Linked by Amjith Ramanujam on Sat 19th Jul 2008 19:01 UTC, submitted by cypress
Linux Linux and UNIX-like operating systems in general are regarded as being more secure for the common user, in contrast with operating systems that have "Windows" as part of their name. Why is that? When entering a dispute on the subject with a Windows user, the most common argument he tries to feed me is that Windows is more widespread, and therefore, more vulnerable. Apart from amusing myths like "Linux is only for servers" or "does it have a word processor?", the issue of Linux desktop security is still seriously misunderstood.
Thread beginning with comment 323719
To view parent comment, click here.
To read all comments associated with this story, please click here.
BluenoseJake
Member since:
2005-08-11

"The design of a Linux based distro is more secure in the fact you do not run as root. You can modify the sudoers file to allow 'sudo' access however you can set it to require a password.

I do not think Windows will be able to overcome the problems with applications requiring administrator access until they enforce the applications coders to code it correctly."

It's not the design of Windows that is at fault, it is the defaults. They should have been changed a long time ago, and UAC is the first step. It's not going to happen over night, because MS unfortunately values backward compatibility too much.

I've been running Windows as a normal user since NT, and it may be tricky sometimes, some times it can be a real PITA, but there hasn't been too much I haven't been able to get working.

Reply Parent Score: 5

UltraZelda64 Member since:
2006-12-05

I've been running Windows as a normal user since NT, and it may be tricky sometimes, some times it can be a real PITA, but there hasn't been too much I haven't been able to get working.

Wow. Every time I seriously try to lock down XP, I give up. It's a losing battle. I install XP, and create an Admin account myself, as it requires. Go through the install, switch the log in window to the classic one so I can also select Administrator. Try to change my (admin-level) user account it forced me to create to a Limited User.

"Sorry, you must have at least one other Administrator account to change this one to a Limited User" [paraphrased]

What? Then what the hell is the administrator account aptly-named "Administrator" there for? Looks? Whatever. So I created another admin-level account, named "Admin," and was finally able to change my account created during install to a limited user. After finally making it this far, I find out that I'm able to send system files that I shouldn't even be able to touch to the recycle bin, but when I want to undo that or restore them, access denied--log in as an admin to do that. WTF?

I won't bother going in-depth on all the problems running programs I had as a limited user, but I saw such ridiculous things as Winamp not able to "uninstall" plug-ins. Why? They're just .dlls located in C:\Program Files\Winamp... off-limits. If there were a "home" directory concept in Windows, each user could add and remove their own plug-ins, but no. I understand why this is, but it all boils to single-user design decisions which should be stuck in the past and each program storing all of its files in its own directory... yet... they're still dragging Windows down.

It was after this XP test install that I decided to finally re-partition my hard drive and re-install my Linux-distro-of-choice on it by itself (previously set as the default of a dual-boot setup). Needless to say, after install, I was running everything I wanted as a normal user, with root locked away for system changes, with no stupid WTF moments like XP's you-can-delete-but-not-restore crap.

Edited 2008-07-20 05:01 UTC

Reply Parent Score: 10

Arawn Member since:
2005-07-13

Hmm, I think that "downgrading" own account from administrator to limited is not the correct way to go, and actually agree that you shouldn't be able to do it.

The simple answer to your predicament is logon as Administrator, change your account from administrator to limited, and then you will only have Administrator and your account (as limited) to log on. I've done that tens of times.

Reply Parent Score: 2

BluenoseJake Member since:
2005-08-11

"Sorry, you must have at least one other Administrator account to change this one to a Limited User" [paraphrased]"

Of course it says that, you need ONE administrator account. You just create your own user as a normal user, not administrator, do not downgrade it. Do all your installs as the "real " administrator, then use your "normal" account for day to day stuff. Runas is there if you need it.

Reply Parent Score: 1

google_ninja Member since:
2006-02-05

There is a home directory concept for per user data, it is called AppData. You should have sent the winamp guys a nasty email explaining to them the insanity of not developing software in a least priviledged environment, and asking them to please use what has been considered best practice for almost a decade now.

The way to work around badly written software is to grant your user write access to the folder that you need to write to. Yeah, it sucks and is messy, but it is way better then the alternative. I can't even imagine running windows as an admin all the time.

Edited 2008-07-20 22:51 UTC

Reply Parent Score: 2

Angel Blue01 Member since:
2006-11-01

How about right-clicking and selecting Run As (not a great workaround)?

I agree its annoying that Windows 5.x forces you to create at least one other administrator level account in addition to the hidden Administrator account which IMO should stay hidden!

As far as plug-ins, that's a problem by the developers of Winamp, creating a system-wide program and allowing plug-in writers to wrap their binaries in installable executables, same thing with a lot of games.

Reply Parent Score: 1

melkor Member since:
2006-12-16

Windows has a home directory - c:\documents and settings...

The problems that you describe are down to crappy programming from 3rd party software vendors. Nothing more, and nothing less.

Dave

Reply Parent Score: 2

voidspace Member since:
2008-06-25

"If there were a "home" directory concept in Windows"

There is. If Winamp doesn't use it then that is its failing not the OS's.

Reply Parent Score: 1

kaiwai Member since:
2005-07-06

It's not the design of Windows that is at fault, it is the defaults. They should have been changed a long time ago, and UAC is the first step. It's not going to happen over night, because MS unfortunately values backward compatibility too much.

I've been running Windows as a normal user since NT, and it may be tricky sometimes, some times it can be a real PITA, but there hasn't been too much I haven't been able to get working.


Unfortunately that isn't helped by the fact that even Microsoft's own software isn't written well as to allow the smooth running in a limited user capacity. Run Office 2003 on Windows Vista and you'll see what I mean.

At the end of the day, software companies will take leadership from the operating system vendor; if the operating system vendor isn't interested in making their own software use the new API's or update their software to the new security model - why should other vendors go through all the hoops?

It reminds me very much of the complaints that no big names are using the new API's in Windows like WPF and WCF. When Microsoft's own operating system has applications bundled with it, which don't use WPF/WCF (which CAN be called from native code - they DON'T need to re-write it in managed code) then how can they expect third parties to make that investment if they're not willing to do it themselves?

Reply Parent Score: 6

lemur2 Member since:
2007-02-17

At the end of the day, software companies will take leadership from the operating system vendor; if the operating system vendor isn't interested in making their own software use the new API's or update their software to the new security model - why should other vendors go through all the hoops?


Please don't encourage other vendors to take their lead from the OS vendor in this instance, particularly in respsect of security.

This particular OS vendor has a back-door into the OS such that it can be changed ("updated" is the euphemism they use) regardless of the settings or wishes of the owners of the machine on which it is running.

This OS vendor also makes an add-on after thought scanner product in the hopes of detecting breaches after they have already got in, but the scanner provided by the vendor is amongst the worst products available.

Reply Parent Score: 5

OMRebel Member since:
2005-11-14

"Run Office 2003 on Windows Vista and you'll see what I mean."

Ummm..........I know several people doing that without any problems. Can to give some details on what you're referring to?

Reply Parent Score: 2

lemur2 Member since:
2007-02-17

I've been running Windows as a normal user since NT, and it may be tricky sometimes, some times it can be a real PITA, but there hasn't been too much I haven't been able to get working.


If someone were to describe such a thing but for Linux not Windows, you would be amongst the first to jump all over such an observation with a claim that Linux wasn't usable by average users.

Reply Parent Score: 9

Blackwizard Member since:
2007-10-11

Is there a quick way to switch user under Windows in a window, such as sudo or su ?

Reply Parent Score: 1

smashIt Member since:
2005-07-06

Is there a quick way to switch user under Windows in a window, such as sudo or su ?

I think runas is what you are looking for

Edited 2008-07-20 12:39 UTC

Reply Parent Score: 1

gustl Member since:
2006-01-19

Backwards binary compatibility to the death is what I do not understand about Microsoft.

With virtualisation technology everywhere it would be easy to make a completely new, mean and lean operating system without much backwards compatibility, and run the old XP inside a virtual machine. If the new system is requested to start an old application, it can do this automatically and transparently.

Then they would be free to put really good security in place.

Reply Parent Score: 3

BluenoseJake Member since:
2005-08-11

I agree, to a point. The over all affect of that is a clean windows install, with a broken, virus infected VM running inside it.

Good security practices have to be included from the start, including the hypothetical VM, otherwise, the problem is not fixed, just hidden.

Reply Parent Score: 2