Give it up, you'll only regret these rash claims later
|
| Author | Content |
|---|---|
| phsolide May 03, 2005 4:23 PM EDT |
Gee, dad, look! A PR flack *cough*Wagg Ed*cough* got a national publication to print some vaguely anti-Mac and anti-Linux security information. Blah blah, yada yada. At this late date, I believe we can all agree that all complex systems have remotely-exploitable flaws. But we can all agree that a CLOUD OF THE MOST FOUL MALWARE ONLY SURROUNDS WINDOWS. Why do I get emails from "SOBER" worms, and Netsky and MyDoom worms send spam in my name that bounces back to me from bad addresses, and I still get probes from Code Red (!!!!) and TCP port 139 gets probed every hour of every day? Because despite "Trusted Computing", despite all its efforts, Windows still has structural security problems. The willingness to execute any file with a never documented list of "extensions", the complexity of COM, ActiveX and a strange desire to lock files until rebooted all causes Windows to have real problems. MSFT has structural problems, too. They have programmers that believe they're smarter than the rest of. Pride goeth before a fall, as Ben Franklin once said. I'll believe this sort of article when a "Pine" worm hits me, a Linux virus makes the Wild List once, and people start migrating from "Safari" because adware and spyware picks on it constantly. |
| helios May 03, 2005 5:37 PM EDT |
I usually just ignore stuff like this but geez...at BEST this is lazy journalism, and at its core it is FUD. I just spent over an hour analyzing the linked page with the "exploits" and what I saw was entry after entry listing WindowsWare as vulnerable. RealPlayer? I mean, I know a few people use it and actually like it, but as my brother was fond of saying...its 2005, we have rovers on Mars, Cancer is one discovery away from being destroyed, Almost anyone can talk to anyone else in the world with a keyboard, and realplayer still sucks. http://mobilemasteraustin.com/mark.htm Will Linux ever suffer from malware? Sure, if we are successful in the proliferation of Linux, we are bound for attack, but on the scale of Windows? Aint gonna happen...how many of us run as root? I rest my case. helios |
| r_a_trip May 04, 2005 2:28 AM EDT |
Will Linux ever suffer from malware? Sure, if we are successful in the proliferation of Linux, we are bound for attack, but on the scale of Windows? Aint gonna happen...how many of us run as root? I rest my case. True, for now. But it is imperative that GNU/Linux grows slow, so that new comers can be "soaked" with the idea that running as root by default is evil and that it is a blessing that files have to be manually set to execute. If all the virus suffering Windows users of today would switch tomorrow and find out how to log in as root... You get the picture. On the other hand, I converted nicely to the *Nix philosophy by myself four years ago coming from a Windows world. So it is not impossible. The question is, will the rest see the benefits of security as I did? |
| SFN May 04, 2005 11:45 AM EDT |
"how many of us run as root?" Well, how many of us will be running Linspire in the future? |
| sbergman27 May 04, 2005 4:53 PM EDT |
Not to defend the story, which is bad, but I really don't understand this attitude of viewing "not running as root" as a panacea. On a server, with many users, then yes, there is a considerable difference between running as root and running as a normal user. On a single user desktop machine, the difference is largely academic. On a single user desktop machine the most important user is not root. It is the user's account. That is where the critical data is. The OS is a 30 minute install. The user's data is potentially days worth of reconstruction, or more. It is also potentially sensitive data. Usually, when I raise this objection people line up to give me examples demonstrating how running as a normal user rather than root is beneficial. I agree completely. It is a good idea. It restricts access to various system resources. Raw TCP, privileged ports, system files, etc. If your user account alone is compromised you don't have to do the 30 minute OS reinstallation. And if you become a victim of an exploit, at least your wife and kids' accounts would be spared if they are running under different accounts. (And also assuming you *have* a wife and kids, of course.) Don't get me wrong. Linux has a lot of resistance to the kinds of things that trip up Windows systems. But "root" vs "nonroot" is the least of it. At least for desktops. And Phishing exploits are a whole different ball game. Right now, people who run Unix-like OS's happen to be smarter about that sort of thing, on average. Once Aunt Tillie get's her new Ubuntu computer from CompUSA in a few years... BTW, I would be particularly interested in Dean's and/or Paul's take on this. |
| helios May 04, 2005 6:05 PM EDT |
yes, I as well...Paul? |
| phsolide May 04, 2005 6:28 PM EDT |
As long as Firefox doesn't execute any dang piece of junk code that j.random.com sends it, the spyware situation just won't happen. Also, a fractured distro base will prevent a lot. I'm writing this using some Slackware-compiled version of Firefox. What did you write your post in? Mozilla 1.7? From Debian or an RPM? Worms like slapper/cinik/whatever (which didn't run as root) had to have a dozen magic numbers in them to account for all the distro's Apaches. Any malware for linux faces the same difficulty. Email viruses like Sober, Netsky, Bagel, etc face an even steeper battle. Linux users have an enormous range of email clients, and take advantage of them. Why, even the venerable "Pine" has a large user base. Email viruses don't, stand a chance because of software diversity and version diversity. Hopefully, the object lessons of Outlook and Outlook Express haven't been lost either - I don't see many linux mailers jumping at the chance to execute code sent along (ActiveX or any other). And this doesn't begin to address things like the structural defects of Windows file locking, COM, the Registry, and making a file executable BY ITS NAME. What bright spark thought of that? |
| SFN May 05, 2005 5:17 AM EDT |
I don't know anybody who views non-root privileges as a panacea. It's one of the umpteen steps one needs to take to secure one's system. But being one of the umpteen steps does not make it a non-necessity. |
| hkwint May 05, 2005 6:08 AM EDT |
"The OS is a 30 minute install. "
Except for the persons who chose Gentoo, like me (2 days).
But I'm the only one to blame for that. Anyway, more serious: making a backup of your personal files / docs doesn't take more than 30 minutes, does it? Backing up my /usr + /var directory (even without /usr/src) takes up much more time than backing up the valuable parts of my /home directory, so to me it's beneficial to not being root. Moreover, root can read all files, a non-root user can't (heck, I even can't see which sudo privileges I gave myself when trying to read /etc/sudoers as non-root). And installing and configuring programs also can take a lot of time. Another thing is, if people are root, they could change executables to send them your passwords by e-mail. But you sure have a point for people: -Who have valuable docs that take up more space than their system files -Who don't make a backup regularly -When the data is sensitive / secret Personally, I think it's a good idea, if you're non-root, to place sensitive data in a file owned by root:root with no read privileges for anyone but root, or better, encrypt it with your passwd. However, this is too laborious for most people, and if you lose the passwd you have a problem. So I'm not decided yet. Using a root account is a big hassle for me, I really have to type my rootpasswd (8 random chars) a lot, and need to change it from time to time as well. And I don't make a backup of /home enough. On the other hand, I think (using root) it has its merits, that's why I still use it, in contrary to for example the Ubuntu system (disabled root account). Hey, by the way, where's Paul's opinion? |
| Koriel May 05, 2005 6:44 AM EDT |
I know i will probably get flamed for this but i use a single encrypted file to store all my sensitive data, using a proprietary program called Bestcrypt for Linux.
Although its a proprietary license they do make their source code available so folks can ensure their are no trapdoors, your just not alllowed to modify it. My backups basically consist of a targz of /etc /home and well thats it, simple always suits me. /home is always a separate partition so i can blow away a distro and try something else with great ease. |
| SFN May 05, 2005 7:42 AM EDT |
Sounds like a good system to me. I would be interested in seeing any flames in this case. What could they be? Just because you use proprietary openish-source software? |
| Koriel May 05, 2005 7:58 AM EDT |
Oh its a good system for me anyways, and have posted elsewhere not lxer mind you, about it and some folks had a go at me for using it citing things like proprietary lock in and such but i dont see any lock in i have the source code in my posession and can compile it any time and use it on any linux box cant honestly see the problem just some folks throw a wobbly if you mention "proprietary" :) |
| PaulFerris May 05, 2005 9:21 AM EDT |
sorry, guys. My opinions are all over this site in editorial :) But yeah, this is more of the same PR BS -- the truth is solidly in reality. Specifically, where are all these virus problems that are on the increase? I don't see no steenking viruses, exploits and trojans. Matter of fact, honey pot results show Linux getting harder to break into, not easier. Finally, I never run as root, and it's simply not necessary with the latest distributions. Reasons not to run as root: code that you're executing in a browser has root access to system files (main reason). Secondly, it's easy for a beginner to blow things away that shouldn't be. Sorry for the late response -- I'm knee-deep in enterprise implementation land -- there will be articles about this sometime soon, I hope -- in the mean time work has me nose to the grind-stone. Please forgive, --FeriCyde |
| helios May 05, 2005 9:47 AM EDT |
I don't see anything wrong with that, in fact with all the news and activity lately over Linux drivers for printers, I almost hesitate to mention this. I have an old blunderbuss of a printer that I absolutely love. It's an hp 812c and it works very well for my personal needs. The drivers are fine with it, as most hp Linux drivers are, however I am doing things a bit differently. My printer nozzles need cleaned periodically as do they need aligned. Unfortunately, the drivers I use do not offer these options as they do in Windows. I found a proprietary, closed source driver called turboprint that takes care of these needs. http://www.turboprint.de/download2.html It fills many voids with HP, Canon and Epson. It has a free version and a "pro" version, but the free version is all I really need. The pro version only offers support for more fonts and the such. A simple command at the cli opens a gui that lets me do alot more things than the stock linux drivers let me do. A need is a need, and until our community developers fill these specific needs, then it's either use the proprietary stuff or go without. I don't see the big deal, as I am not a "Linux Purist". Something I have been chastised for often in the past. |
| dinotrac May 06, 2005 10:23 AM EDT |
Unlike Paul, I do run as root when it's handy, but usually do not. I generally feel safer running in my own userid, and there is precious little I can't do that way. Most often I su to root for a make install, and that's about it. However, if I were to be honest, I don't see a ton of exposure difference in running as root or in my own userid. It's easy to re-build the system from the DVD. Losing my user stuff is the part that would hurt. What tips it for me is that I don't want to make it easier for people to nuke me. For example, malware could target me as a user or it could target me by taking advantage of its root status. As "root" is more predictable and powerful, it is easier to do mischief root than try to figure out my user setup. Therefore, I NEVER surf the internet as root, NEVER read e-mail from the world as root, etc. |
| PaulFerris May 06, 2005 10:29 AM EDT |
dino: I always made the assumption that you just plain NEVER read, so this partial admission simply confirms my suspicions :) |
| dinotrac May 06, 2005 2:15 PM EDT |
Paulie -- I'd tell you what I really think of you, but I don't write either!! ;0) |
Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]
Becoming a member of LXer is easy and free. Join Us!