Linked by Amjith Ramanujam on Sat 19th Jul 2008 19:01 UTC, submitted by cypress
Linux Linux and UNIX-like operating systems in general are regarded as being more secure for the common user, in contrast with operating systems that have "Windows" as part of their name. Why is that? When entering a dispute on the subject with a Windows user, the most common argument he tries to feed me is that Windows is more widespread, and therefore, more vulnerable. Apart from amusing myths like "Linux is only for servers" or "does it have a word processor?", the issue of Linux desktop security is still seriously misunderstood.
Thread beginning with comment 323766
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Wrong assumptions...
by luzr on Sun 20th Jul 2008 14:55 UTC in reply to "RE: Wrong assumptions..."
luzr
Member since:
2005-11-20

That is totally wrong. In a properly configured system, an infected program running with user's priviledges will not be able to modify any other binary outside the user's home directory -- in any case, none that resides in /bin, /usr/bin, /usr/local/bin or any of the such (sure, those in /tmp may end up screwed, but then again). Hell, it's hard enough to even infect a binary in the first place. Run everything as root and you're screwed -- it gets write access to just about everywhere.


You still do not see the misconception:

Malware does NOT NEED to access /bin, /usr/bin or any other "root only" directory. It does not need to infect binaries either. Access to home directory is enough for malware to spread and to have the full access to the most important files on the computer.


...and, ran as regular users, they will be totally harmless to the system :-). All they can do is probably some nasty stuff to the user's home directory, which is easily solved with a regular batch of backups.


But that is exactly the misconception. Who cares about system. What is important is exactly that "nasty stuff in user's home directory".

And yes, backups always solve the problem, but note that home-dir based malware will easily get into backup too..

Reply Parent Score: 3

RE[3]: Wrong assumptions...
by ichi on Sun 20th Jul 2008 15:10 in reply to "RE[2]: Wrong assumptions..."
ichi Member since:
2007-03-06

Malware does NOT NEED to access /bin, /usr/bin or any other "root only" directory. It does not need to infect binaries either. Access to home directory is enough for malware to spread and to have the full access to the most important files on the computer.


The point is that I (say "UserA") don't have to worry about whether "UserB" is a moron and fills his ~ with malicious scripts. Both my own ~ and all the system stuff will remain safe.

And anyway, if you had such a disgusting user in your system you could just not let him execute anything on his ~. Chances are he doesn't need to do that anyway.

Reply Parent Score: 3

RE[4]: Wrong assumptions...
by dagw on Sun 20th Jul 2008 15:14 in reply to "RE[3]: Wrong assumptions..."
dagw Member since:
2005-07-06

And anyway, if you had such a disgusting user in your system you could just not let him execute anything on his ~. Chances are he doesn't need to do that anyway.

Of course the point you're nicely ignoring is that the vast majority of *nix PCs have only one user and that user is also the system owner and admin.

Reply Parent Score: 4

RE[4]: Wrong assumptions...
by luzr on Sun 20th Jul 2008 15:26 in reply to "RE[3]: Wrong assumptions..."
luzr Member since:
2005-11-20


And anyway, if you had such a disgusting user in your system you could just not let him execute anything on his ~. Chances are he doesn't need to do that anyway.


AFAIK, this is not quite possible with current nixes - there are scripts in ~ by default.

Reply Parent Score: 1