Linked by Igor Ljubuncic on Mon 21st Jun 2010 09:35 UTC
I've bored the readers of my personal website to death with two rather prosaic articles debating the Linux security model, in direct relation to Windows and associated claims of wondrous infections and lacks thereof. However, I haven't yet discussed even a single program that you can use on your Linux machine to gauge your security. For my inaugural article for OSNews, I'll leave the conceptual stuff behind, and focus on specific vectors of security, within the world of reason and moderation that I've created and show you how you can bolster a healthy strategy with some tactical polish, namely software.
Thread beginning with comment 430939
To view parent comment, click here.
To read all comments associated with this story, please click here.
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:2007-03-26
So Windows 7 doesn't give the default user accounts full administration rights?
Windows has come a long long way, there's no denying that. And I'm not disputing that security is an ongoing battle in which users shouldn't get complacent regardless of the OS they run.
I just don't see the point in lying by saying all OSs are equally secure by default. The simple fact is some OSs do ship with better defaults. However, and as I've already stated, none of that really makes much difference if you stick an experienced idiot in front of the keyboard.
Member since:2010-06-09
So Windows 7 doesn't give the default user accounts full administration rights?
Windows has come a long long way, there's no denying that. And I'm not disputing that security is an ongoing battle in which users shouldn't get complacent regardless of the OS they run.
I just don't see the point in lying by saying all OSs are equally secure by default. The simple fact is some OSs do ship with better defaults. However, and as I've already stated, none of that really makes much difference if you stick an experienced idiot in front of the keyboard.
Windows has come a long long way, there's no denying that. And I'm not disputing that security is an ongoing battle in which users shouldn't get complacent regardless of the OS they run.
I just don't see the point in lying by saying all OSs are equally secure by default. The simple fact is some OSs do ship with better defaults. However, and as I've already stated, none of that really makes much difference if you stick an experienced idiot in front of the keyboard.
It really would be a lie to say that they were all secure by default, because none of them are.
Member since:2006-06-21
They aren't more secure than Windows anymore. At one time, sure. Now? No.
Ah, but what do you mean by "Windows" and "Linux"? If you mean an install with just the OS and an interface, let's assume you're right. Windows 7 has made great strides into closing remote vulnerabilities and has taken protections such as ASLR, sandboxing IE etc. Remote breaking into Windows 7 through IE8 has been called one of the biggest modern challenges in security.
But a working PC also contains a large number of applications. This is where the cookie crumbles.
The Windows applications come in huge numbers, they are mostly closed source and they are not updated in a centralized manner. Plus, Windows users consider it normal to download stuff off any website they run into, not to mention downloading and running dubious cracks and keygens. What's more, they've become complacent about having malware in their machine.
Contrast this with Linux apps which are fewer, mostly open sourced, come 99% from trusted repositories, the update system is centralized and automated, and there's usually no need to go and install cracks. And a Linux user who finds a single piece of malware on their machine will be absolutely horrified.
Basically, the Windows userland is a security nightmare.
Member since:2010-06-09
Member since:2007-02-17
The Windows applications come in huge numbers, they are mostly closed source and they are not updated in a centralized manner. Plus, Windows users consider it normal to download stuff off any website they run into, not to mention downloading and running dubious cracks and keygens. What's more, they've become complacent about having malware in their machine.
Contrast this with Linux apps which are fewer, mostly open sourced, come 99% from trusted repositories, the update system is centralized and automated, and there's usually no need to go and install cracks. And a Linux user who finds a single piece of malware on their machine will be absolutely horrified.
Contrast this with Linux apps which are fewer, mostly open sourced, come 99% from trusted repositories, the update system is centralized and automated, and there's usually no need to go and install cracks. And a Linux user who finds a single piece of malware on their machine will be absolutely horrified.
Precisely so.
In fact, there was one case recently of an obscure program called UnRealIRCd where someone had replaced a tarball (which was unsigned) on a mirror with a version that contained a trojan.
There was a huge amount of "horror" and discussion generated over this, but at the end of the day the trojan found its way into only two minor distribution repositories. It is unclear if it actually mamanged to infect any end user's machines at all.
The amount of "horror" generated compared to the actual infection rate was hugely blown out of proportion. In a way, that is a positive ... if an equivalent thing had happened in the Windows ecosystem, probably no-one would ever have even noticed, and certainly there would be no comment raised.
Edited 2010-06-23 04:37 UTC
Member since:2007-02-17
"May I remind you that I stated "more secure defaults than Windows" and not that "Linux's defaults are perfect" 
They aren't more secure than Windows anymore. At one time, sure. Now? No. " Depends on how you define it. Windows now is certainly more secure than Windows of the past, but nevertheless the actual infection rate of Windows systems is still vastly more than infection rates of any other system.
It matters not at all to the end user (whose system gets infected) if this is "unfair" comparison, or if it is due to the fact that there is vastly more security threats against Windows. The practical outcome is still that if you run a Windows system, it is far more likely to get infected.
News
Linked by Thom Holwerda on 05/18/13 21:06 UTC
"At the end of a week in which Electronic Arts confirmed it wasn't developing a thing for the Wii U, one of the software engineers in EA Sports' Canada studio, in a series of since-deleted tweets, disparaged the console as 'crap' and suggested Nintendo should give up on hardware altogether. 'The Wii U is crap. Less powerful than an Xbox 360. Poor online/store. Weird tablet', tweeted Bob Summerwill, listed as a senior software engineer at EA Canada, in a reply to a tweet posting a link about EA's no-Wii U news. 'Nintendo are walking dead at this point'." The Wii U is turning into the 21st century's Virtual Boy.
Linked by Thom Holwerda on 05/18/13 7:37 UTC
"In NixOS, the entire operating system - the kernel, applications, system packages, configuration files, and so on - is built by the Nix package manager from a description in a purely functional build language. The fact that it's purely functional essentially means that building a new configuration cannot overwrite previous configurations. Most of the other features follow from this." Interesting approach. A Linux distribution, sure, but with some very refreshing ideas about system configuration.
Linked by fran on 05/18/13 1:38 UTC
Appfour added, among other features, C/C++ support to its new version of AIDE. From Android-IDE, "Now you can write parts of your app or your whole app in C/C++ on your device. AIDE supports the Standard Android NDK toolchain (GCC 4.6 + Bionic, STL, ...). No changes are necessary if you want to build an app developed on a PC with Eclipse. C/C++ development is fully integrated: Build errors appear in the error list and files can easily be navigated to with Go to file. The editor supports C/C++ syntax highlighting."
Linked by Thom Holwerda on 05/17/13 23:35 UTC, submitted by kragil
Ars nails it: "The answer is that Google did announce what amounts to a fairly substantial Android update yesterday. They simply did it without adding to the update fragmentation problems that continue to plague the platform. By focusing on these changes and not the apparently-waiting-in-the-wings update to the core software, Google is showing us one of the ways in which it's trying to fix the update problem."
Linked by MOS6510 on 05/17/13 22:22 UTC
"It is good for programmers to understand what goes on inside a processor. The CPU is at the heart of our career. What goes on inside the CPU? How long does it take for one instruction to run? What does it mean when a new CPU has a 12-stage pipeline, or 18-stage pipeline, or even a 'deep' 31-stage pipeline? Programs generally treat the CPU as a black box. Instructions go into the box in order, instructions come out of the box in order, and some processing magic happens inside. As a programmer, it is useful to learn what happens inside the box. This is especially true if you will be working on tasks like program optimization. If you don't know what is going on inside the CPU, how can you optimize for it? This article is about what goes on inside the x86 processor's deep pipeline."
Linked by Thom Holwerda on 05/17/13 22:15 UTC, submitted by Tom
"It was the only moment I heard regret slip into Otellini's voice during the several hours of conversations I had with him. 'The lesson I took away from that was, while we like to speak with data around here, so many times in my career I've ended up making decisions with my gut, and I should have followed my gut,' he said. 'My gut told me to say yes.'" The world would've been a much different place - Apple would have been less dependant on Samsung for its chips, which probably would've meant less money for Samsung to develop its Galaxy business.
Linked by Thom Holwerda on 05/16/13 21:41 UTC
Glass is getting some love at Google I/O as well. New applications have been released - Facebook, Twitter, Evernote, Elle, Tumblr, and CNN. Perhaps more interesting: the newly announced Google Glass Developer Kit will allow offline applications and direct hardware access - great for hacking and expanding Glass' potential. This kit will really allow hackers to put Glass through its paces.
Linked by Thom Holwerda on 05/16/13 17:04 UTC
"But Beck and Merrill decided that simply banning toxic players wasn't an acceptable solution for their game. Riot Games began experimenting with more constructive modes of player management through a formal player behavior initiative that actually conducts controlled experiments on its player base to see what helps reduce bad behavior. The results of that initiative have been shared at a lecture at the Massachusetts Institute of Technology and on panels at the Penny Arcade Expo East and the Game Developers Conference." Absolutely fascinating stuff. I'm a League of Legends player, and to be honest, the community isn't nearly as bad as some make it out to be. I'm happy Riot games has the guts to employ science to address the issue.
Linked by Thom Holwerda on 05/16/13 13:17 UTC
"Android and iOS, the number one and number two ranked smartphone operating systems worldwide, combined for 92.3% of all smartphone shipments during the first quarter of 2013 as Windows Phone crept past BlackBerry for 3rd place. According to the International Data Corporation Worldwide Quarterly Mobile Phone Tracker, Android smartphone vendors and Apple shipped a total of 199.5 million units worldwide during 1Q13, up 59.1% from the 125.4 million units shipped during 1Q12." Windows Phone doubles from a few to twice few, iOS loser market share as its growth is slower than that of the overall market. BlackBerry continues slide into irrelevance.
Linked by Thom Holwerda on 05/16/13 12:06 UTC
"According to the latest research from our Wireless Smartphone Strategies service, global Android smartphone profits reached US$5 billion in total during the first quarter of 2013. Samsung dominated and captured an impressive 95 percent share of all Android smartphone profits." Wow.More News »
Sponsored Links
Member since:
2010-06-09
They aren't more secure than Windows anymore. At one time, sure. Now? No.