it and knows they should but in reality no ones does so it's not worth counting on.
Member since:2005-07-07
Fans: 0
And backing up personal data is like righting perfect C++: everyone talks abotu it and knows they should but in reality no ones does so it's not worth counting on.
They WILL lose their data then eventually. It's stupid to claim that backing up data is not a solution. Hardare, especially hard drives, will die eventually. Malware is always a possiblity but hardware failure is gauranteed.
I set up a script to back up my data every night. I never even have to think about it other then checking on my backed up data every once in a while to make sure it, and the drive it is on, is still good.
Member since:
2005-07-06
Fans: 11
I've been saying this for a while now. Most people don't care about the system, just THEIR files.
Now, this isn't to say the UNIX model isn't BAD -- it's not. In fact it's good, especially for what it's designed for, and that's multi-user systems. If one user runs a bad program, it can only hurt them and not the other users no the system (exploits aside), and this is great especially for businesses. At work, no one can delete my files, even if it's acidentally -- awesome.
The UNIX security model isn't intended to make the user immune to viruses, but the system. It does make it harder for users to run a bad program (execution bit) though.
It's not that the Windows security model (MODEL, exploits are a different story) is bad either, but that it's not enforced like it is on just about any UNIX system. In fact, it's more granular than UNIX, and that is very useful. Of course, they couldn't enforce the model without pissing off a lot of peolpe because and breaking so much stuff -- not in XP at least. The time neccesary to make the changes needed to make the transition smoother made it not feasible to do for XP.
Member since:2005-11-11
Fans: 0
Member since:2005-07-06
Fans: 11
Member since:2005-11-11
Fans: 0
Member since:2005-07-06
Fans: 11
Member since:2006-01-09
Fans: 4
Yep, then it works great. I don't think that is the norm though. A lot of families have multiple computers or they don't use multiple accounts though.
Perhaps that's the norm on the USA. I know very few people here in Brazil who maintain (and can afford) several computers for each member of the family. The former is more common in here.
Member since:2005-07-06
Fans: 0
You're right in that home users require multi-user. To some extent anyway. Generally, you won't have multiple users logged in at the same time. However, you might have someone who is in the process of learning about computers who is doing a lot of messing around. No matter what OS you use, that could be problem, since someone who is learning could mess it up.
Fortunately... For home users there are other options besides relying on strictly the OS. There are hardware options as well that are explicitly designed for home use. I can't recall what they are called and I haven't seen them used often, unfortunately.
But what they do is split the computer up hardware-wise, so that the OS itself sees a different computer for each seperate user. That way, even if "the son" (you mentioned) runs the buggiest OS (or other software) in the world and somehow gets infected with a virus (or some other malware) it will not impact his father or other family members. Even if the son, decides to fiddle with various OSs or other programs that affect the system at a low level, he can't destroy everyone else's data.
In fact, I would recommend this to families rather than depending on only the OS. Much more secure than even UNIX could ever be.
The only problem is that such options are both uncommon and a little more expensive.
Member since:2006-02-06
Fans: 0
The execute bit in Unix™ and Unix-like systems (e.g. GNU/Linux) enables deeper protection. If email clients are configured to strip the execute bit, if the umask is set right, then Unix-like systems can avoid many hassles better than MS Windows™. If those valuable files are read-only, they are slightly safer -- till the disk fails.
But realistically, no OS provides a bulletproof casual/amateur user model. This is sad but true. OSes are designed by coders for coders, and George and Martha had best beware.
But again, the Unix model allows for a safe shell to exist. There might even be one, somewhere. But bash isn't it.
Unix has potential advantages. But, hard drives fail. Last week, I had my third hard drive failure. Nothing was lost. The OS? Windows™ 2000, actually. But I have backups, a firewall, AntiVirus, and paranoia. All of these are recommended to stay safe in the modern world, alas.
Member since:
2005-07-06
Fans: 11
Member since:2005-07-07
Fans: 0
Way to miss the point of his article guys.
Another self proclaimed security expert who doesn't know what security covers.
Way to miss the point of security meaning. Point he was describing is filed under ignorance and lack of knowledge. You can secure against this on any new OS (Vista, OSX and *nix, the only one who is doing realy bad here is XP and versions before). Security term covers completely different topics.
p.s. Article is UNIX Security: Don't believe the truth and not False "safe" for your home on UNIX
Member since:2005-07-06
Fans: 11
Member since:2005-07-07
Fans: 0
Member since:2005-07-06
Fans: 11
Well seeing as how a dictionary doesn't define terms like that, I checked:
Wikipedia:
"Computer security is a field of computer science concerned with the control of risks related to computer use."
And answers.com:
"The protection of data, networks and computing power. The protection of data (information security) is the most important."
Sounds right to me.
Oh, and sorry to burst your bubble buddy, but I've done security work.
Edited 2006-02-05 18:21
Member since:
2005-06-29
Fans: 1
Member since:2005-06-30
Fans: 0
Member since:
2005-07-06
Fans: 3
Interesting viewpoint, however, not one I can fully agree with. While I can agree to a certain extent that protecting the content of a specific user is important, UNIX and UNIX like systems (such as Linux, which is not UNIX) do provide more security in this area by making it harder to compromise the system to begin with.
So, a UNIX or UNIX like system does provide more security than Windows despite the fact that many of these systems do not provide automated backup or recovery systems. These systems also definitely provide more protection in the case of a multi-user environment. A compromised Windows PC is likely to ruin all files on the system whereas a UNIX or UNIX Like system in the situation you describe is likely only to ruin the files of the individual user that is compromised. Leaving the files of other users on the system untouched very possibly.
Additionally, UNIX systems such as Solaris combined with ZFS have the ability to provide instant filesystem snapshots which combined with the right software and tools could provide a reasonable solution to the situation you describe. In fact, I think it would be a great idea for someone in the Solaris community to write an automatic ZFS backup tool similar to Windows System Restore; only it should be designed to automatically backup important data and provide an easy way to restore it in the event of life's small disasters, such as the one described here, instead of just system files.
That is one area that UNIX and UNIX Like operating systems could focus on if they really wanted to add significant value to their products; making it easier for the user to maintain the integrity of their personal data in an easy to use fashion.
From the perspective that you shouldn't rely solely on the security of a UNIX or UNIX Like system I can agree with you. Of course I could say that for any operating system.
In the end, no matter what system you're running regardless of whether it's UNIX, UNIX Like, or Windows, you should be backing up data that is important on a regular basis. Hardware failures, accidents and other events in life can be just as, if not far more dangerous, than any virus that might ever infect your system.
Edited 2006-02-05 17:42
Member since:2006-01-06
Fans: 7
Interesting viewpoint, however, not one I can fully agree with. While I can agree to a certain extent that protecting the content of a specific user is important, UNIX and UNIX like systems (such as Linux, which is not UNIX) do provide more security in this area by making it harder to compromise the system to begin with.
Rubbish. Firefox and hundreds of other applications provide an easy platform for executing malicious code. It's no more difficult to trigger a buffer overflow in 'nix -- and thus execute code that blows away, modifies, or compromises user data -- than it is on any other operating system.
Additionally, there have been numerous buffer overflows in the Linux kernel (here's a recent one: http://secunia.com/advisories/17384/) that would, in theory, allow an attacker to compromise the system and elevate privilege. So, don't pretend that 'nix is more secure than any other operating system. It ain't. And that's the POINT of the article.
Member since:
2005-11-14
Fans: 0
I can see this will turn into a flamebait article, which was probably the intention...
Of course, they should make backups-- but wasn't Linux supposed to be secure?
Don't confuse security with user clumsiness.
Isn't Linux immune to viruses and what not? Isn't that what the Linux world has been telling them?
No one said Linux was immune to viruses. Linux just won't allow a virus to propagate efficiently due to the way it handles permissions, which makes it much better at containing the damage that a virus can cause than say Windows. This fact also applies to Mac OS X.
Your system is only as secure as the person who maintains it. Just because a person loses personal data through their own fault, doesn't mean the blame should be placed on Linux.
Member since:2005-07-06
Fans: 3
I can see this will turn into a flamebait article, which was probably the intention...
I don't believe that for a moment and it was rather rude of you to wildly speculate such. I think Thom is just trying to point out that the media and "fantatics" of the UNIX and UNIX Like communities tend to overdramatize their favourite operating system as some "impenetrable fortress" that their data will always be safe within. I can't agree with his assertions that there is little difference in data safety between those operating systems, however I can agree with the basic premise that users shouldn't rely on an operating system's security alone to protect their data.
Your system is only as secure as the person who maintains it. Just because a person loses personal data through their own fault, doesn't mean the blame should be placed on Linux.
I think you've missed Thom's point; that users shouldn't rely on "word of mouth reputation" of an operating systems to protect