Linked by Igor Ljubuncic on Mon 21st Jun 2010 09:35 UTC
Privacy, Security, Encryption I've bored the readers of my personal website to death with two rather prosaic articles debating the Linux security model, in direct relation to Windows and associated claims of wondrous infections and lacks thereof. However, I haven't yet discussed even a single program that you can use on your Linux machine to gauge your security. For my inaugural article for OSNews, I'll leave the conceptual stuff behind, and focus on specific vectors of security, within the world of reason and moderation that I've created and show you how you can bolster a healthy strategy with some tactical polish, namely software.
Thread beginning with comment 430939
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[4]: Security
by fewt on Mon 21st Jun 2010 18:48 UTC in reply to "RE[3]: Security"
fewt
Member since:
2010-06-09

May I remind you that I stated "more secure defaults than Windows" and not that "Linux's defaults are perfect" ;)


They aren't more secure than Windows anymore. At one time, sure. Now? No.

Reply Parent Score: 0

RE[5]: Security
by Laurence on Mon 21st Jun 2010 19:14 in reply to "RE[4]: Security"
Laurence Member since:
2007-03-26

So Windows 7 doesn't give the default user accounts full administration rights?

Windows has come a long long way, there's no denying that. And I'm not disputing that security is an ongoing battle in which users shouldn't get complacent regardless of the OS they run.

I just don't see the point in lying by saying all OSs are equally secure by default. The simple fact is some OSs do ship with better defaults. However, and as I've already stated, none of that really makes much difference if you stick an experienced idiot in front of the keyboard.

Reply Parent Score: 3

RE[6]: Security
by fewt on Mon 21st Jun 2010 19:17 in reply to "RE[5]: Security"
fewt Member since:
2010-06-09

So Windows 7 doesn't give the default user accounts full administration rights?

Windows has come a long long way, there's no denying that. And I'm not disputing that security is an ongoing battle in which users shouldn't get complacent regardless of the OS they run.

I just don't see the point in lying by saying all OSs are equally secure by default. The simple fact is some OSs do ship with better defaults. However, and as I've already stated, none of that really makes much difference if you stick an experienced idiot in front of the keyboard.


It really would be a lie to say that they were all secure by default, because none of them are.

Reply Parent Score: 1

RE[5]: Security
by wirespot on Tue 22nd Jun 2010 09:10 in reply to "RE[4]: Security"
wirespot Member since:
2006-06-21

They aren't more secure than Windows anymore. At one time, sure. Now? No.


Ah, but what do you mean by "Windows" and "Linux"? If you mean an install with just the OS and an interface, let's assume you're right. Windows 7 has made great strides into closing remote vulnerabilities and has taken protections such as ASLR, sandboxing IE etc. Remote breaking into Windows 7 through IE8 has been called one of the biggest modern challenges in security.

But a working PC also contains a large number of applications. This is where the cookie crumbles.

The Windows applications come in huge numbers, they are mostly closed source and they are not updated in a centralized manner. Plus, Windows users consider it normal to download stuff off any website they run into, not to mention downloading and running dubious cracks and keygens. What's more, they've become complacent about having malware in their machine.

Contrast this with Linux apps which are fewer, mostly open sourced, come 99% from trusted repositories, the update system is centralized and automated, and there's usually no need to go and install cracks. And a Linux user who finds a single piece of malware on their machine will be absolutely horrified.

Basically, the Windows userland is a security nightmare.

Reply Parent Score: 2

RE[6]: Security
by fewt on Tue 22nd Jun 2010 12:17 in reply to "RE[5]: Security"
fewt Member since:
2010-06-09

Basically, the Windows userland is a security nightmare.


s/Windows/any\ OS/i

Reply Parent Score: 1

RE[6]: Security
by lemur2 on Wed 23rd Jun 2010 04:36 in reply to "RE[5]: Security"
lemur2 Member since:
2007-02-17

The Windows applications come in huge numbers, they are mostly closed source and they are not updated in a centralized manner. Plus, Windows users consider it normal to download stuff off any website they run into, not to mention downloading and running dubious cracks and keygens. What's more, they've become complacent about having malware in their machine.

Contrast this with Linux apps which are fewer, mostly open sourced, come 99% from trusted repositories, the update system is centralized and automated, and there's usually no need to go and install cracks. And a Linux user who finds a single piece of malware on their machine will be absolutely horrified.


Precisely so.

In fact, there was one case recently of an obscure program called UnRealIRCd where someone had replaced a tarball (which was unsigned) on a mirror with a version that contained a trojan.

There was a huge amount of "horror" and discussion generated over this, but at the end of the day the trojan found its way into only two minor distribution repositories. It is unclear if it actually mamanged to infect any end user's machines at all.

The amount of "horror" generated compared to the actual infection rate was hugely blown out of proportion. In a way, that is a positive ... if an equivalent thing had happened in the Windows ecosystem, probably no-one would ever have even noticed, and certainly there would be no comment raised.

Edited 2010-06-23 04:37 UTC

Reply Parent Score: 2

RE[5]: Security
by lemur2 on Wed 23rd Jun 2010 04:42 in reply to "RE[4]: Security"
lemur2 Member since:
2007-02-17

"May I remind you that I stated "more secure defaults than Windows" and not that "Linux's defaults are perfect" ;)
They aren't more secure than Windows anymore. At one time, sure. Now? No. "

Depends on how you define it. Windows now is certainly more secure than Windows of the past, but nevertheless the actual infection rate of Windows systems is still vastly more than infection rates of any other system.

It matters not at all to the end user (whose system gets infected) if this is "unfair" comparison, or if it is due to the fact that there is vastly more security threats against Windows. The practical outcome is still that if you run a Windows system, it is far more likely to get infected.

Reply Parent Score: 2