Linux and UNIX-like operating systems in general are regarded as being more secure for the common user, in contrast with operating systems that have "Windows" as part of their name. Why is that? When entering a dispute on the subject with a Windows user, the most common argument he tries to feed me is that Windows is more widespread, and therefore, more vulnerable. Apart from amusing myths like "Linux is only for servers" or "does it have a word processor?", the issue of Linux desktop security is still seriously misunderstood.
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:2007-02-27
Like in Windows Vista by default
...and, ran as regular users, they will be totally harmless to the system :-).
Like in Windows Vista by default
Edited 2008-07-20 13:10 UTC
Member since:2008-07-10
Member since:2005-07-06
Like in Windows Vista by default
Nope, I can install an application in Vista that can hose the whole system, after copying itself into /Windows/System32
...and, ran as regular users, they will be totally harmless to the system :-).
Like in Windows Vista by default "
Also no, as a user called Dave, I can download format.com from DOS 5, open a command prompt, and type this
"format c: /u /autotest"
This will run and format the drive without any prompting.
Member since:2008-05-27
"..and, ran as regular users, they will be totally harmless to the system :-). All they can do is probably some nasty stuff to the user's home directory, which is easily solved with a regular batch of backups. "
Sorry, but this is: LOL!
Regulars users do backups, right? (WRONG!) The average user is more afraid of "user land" viruses, than of "root land" viruses. The deadlies virus could be sent via social engineering, and look as harmless as this:
#!/bin/sh
rm -rf /home/`whoami`
You'd only have to fool the user into making it executable (which isn't necessarily hard to do).
Edited 2008-07-20 14:18 UTC
Member since:2007-03-06
Sure, and you could just tell the user to type rm -rf /home/`whoami` on the console himself, or better yet tell him to pick a hammer and smash his box to pieces.
The point of linux security is not protecting the user from his ignorance, but protecting the system and all the other users from whatever that user might do.
You have every right to delete your /home directory, so the system won't stop you when doing so, no matter if you do it yourself or someone tricks you to run some malicious script.
Member since:2007-02-11
Regulars users do backups, right? (WRONG!) The average user is more afraid of "user land" viruses, than of "root land" viruses. The deadlies virus could be sent via social engineering, and look as harmless as this:
#!/bin/sh
rm -rf /home/`whoami`
You'd only have to fool the user into making it executable (which isn't necessarily hard to do).
Perfectly true -- yet this applies to any operating system. Unfortunately, users need not pass an examination to use a computer, like they do with cars.
Edit -- I wanted to say this in a separate post, but got carried away.
I think the likes of us have a certain... affinity towards not-exactly-essential points. From an engineering perspective, the exact reason and technical merits of why a solution is safer than another aren't that relevant in the short-term.
Quite frankly, given the average life cycle of computers in a production environment, I wouldn't need too many days to think about switching from Windows to OS X or Linux. Regardless of why *X is more secure, the reality simply belongs to the fact that, right ow, and in the foreseeable future, there are fewer viruses and the such.
Really now, seeing that Windows implements a complex and tested system that's still not efficient doesn't really make malware less harmful.
Edited 2008-07-20 19:47 UTC
Member since:2005-11-20
You still do not see the misconception:
Malware does NOT NEED to access /bin, /usr/bin or any other "root only" directory. It does not need to infect binaries either. Access to home directory is enough for malware to spread and to have the full access to the most important files on the computer.
...and, ran as regular users, they will be totally harmless to the system :-). All they can do is probably some nasty stuff to the user's home directory, which is easily solved with a regular batch of backups.
But that is exactly the misconception. Who cares about system. What is important is exactly that "nasty stuff in user's home directory".
And yes, backups always solve the problem, but note that home-dir based malware will easily get into backup too..
Member since:2007-03-06
The point is that I (say "UserA") don't have to worry about whether "UserB" is a moron and fills his ~ with malicious scripts. Both my own ~ and all the system stuff will remain safe.
And anyway, if you had such a disgusting user in your system you could just not let him execute anything on his ~. Chances are he doesn't need to do that anyway.
Member since:2006-07-04
I don't buy this. I do weekly backups, but mainly as a safeguard from harddrive failure, not as a safeguard against malware, because malware can be so subtle as to alter files without your knowing it, so you'd never consider restoring the files from the backup.
Sure, if malware trashes your whole home directory (or, at least trashed it enough so you'd notice), then you'd restore the files from the backup, but what if the malware just altered a few files? (For example, even just changing one value in a spreadsheet used by a small business to calculate payroll could lead to havoc that might not be noticed for weeks.) You'd not know it so you wouldn't bother to restore the files, and eventually you'd backup the altered files themselves, resulting in a backup that lacked integrity.
Member since:2005-07-06
Member since:2006-02-27
Member since:2005-08-18
So what? Who cares? Nor Joe User when his MP3 collection in hos home directory was wiped out.
No it isn't.
Again, who gives a shit? The system can be restored from installation media in a short time. Your corrupted data can't and that doesn't even take into account the damage from your stolen data.
Please show me where I can get a backup solution easy enough for Joe Average that will effortlessly backup 100's of GB's of data.
Plus they can read all your data files and who knows what interesting secrets you have in those?
In case you havent kept up to date, malware isn't about getting respect for rooting boxes anymore, it's big time crime that is often after your personal data.
Member since:2006-02-15
Please show me where I can get a backup solution easy enough for Joe Average that will effortlessly backup 100's of GB's of data.
I don't think the issue is about having an easy backup solution. I think the issue is rather that they have nowhere to backup all that stuff to. It is a serious hassle to backup ~100GB stuff to f.ex. DVDs, not even I would be wiling to do that so even less a Joe User. Then again, some users just back up their files with some backup application to another directory or hard drive partition and assume it's just as secure...It ain't. I've several times had to explain to people that as long as a virus can write and delete stuff on their computer those backups are just as much in danger as any other file.
So what? Who cares? Nor Joe User when his MP3 collection in hos home directory was wiped out.
Very much true. Just do note that malware nowadays doesn't usually try to delete any of your files, they instead try to f.ex. mess up your web browser so that no matter what you do you will always be redirected to a certain website. Or they can just be sitting in the background collecting information about your habits, your username and password and such. But it's harder to hide and even make such malware function if they don't have access to system files.
Member since:2005-07-01
Plus they can read all your data files and who knows what interesting secrets you have in those?
Sorry, can't resist. Time Machine (from Apple and integrated into the latest OS release) is the most user-friendly frontend to rsync(1) I've seen yet
for the end user. Anyone on a corporate network should have expensive geniuses configuring seamless backups of their data.
Okay, back to your regularly scheduled theological discourse.
PocketNow interviews Marc Dillon, and there's an interesting note about why Jolla is keeping the display properties under wraps: "We're leaving some of those details out because we do understand that there are a lot of really big players in the market and they tend to take certain components in the market and dominate them. We created the ability to actually be able to run Sailfish on multiple hardware displays and be able to swap components, so this is part of the demand and supply planning phase. We are committed to this industrial design which is a 4.5-inch display, an 8 megapixel camera on the back and a front-facing camera at the front, and the exact specs of the display we'll provide when we're close to delivery." Something you rarely hear anything about.
"This is my NeXTstation Turbo Color booting the Mac System 7.1 Operating System using a hardware add-on called 'Daydream'. The Daydream has a Mac ROM and a few custom ICs in it and hooked up to the NeXTs DSP port. Turns your NeXT into a full fledged 68k powered Mac." So cool.
"The NetBSD Project is pleased to announce NetBSD 6.1, the first feature update of the NetBSD 6 release branch. It represents a selected subset of fixes deemed important for security or stability reasons, as well as new features and enhancements. Please note that all fixes in the prior security/bugfix updates (NetBSD 6.0.1 and 6.0.2) are also in 6.1."
"At the end of a week in which Electronic Arts confirmed it wasn't developing a thing for the Wii U, one of the software engineers in EA Sports' Canada studio, in a series of since-deleted tweets, disparaged the console as 'crap' and suggested Nintendo should give up on hardware altogether. 'The Wii U is crap. Less powerful than an Xbox 360. Poor online/store. Weird tablet', tweeted Bob Summerwill, listed as a senior software engineer at EA Canada, in a reply to a tweet posting a link about EA's no-Wii U news. 'Nintendo are walking dead at this point'." The Wii U is turning into the 21st century's Virtual Boy."In NixOS, the entire operating system - the kernel, applications, system packages, configuration files, and so on - is built by the Nix package manager from a description in a purely functional build language. The fact that it's purely functional essentially means that building a new configuration cannot overwrite previous configurations. Most of the other features follow from this." Interesting approach. A Linux distribution, sure, but with some very refreshing ideas about system configuration.
Appfour added, among other features, C/C++ support to its new version of AIDE. From Android-IDE, "Now you can write parts of your app or your whole app in C/C++ on your device. AIDE supports the Standard Android NDK toolchain (GCC 4.6 + Bionic, STL, ...). No changes are necessary if you want to build an app developed on a PC with Eclipse. C/C++ development is fully integrated: Build errors appear in the error list and files can easily be navigated to with Go to file. The editor supports C/C++ syntax highlighting."
Ars nails it: "The answer is that Google did announce what amounts to a fairly substantial Android update yesterday. They simply did it without adding to the update fragmentation problems that continue to plague the platform. By focusing on these changes and not the apparently-waiting-in-the-wings update to the core software, Google is showing us one of the ways in which it's trying to fix the update problem."
"It is good for programmers to understand what goes on inside a processor. The CPU is at the heart of our career. What goes on inside the CPU? How long does it take for one instruction to run? What does it mean when a new CPU has a 12-stage pipeline, or 18-stage pipeline, or even a 'deep' 31-stage pipeline? Programs generally treat the CPU as a black box. Instructions go into the box in order, instructions come out of the box in order, and some processing magic happens inside. As a programmer, it is useful to learn what happens inside the box. This is especially true if you will be working on tasks like program optimization. If you don't know what is going on inside the CPU, how can you optimize for it? This article is about what goes on inside the x86 processor's deep pipeline."
"It was the only moment I heard regret slip into Otellini's voice during the several hours of conversations I had with him. 'The lesson I took away from that was, while we like to speak with data around here, so many times in my career I've ended up making decisions with my gut, and I should have followed my gut,' he said. 'My gut told me to say yes.'" The world would've been a much different place - Apple would have been less dependant on Samsung for its chips, which probably would've meant less money for Samsung to develop its Galaxy business.Glass is getting some love at Google I/O as well. New applications have been released - Facebook, Twitter, Evernote, Elle, Tumblr, and CNN. Perhaps more interesting: the newly announced Google Glass Developer Kit will allow offline applications and direct hardware access - great for hacking and expanding Glass' potential. This kit will really allow hackers to put Glass through its paces.
Member since:
2007-02-11
I think the one with the wrong assumptions is you. Have you used a Unix system recently?
- first, the most serious misconception is that "root" account is somewhat more important for desktop OS than user account and that virus needs to access this root account. That is total nonsense. Reinstalling OS on the desktop is simple. Recovering deleted user data usually impossible. And virus does not need root to spread, all it needs is some form of internet connection. As long as user can display pages and sent emails, virus can spread.
That is totally wrong. In a properly configured system, an infected program running with user's priviledges will not be able to modify any other binary outside the user's home directory -- in any case, none that resides in /bin, /usr/bin, /usr/local/bin or any of the such (sure, those in /tmp may end up screwed, but then again). Hell, it's hard enough to even infect a binary in the first place. Run everything as root and you're screwed -- it gets write access to just about everywhere.
- second, the idea that malware cannot hide in sources is flawed as well. All it needs is to put its scripts somewhere in ~/.gtk/desktop/myapps. Moreover, these scripts are platform independent - they will run on any unix and any CPU. And then can be written in dozen of languages linux distro usually supports. Moreover, mutating sources to make them hard to detect by antivirus software might be even easier than mutating binary.
...and, ran as regular users, they will be totally harmless to the system :-). All they can do is probably some nasty stuff to the user's home directory, which is easily solved with a regular batch of backups.
I think that the only reason why malware is not so wide-spread in linux is really because malware writters still do not care. If linux ever gets more than 10% of market-share, it will get viruses too.
Oh please...
Edit: afaik, some programs that could circumvent permissions by exploiting various security weaknesses do exist -- but they are quite complex, and quite possibly too complex to be accessible to your avera script kiddie.
Edited 2008-07-20 12:59 UTC