Linked by Amjith Ramanujam on Sat 19th Jul 2008 19:01 UTC, submitted by cypress
Linux and UNIX-like operating systems in general are regarded as being more secure for the common user, in contrast with operating systems that have "Windows" as part of their name. Why is that? When entering a dispute on the subject with a Windows user, the most common argument he tries to feed me is that Windows is more widespread, and therefore, more vulnerable. Apart from amusing myths like "Linux is only for servers" or "does it have a word processor?", the issue of Linux desktop security is still seriously misunderstood.
Thread beginning with comment 323779
To view parent comment, click here.
To read all comments associated with this story, please click here.
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[4]: Wrong assumptions...
by netpython on Sun 20th Jul 2008 18:56
in reply to "RE[3]: Wrong assumptions..."
Member since:2005-07-06
News
Linked by Thom Holwerda on 02/08/10 23:34 UTC
"The 'Llano' processor that AMD described today in an ISSCC session is not a CPU, and it's not a GPU - instead, it's a hybrid design that the chipmaker is calling an 'application processor unit', or APU. Whatever you call it, it could well give Intel a run for its money in the laptop market, by combining a full DX11-compatible GPU with four out-of-order CPU cores on a single, 32nm processor die."
Linked by Thom Holwerda on 02/08/10 19:38 UTC
"The scuttlebutt is that IBM seemed perfectly content to wait until May to launch the Power7-based Power Systems servers, but something changed and compelled the company to move up the announcement of its first machines using the eight-core processor to today. Big Blue is not in a habit of explaining its motives or its timing for product launches, but it seems clear that IBM wanted to get out in front of a whole lot of processor and systems launches that are expected between now and the summer."
Linked by Thom Holwerda on 02/08/10 19:33 UTC
Mozilla has announced that they are going to drop support for Mac OS X 10.4 Tiger definitively. "Mac OS X 10.4 was released in April of 2005 and a lot has changed since then," Josh Aas writes, "We would like to take advantage of more modern technologies on Mac OS X and 10.4 support has been a hindrance. Where we can work around supporting 10.4, doing so consumes valuable time and effort. Neither Chrome nor Safari has to deal with this."
Linked by Thom Holwerda on 02/05/10 23:46 UTC
"The ancient bug was discovered by Google security researcher Tavis Ormandy in January 2010 and involves a utility that allows newer versions of Windows to run very old programs. Mr Ormandy has found a way to exploit this utility in Windows XP, Windows Server 2003 and 2008 as well as Windows Vista and Windows 7. The patch for this vulnerability will appear in the February security update. Five of the vulnerabilities being patched at the same time allow attackers to effectively hijack a Windows PC and run their own programs on it."
Linked by Thom Holwerda on 02/05/10 21:50 UTC, submitted by tyrione
"Today, Clang completed its first complete self-host! We built all of LLVM and Clang with Clang (over 550k lines of C++ code). The resulting binaries passed all of Clang and LLVM's regression test suites, and the Clang-built Clang could then build all of LLVM and Clang again. The third-stage Clang was also fully-functional, completing the bootstrap."
Linked by Thom Holwerda on 02/05/10 21:43 UTC
With all the virtualization schemes running on top of Linux, how do they exploit the underlying kernel for I/O virtualization? The answer is virtio, which provides an efficient abstraction for hypervisors and a common set of I/O virtualization drivers. Discover virtio, and learn why Linux will soon be the hypervisor of choice.
Linked by Thom Holwerda on 02/05/10 21:41 UTC
"The Mono Project releases the first preview of Moonlight 3.0, giving application developers a first look at the open-source implementation of Microsoft's Silverlight 3 technology for the Linux platform." Sadly, it's still Firefox-only.
Linked by Thom Holwerda on 02/04/10 23:13 UTC
"In a definitive defeat for film studios - and in a first case of its kind worldwide - Australia's Federal Court has ruled that ISPs have no obligation to act on copyright infringement notices or to disconnect subscribers after receiving multiple letters. If copyright holders want justice for illegal file-sharing, they need to start by targeting the right people: those who committed the infringement."
Linked by Thom Holwerda on 02/04/10 23:12 UTC
Sun Microsystems CEO Jonathan Schwartz, an advocate of Web 2.0, used Twitter early Thursday to announce his resignation. He was named CEO in 2006 as Sun faced a switch in strategic direction away from proprietary systems and toward open source code, including its valued Solaris 10 operating system. "Today's my last day at Sun. I'll miss it", he said in a tweet to his followers, reported the New York Times on its Web site at 1:12 a.m. Thursday. He added a bit of haiku: "Financial crisis, Stalled too many customers, CEO no more."
Linked by Thom Holwerda on 02/04/10 17:18 UTC
"The venerable GNU Image Manipulation Program is undergoing a significant transformation. The next major release, version 2.8, will introduce an improved user interface with an optional single-window mode. Although this update is still under heavy development, users can get an early look by compiling the latest source code of the development version from the GIMP's version control repository."
Member since:
2005-07-07
Come on. In recent Linux distros it is very simple task. My last ubuntu install took about 20 minutes and zero intervention on my side.
Personally I think it is pretty easy to set up a Linux install, certainly easier than Windows but the average user thinks otherwise and won't even touch a Windows install.
How does separate root account eliminate the propagation of malware to another machine?
As long as user is able to use internet, malware can spread.
True but you aren't really talking about viruses anymore then. Without root privileges they can't infect binaries and take over the system. A separate root account alone doesn't eliminate all malware vectors but saying it doesn't help stop the spread of viruses is naive.
The problem you do not see is that you do not to take over the entire system to turn it into spambot. All you need is the ability to send emails, which is something usually allowed on user level access.
Tell me how you can change smtpd settings without being root? Tell me why you would have a smtpd server with ports open to the outside running on your desktop in the first place. Like I said before privilege separation is one piece to security but it doesn't solve everything. Opening up your machine to the outside with unneccessary services is your own fault and cannot be mitigated with simple privilege separation.
Average user can get "security update by email from his distro vendor" and install it. This is how malware really works these days.
Again I admit this can happen but there is nothing that can really mitigate this kind of attack although to really have any kind of affect you would have to have a spambot already to send these emails. It's a pretty tricky attack on Linux in the first place though considering all updates are through a central repository and packages are in different formats for different distributions.
What are you going to grep?
Antivirus software uses signatures to detect viruses. Virus writers use all kinds of techniques to circumvent detection. It's a lot harder to circumvent detection when the exploit is in plain text format.
I don't think it is difficult to see why Windows is so easily owned compared to other operating systems. The necessecity of running as administrator because of backwards compatibility makes it low hanging fruit for crackers. Just visiting a web page with a Windows XP machine can lead to the entire operating system being taken over because a single flaw in the client is turned in root access without any privilege escalation necessary. Tricking users into installing software is one thing but automated root access is something only Windows gives up so easily. A lot more user interaction is required in Linux to install and propogate malware. I will say that Vista has gotten a lot better in this regard but the fact that Vista is a dud and many people and organizations are avoiding it altogether isn't making Window's problems a thing of the past any time soon.