Very Funny

Story: Microsoft is sacrificing security for usabilityTotal Replies: 32
Author Content
theboomboomcars

Feb 03, 2009
10:27 AM EDT
This article shows one reason why FLOSS software is more secure than proprietary.

If someone finds a large security hole and tells the main developers about it and the developers say, that is by design and we wont do anything to fix it, with proprietary you are stuck and have to find a work around before someone else utilizes the security hole. With FLOSS you can fix it and submit a patch to the developer, further upstream, or distribute it yourself. But at least you know the hole is plugged.
moopst

Feb 03, 2009
4:27 PM EDT
I'm shocked, shocked to find there is gambling here at Rick's.

Here's your winnnings sir.

Thank you.
tracyanne

Feb 03, 2009
10:37 PM EDT
Wow did I ever touch a nerve with one of our Windows apologists over this. I'll tell more when I have time.
theboomboomcars

Feb 03, 2009
10:40 PM EDT
Ohh please do.
tracyanne

Feb 03, 2009
10:42 PM EDT
I am constantly amazed at the lack of understanding of how Linux, or even Windows, security works, exhibited by such people.
theboomboomcars

Feb 03, 2009
10:52 PM EDT
Yes I have been in a few discussions and once you bring in that it is not just that not many people use Linux on the desktop, since like half the internet is on Linux, that makes it more secure they often just stop listening. So I don't get into such discussions much any more.
tracyanne

Feb 04, 2009
2:19 AM EDT
I mentioned this article. That UAC is now somewhat less secure than before, and that there is working code that exploits this security hole. But Microsoft maintains it is not a security hole, it's a design feature. Now where have we heard that before?

Windows appologist ask what's different about UAC that wan't already there. saying "First people complain about it being there then they complain about it not being there." I agreed with the sentiment he unknowingly expressed - that Windows, with or without UAC, is inherently insecure.

He then launched int a tirade about using browsers to install malware on Linux.????
tracyanne

Feb 04, 2009
2:27 AM EDT
The malware he was talking about, Google toolbars. I don't like Google tool bars, but I'd hardly call that malware.
tracyanne

Feb 04, 2009
5:10 AM EDT
My Windows apologist's argument went basically like this:

You have two choices for installing software, either you have UAC nag prompts or you don't. How else are you going to install software. You have to install software on Linux, any system where you have to install software has got to be insecure.

And:

And what about browsers, what happens when people install soft ware via a browser, like Google tool bar, that's going to let malware into your Linux system isn't it.

tuxchick

Feb 04, 2009
12:56 PM EDT
Poor TA! So much information freely and easily available, yet still so many dunces blabbing nonsense. It's not hard to research this stuff. Why, in the olden days we had to devote heroic energies to learning things-- we had to engage in acts of physical travel to libraries, take classes, and even call experts and ask them questions. Now it's all set-on-bum-n-click.

Though there is a nugget of truth there-- Web browsers are the big potential malware conduits on all platforms these days. Penguinistas mock ActiveX because it permits the local execution of remote code, with no protections-- but then so does JavaScript and all of these newfangled browser extensions that Firefox users think are so wonderful.
hkwint

Feb 04, 2009
1:31 PM EDT
Quoting:And what about browsers, what happens when people install soft ware via a browser


One of the basic features making Linux more secure than Windows are the controlled Linux software repo's, and making it hard to install software outside those repo's. To keep the browser secure, the same must go for the browser; both for Linux and Windows. It should only install plug-ins from trusted repo's. That statement goes both for Windows / Linux - browser plugins. Last time I tried to install something beyond the Mozilla - plugin repo it halted and warned I was using a source which might be insecure. If Google toolbar is dangerous it should be kept out of 'trusted' repo's; I think it's as simple as that. The same way dangerous programs are normally held out of Linux software repo's - or they are 'blocked' by default. That model seems to work. It's sad to see the Mozilla plug-in repo however is not 'reviewed' for security like for example the OpenBSD repo's are; probably that's too much effort.

Those repo's have really big disadvantages too, but for the moment those are 'bearable' given they increase security (apart from Debian OpenSSL, doh!).
jdixon

Feb 04, 2009
1:41 PM EDT
TA, TC, here's a quote you'll both love from the security folks in our company, received in email yesterday:

"Even though we have McAfee installed on all workstations, this, by no means, ensures our client's won't become infected. No one product is capable of keeping up with the internet thugs."

Really. You don't say. Gosh, whatever will I do without any protection on my Slackware system? I guess I'll just have to endure the inevitable hijacking and loss of personal and financial information, won't I?

Names withheld for obvious reasons. :)
tracyanne

Feb 04, 2009
4:58 PM EDT
@TC I couldn't believe what I was hearing, the obvious lack of understanding, the obvious complete ignorance, and misinformed opinion, and coming from a technical person... a programmer. I just shook my head and went back to work, argument was obviously a waste of time.

The other interesting thing that happens when you attempt to discuss the benefits of the nix way of doing things is you get accused of being a religious zealot, which is actually quite funny, as it's actually the other person who is engaging in zealotry and religiously parroting misinformation.
tuxchick

Feb 04, 2009
5:53 PM EDT
Quite true, TA, it always surprises me, even though I should be used to it by now, when people blabble on and on about a subject they know nothing about. Kind of like annoying tourists who refuse to learn any language other than their own, and already know everything about the country they're visiting.
number6x

Feb 04, 2009
7:16 PM EDT
TA

I usually ask the Windows apologists if they are willing to run Windows for a month with no Anti Virus or Anti spyware running on their machine.

Do all of their regular surfing. Do their shopping and banking. Let their kids play online games.

I'll do it with Linux, will they do it with Windows?

The first one to get infected has to treat the other to dinner at a nice restaurant.

The more they truly know, the less likely they are to take you up on this challenge.
Scott_Ruecker

Feb 04, 2009
7:32 PM EDT
@number6x

That is a great challenge! Oh I can't wait to try that one out...

gus3

Feb 04, 2009
7:52 PM EDT
The last virus I got was Chernobyl, ten years ago.

Linux: Ten years without anti-virus. Ten years without infection.
jdixon

Feb 04, 2009
9:12 PM EDT
> Ten years without infection.

15 years in a week or so. :)
tuxchick

Feb 04, 2009
11:18 PM EDT
Quoting: run Windows for a month with no Anti Virus or Anti spyware


A couple hours will bring that poor PC to its knees.
Scott_Ruecker

Feb 04, 2009
11:27 PM EDT
Disable th Anti virus and then open a browser to aol.com and leave it there..it won't take long.
tracyanne

Feb 04, 2009
11:32 PM EDT
Quoting:Ten years without infection.


coming up 8 years for me.
ColonelPanik

Feb 04, 2009
11:41 PM EDT
Seven here, thanks to clean living and Linux.
Scott_Ruecker

Feb 05, 2009
12:08 AM EDT
At the end of 09' it will be 5 solid years of Lovin' Linux..
gus3

Feb 05, 2009
9:05 AM EDT
Young whippersnappers...
theboomboomcars

Feb 05, 2009
9:58 AM EDT
I do believe that I am round about the 4-5 year mark. To know for sure I would have to remember things like dates and stuff.
techiem2

Feb 05, 2009
12:29 PM EDT
I believe I'm about at 9-10 years using Linux as my primary OS at this point.
rijelkentaurus

Feb 05, 2009
12:38 PM EDT
Five-ish. I think.
DiBosco

Feb 05, 2009
12:46 PM EDT
Started in early 2001 with Mandrake. Pretty much swapped to using that as my main OS straight away and now only touch Windows now when I have to at work in the office (which is not usually more than a day a week). Would love to work somewhere that is Windows-free.
bigg

Feb 05, 2009
1:03 PM EDT
I think it's been about three years for me - meaning three years since I ditched Windows completely, no longer had a use for it at work, for play, or for anything. I only use it now if I'm using someone else's computer.

My work computer is almost two years old and I've booted into XP (it came installed) exactly once.
jezuch

Feb 05, 2009
3:56 PM EDT
Six. I think.
azerthoth

Feb 05, 2009
4:07 PM EDT
Since my last virii or since my wholesale conversion to Linux? I can tell you that the virii is more recent, as my wine picked up some bacteria in the form of a keylogger, which subsequently snagged my WoW login info.

Mind you that was my fault, as I was knowingly playing with infected files and failed to set up proper containment.
hkwint

Feb 05, 2009
5:48 PM EDT
The only virus which afflicts my beloved system is sitting right behind the desk here.
tracyanne

Feb 05, 2009
7:22 PM EDT
I told another windows apologist about the security hole in Windows 7. The reaction was "oh well"

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!