Linked by Thom Holwerda on Sun 5th Feb 2006 17:10 UTC
One of the biggest reasons for many people to switch to a UNIX desktop, away from Windows, is security. It is fairly common knowledge that UNIX-like systems are more secure than Windows. Whether this is true or not will not be up for debate in this short editorial; I will simply assume UNIX-like systems are more secure, for the sake of argument. However, how much is that increased security really worth for an average home user, when you break it down? According to me, fairly little. Here's why.
Thread beginning with comment 93105
To view parent comment, click here.
To read all comments associated with this story, please click here.
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: running stuff from your /home
by jaduncan on Mon 6th Feb 2006 12:53
in reply to "running stuff from your /home"
Member since:2005-11-19
Uh...if its a deb or RPM I can expand it and check, and if it is a script, I can look at the lines of the script.
I can also set up a *different* home dir/user for a suspect program to run from, or even do it in a chroot where there is no possibility of it affecting the system.
What else can you want?
RE[2]: running stuff from your /home
by Thom_Holwerda on Mon 6th Feb 2006 12:59
in reply to "RE: running stuff from your /home"
Member since:2005-06-29
Recent Original Stories
Recent Comments
Headlines
Random Comments
Random Stories
Random OS Link
Member since:
2005-07-24
another thing.... do not let ANY program run from your /home
imho you are overrating the value of that restriction, and don't seem to appreciate the merit of installing things in a homedir.
Though not allowing executables in homedirs is a possible layer of defense, it's not a very strong one. If an exploit can write a malicious executable file, it can probably also append something to your .bashrc, for instance.
On the other hand, being able to install stuff in your homedir prevents it from contaminating the rest of your system - who sais this installation procedure will restrict itself to /usr/local as advertised?