Linked by Amjith Ramanujam on Sat 19th Jul 2008 19:01 UTC, submitted by cypress
Linux Linux and UNIX-like operating systems in general are regarded as being more secure for the common user, in contrast with operating systems that have "Windows" as part of their name. Why is that? When entering a dispute on the subject with a Windows user, the most common argument he tries to feed me is that Windows is more widespread, and therefore, more vulnerable. Apart from amusing myths like "Linux is only for servers" or "does it have a word processor?", the issue of Linux desktop security is still seriously misunderstood.
Thread beginning with comment 323744
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Yeah But... How long before
by raver31 on Sun 20th Jul 2008 11:26 UTC in reply to "Yeah But... How long before"
Member since:

There is some piece of malware that relies upon the fact that say 95% of Ubuntu users still use 'sudo' OOTB?
Here is a great gaping security hole.
Personally, I think using 'sudo' without a password is plain crazy and actually go that on step further on all my Linux boxes and disable it completely.

As Distros like Ubuntu ( and its other coats of many colours) grow in popularity I think that it will get the attention of the hackers and a new generation of threat will occur. The old adage of security through obscurity will no longer apply.

Clearly you are a little confused, and your post shows you have not used a Distro like Ubuntu.

Sudo always DEMANDS a password before it will allow a command to run, so I do not know where you got the idea it did not use one.

The old idea is that it is secure because no-one is using Linux is also a load of balls, there are millions of internet servers running Linux. If I wanted to write a virus, I would write one that would take out the infrastructure of the internet, rather than hose up some basement dwelling internet poke players/porn junkies pc.

The quote you gave, "The old adage of security through obscurity will no longer apply.", I hope you are aware that the "security through obscurity" idea was put about by Microsoft, when people were looking access to the Windows source code to try and make it as secure as Linux, Microsoft told them, that because the source code is not out in the open, Joe Public could not search for vulnerabilities, so it was in essence security through obscurity.

Now, instead of spouting off crap, actually download and TRY a Linux distro. Until you do so, your opinions are not valid and your post on Linux and Linux security are useless.

Reply Parent Score: 10

shotsman Member since:

'Dude' I do use Kubuntu on a daily basis on several Servers. I use Xubuntu on my laptops. None have sudo enabled.
I have come upon many Ububtu systems where the user demanded that it was 'Setup like Windows' and the password requirement for sudo was removed.
I was also using an EEEPC earlier today for the first time. It also had no password requirement for using sudo. I don't know if that was the default or not so I can't comment on that.
If it is that easy to remove the requirement for a sudo password then I have to say that it is a security hole big enough to drive a Routemaster through.
I'm of the 'old school' linux user (Since Slackware 1.1, Unix since 1984) who believes in passwords and long ones at that for all critical accounts.
But hey, FOSS is all about choice. You can run your system OOTB or with (from my experience it is quite widespread) sudo passwords disabled if you want to. All I'm saying is that it is all too easy to disable sudo passwords and it could be a major security problem to targetted malware.

Reply Parent Score: 2

Morgan Member since:

I don't disagree with your take on this, but a small correction is in order. For every terminal session that you have active, you only have to give sudo your password once. Any sudo commands you run after that will not ask for your password again until you close your terminal session and open a new one.

Reply Parent Score: 3

intangible Member since:

Good point, but it's actually time-based from your last use of sudo. You can decrease the time limit if worried.

Reply Parent Score: 3