LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices

Reply
 
Search this Thread
Old 05-04-2011, 11:02 AM   #961
unixfool
Member
 
Registered: May 2005
Location: Northern VA
Distribution: Slackware, Ubuntu, FreeBSD, OpenBSD, OS X
Posts: 781
Blog Entries: 8

Rep: Reputation: 157Reputation: 157

Quote:
Originally Posted by TobiSGD View Post
At first, Facebook is not a software/app-pool, it is a social network.
It is a social network that has apps. I'm pretty sure I said that in my previous posts. <checking again now...yeah, I did say it was the apps>

Quote:
That is what I am saying, most people turn their brains off when opening a browser.
In my view, its not JUST a brain problem. Known vectors of malware propagation should be mitigated as much as possible. User education only goes so far. Not everyone that uses a computer is a network and/or security guru.


Quote:
In my eyes the wrong approach. If you do it that way, people will think even less about security, in the believe that others will do it for them. Same thing like people with ABS brake in their cars who drive faster because of a false thinking of security.
It's a good approach when tying that with user education BOTH. If you've a problem with rats getting into your house, teaching people to kill them probably isn't going to help much. The better approach would be to determine how the rats are getting in and negate the method (the vector). Rat-killing education might help, IF the occasional rat still makes it in the house.

But really, when's the last time you saw an internet entity's security improve because of user education alone? Twitter has account hijack issues also, and they attempt to improve user awareness. I've not seen their security posture improve one bit. I can think of a multitude of other examples.

I used to conduct vulnerability scans for a client and provide the results to the client. They'd send the results to the system owners and the owners would be responsible for mitigating the risk of the vulnerability. Imagine if these owners told their bosses that they'd made their users aware of the vulnerability and that's all that they felt was necessary as an action??????

Last edited by unixfool; 05-04-2011 at 11:48 AM.
 
Old 05-04-2011, 11:24 AM   #962
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
This thread has grown pretty far beyond its initial roots of "Linux Security Myths" held by those using Windows. In fact, at times I have even suspected this thread of trolling. Yet it has come around to an important point: malware vectors being an important consideration and that "social" media outlets are a common place for your system to pick up a "social" disease. In this regards, Linux is capable of picking up such disease-ware but given the inherently different designs and security models compared to Windows the consequences are generally lesser in magnitude and scope. Often times a simple log-out is enough to clear the infection in Linux, where-as in Windows the infection more often than not either hijacks the computer (e.g. ransomware such as antivir), or turns it into a zombie virus factory that attempts to spread the disease. In this regard, I believe that, out of the box, Linux has a vastly superior security model than Windows and none of the arguments in this thread have managed to convince me otherwise.

Given that it is irrespective of whether the user is running Windows or Linux, the common vectors for malware are the same. This leads me to wonder, or rather suspect, that the next big area will be mal-ware infected smart phones, especially with apps being all the rage right now and that coding is commonly done in hardware independent means and the "scoring root" seems to be collection of private data, of which phones tend to be full of, and it is to be used for nefarious purposes.
 
Old 05-04-2011, 12:37 PM   #963
hua
Member
 
Registered: Oct 2006
Location: Slovak Republic
Distribution: Slackware 13.37, 14.0
Posts: 392

Rep: Reputation: 49
To return to the original questions.
Quote:
Originally Posted by nec207 View Post
1.Less than 1% use Linux and 10% use Mac Os X it is not that they are so much better but market share .The Malware makers are going windows where the market shares are.
I don't think that the difference of the design and security level is determined by market share!

My opinion is that it is in the way how the software development team is organized and motivated. I experienced the careless works of employees, they just satisfies the requirements of the bosses. These "programers" writes codes which someone else was directed them to write and so they do not have big motivation to write a good one.
(Employee)
"Damn, so much typing... augh I am tired .. I hate this work .. what if I leave out this error checking ... and this .. and this - I will finish them later"
What, of course never happen.

I think that the main system vulnerabilities which are abused by viruses and male-wares are because of those incomplete codes.
But the volunteer who writes his code with the greatest pleasure ... I think he will care about those details.

Last edited by hua; 05-04-2011 at 12:46 PM.
 
Old 05-04-2011, 01:04 PM   #964
nec207
Member
 
Registered: Apr 2011
Posts: 96

Rep: Reputation: 0
Quote:
Its really not a gamble. It comes down to knowing what you are doing and how to defend against it. The large majority of users in the world have no clue what they are doing on a computer. But that is good in the long run because it keeps most of us employed. facebook is NOT spreading malware. It is the users of facebook that are spreading malware. they are linking to external sites (which facebook has ZERO control over) and getting people to click the links because they think it is something else. Clickjacking is a common way of doing such things.
Any web site or blog could have malware .It just most malware is in free movies ,music,games ,software and x rated sites.Look if I'm malware maker and I want people to get malware setting up blog and putting bad scrip in page is easy to do or a site to get free music or movies I know people are going to be running to site ASAP.Same with x rated I know people are going be running over to site ASAP.


And here is last thing a saying ( nothing is free ) in other words it may look free but there is a catch.Ya free movies ,free music ,free games ,free software you get my point


Quote:
And it are neither Google, Myspace, Twitter nor Facebook that are spreading malware, malware is spread by malevolent people that use the habit of some dumb users that click mindlessly on anything they see.


No it not web sites it is ads or links at Google, Myspace, Twitter or Facebook that is spreading malware they are going to stop it ASAP than a rough site than amature web master will not.



If I set up a facebook or myspace page and put malware or a link to a site and it spreading malware they are going to shut it down ASAP. But too late some people got malware by the time they find out.

Myspace is 100% times worse than facebook do to they allow people to put HTML and scrips on the page
.Where facebook is template and you enter text.


Quote:
This is weird; are you just trying to point out that the 'folk myths' referenced in the link given by noway back in post #6 are alive and well even amongst Linux users, or are you saying that you wouldn't read security research because it has been linked..
sorry I don't understand what you are saying.

Quote:
Given the different mechanisms that we use to get these,are you saying that, eg, kde-look and gnome-look have taken the risk of becoming malware suppliers? Given that they know that this would be the end of trust for them, and what that implies, it really sounds quite unlikely.
Putting Quote wallpaper windows Quote , quote screensaver windows quote , quote skins windows Quote in google search box is going to turn up many sites and you don't know what sites have malware and what sites not.


Many sites saying wallpaper ,screensaver and very much so skins come with malware.Read up on smiley face and tucows and the malware gater coming with it.





In reality it coming to a point people can use WOT http://www.mywot.com/en/download it is a site advisor good way know if web site is safe or not.
 
Old 05-04-2011, 01:13 PM   #965
nec207
Member
 
Registered: Apr 2011
Posts: 96

Rep: Reputation: 0
Quote:
Originally Posted by hua View Post
To return to the original questions.

I don't think that the difference of the design and security level is determined by market share!

My opinion is that it is in the way how the software development team is organized and motivated. I experienced the careless works of employees, they just satisfies the requirements of the bosses. These "programers" writes codes which someone else was directed them to write and so they do not have big motivation to write a good one.
(Employee)
"Damn, so much typing... augh I am tired .. I hate this work .. what if I leave out this error checking ... and this .. and this - I will finish them later"
What, of course never happen.

I think that the main system vulnerabilities which are abused by viruses and male-wares are because of those incomplete codes.
But the volunteer who writes his code with the greatest pleasure ... I think he will care about those details.

the people who write these, are now trying to use legitimate advertising companies to advertise their websites or in the case of the london stock exchange, they created a fake advertising company to look like a legit one.

most of these now come from the adverts on the page and not the page itself. As more websites are trying to make more money they are using these adverts as a source of income and as such make it easier for them to infect peoples computers



The problem with most malware today is the internet has evolved than plain text like the use of active-x ,Java ,scrip,macro ,sun java ,Javascrip and flash. All these things can be used for good or bad.

No browser is perfect even with a use of a good sanbox and when one goes into setting and disable active-x and tighten up the security.Mostly no one use the bad active-x now days other than very old web sites and Microsoft.

So again even with good sanbox and tighten up the security the malware can makes way on to the system.

When it is on the system it can do any thing you can do that has read or write privileges !!!

DOS ,windows 1x ,windows 2x, windows 3x and windows 9x like windows 95,98,98SE and Me was base on DOS and ran has full admin mode.

Where windows 2000 ,windows XP ,windows vista and windows 7 base on NT the use if user accounts with different level of user read or write privileges.

The problem for home use is most people have only one account that has full read and write privileges.The implementation of UAC in windows vista and windows 7 is joke of security that most time malware slips by UAC .

The sudo and gksu in Unix ,Linux or Mac OS X do is say yap you are a user confirm you authorization .But some one can still slip some malware in that will elevate with your privileges of runing sudo and gksu .And if you only have one account and it is gets malware you are out of luck.
 
Old 05-04-2011, 01:16 PM   #966
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Hanover, Germany
Distribution: Main: Gentoo Others: What fits the task
Posts: 15,592
Blog Entries: 2

Rep: Reputation: 4046Reputation: 4046Reputation: 4046Reputation: 4046Reputation: 4046Reputation: 4046Reputation: 4046Reputation: 4046Reputation: 4046Reputation: 4046Reputation: 4046
Quote:
Originally Posted by nec207 View Post
In reality it coming to a point people can use WOT http://www.mywot.com/en/download it is a site advisor good way know if web site is safe or not.
1. This tool can only rate sites that it knows. If the site is unknown to the tool you will not know if it is a malicious site or not.
2. The ratings of this tool are based on user input. No one can prevent malevolent people to give their own malicious website a good rating.

So this tool only can pretend to be a good advisor is is spreading a false feeling of security.

In short: Use your brain, not such tools.
 
Old 05-04-2011, 01:34 PM   #967
MTK358
LQ 5k Club
 
Registered: Sep 2009
Posts: 6,443
Blog Entries: 3

Rep: Reputation: 713Reputation: 713Reputation: 713Reputation: 713Reputation: 713Reputation: 713Reputation: 713
Quote:
Originally Posted by nec207 View Post
nothing is free
Have you ever heard of "Linux"?
 
Old 05-04-2011, 01:43 PM   #968
slimm609
Member
 
Registered: May 2007
Location: Chas, SC
Distribution: slackware, gentoo, fedora, LFS, sidewinder G2, solaris, FreeBSD, RHEL, SUSE, Backtrack
Posts: 428

Rep: Reputation: 65
"educating the users" does not work. people are learning because they see it ALL THE TIME. When you are as big as facebook you cant audit every app/game that someone is putting out there. facebook would have to hire thousands of programmers just the review and audit the apps. facebook gives users a warning of "what the developer" said it would have access to and do. Thats about all facebook can do without auditing each app.

until EVERY person that uses a computer becomes a security guru this problem with always exist. The #1 problem with computers is the user. facebook does not care nearly as much about security as they do about keeping people on the site (by any method) to generate income. Facebook is about making money.

a user can reduce the likely-hood of something happening with things like dropmyrights, firefox, no-script, etc. but you wont ever stop it. until there is 100% trust of ALL code on the internet tools like these are going to be required. running on windows or linux as a user is a major reduction. The first goal of getting the security improved is getting microsoft to implement a "sudo" like system for controlling admin privs and having EVERYONE run as user by default. Instead they hinder anyone that does not run as a user. People attack windows because they know how easy it is and their chance of success is much higher then osx or linux. Its not that linux is 100% secure its that attackers go after the easiest target.

you don't have to be the most secure. you just better not be the least secure.
 
Old 05-04-2011, 02:06 PM   #969
Mr. Bill
Member
 
Registered: Mar 2011
Location: Maryland, USA
Distribution: Xubuntu 14.04 - 64
Posts: 182

Rep: Reputation: 14
What puzzles me the most is that each new version of Windows is plagued with all the same vulnerabilities that have already been patched in older versions, along with a whole lot of new ones. To me that should be a DOWNgrade.
 
Old 05-04-2011, 08:06 PM   #970
Mrpnut08
LQ Newbie
 
Registered: Dec 2010
Location: Panama
Distribution: Fedora , Ubuntu
Posts: 21

Rep: Reputation: 0
I still use my windows box mainly to play games, use Microsoft programming languages and for converting office formats.

Last edited by Mrpnut08; 05-04-2011 at 08:07 PM.
 
Old 05-05-2011, 06:49 PM   #971
nec207
Member
 
Registered: Apr 2011
Posts: 96

Rep: Reputation: 0
This post has been removed do to leading to flame war and off-topic.

And being rude.

Last edited by nec207; 05-06-2011 at 03:14 PM.
 
Old 05-05-2011, 10:21 PM   #972
unixfool
Member
 
Registered: May 2005
Location: Northern VA
Distribution: Slackware, Ubuntu, FreeBSD, OpenBSD, OS X
Posts: 781
Blog Entries: 8

Rep: Reputation: 157Reputation: 157
Some posts went off-topic. Others addressesd your questions/concerns. Some posts don't seem to be relevant but actually are. You've four pages of data to work with. That's four more than you had a day ago. IMO, that's pretty good.
 
Old 05-05-2011, 10:28 PM   #973
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Hanover, Germany
Distribution: Main: Gentoo Others: What fits the task
Posts: 15,592
Blog Entries: 2

Rep: Reputation: 4046Reputation: 4046Reputation: 4046Reputation: 4046Reputation: 4046Reputation: 4046Reputation: 4046Reputation: 4046Reputation: 4046Reputation: 4046Reputation: 4046
Quote:
Originally Posted by nec207 View Post
what the hell is going on here ? People brain are turning to mush? What is with wrong information being posted here ? surely any IT guys or security expert should clear these point up in a heart beat.

No I'm going to say who has that would be rude.
If you think that there is wrong information here then point out what you do think is wrong. Claiming that information is wrong without saying which information you are referring to and why you think it is wrong is what I consider to be rude.
 
Old 05-06-2011, 04:40 AM   #974
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
I am going to call troll on nec207 here. In support of this declaration I list the following threads:
  1. http://www.linuxquestions.org/questi...indows-878169/
  2. http://www.linuxquestions.org/questi...the-os-876855/
  3. http://www.linuxquestions.org/questi...-lunix-876854/
  4. http://www.linuxquestions.org/questi...od-gui-876851/

Since registering two weeks ago, nec2007 has posted more than 60 times and started the four threads listed above. In each of these threads nec2007 repeatedly posts 'flame bait' attempts to incite arguments around Windows versus Linux. In fact, I have never seen as many references to Windows in this forum as I have in these threads. These comments are clearly not aimed towards gaining understanding but rather to goad the members of this forum to defend the Linux philosophy. They have started threads and engaged in this process in the security, newbie, programming, and hardware forums. They have made several one line statements that are inflammatory and in response gotten long, heated discussions. They have been quoting unsupported information, often times uses bold text to shout nonsense. When these statements don't produce the desired results, they turn to calling others rude and ignorant.

This is enough of this nonsense and I would ask for the forum moderators, win32Sux or unSpawn, to please review these threads and nec2007's posts in particular.
 
Old 05-06-2011, 08:31 AM   #975
OlRoy
Member
 
Registered: Dec 2002
Posts: 304

Rep: Reputation: 86
Here's a pretty good article about Mac vs Windows malware, and why Mac isn't as secure as many Mac users think.
 
  


Reply

Tags
64bit, cloud, linux, microsoft, windows


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Tutorial: Four Easy Fun Useful Things You Can Do With Linux LXer Syndicated Linux News 0 09-30-2008 11:41 PM
LXer: KDE 4: The Shiny New Linux (and Windows) Desktop LXer Syndicated Linux News 0 09-17-2007 06:10 PM
media server or other fun things. doralsoral Linux - Software 1 11-05-2005 07:55 AM
most fun & excited things about Linux woranl Linux - General 2 07-27-2004 08:28 PM


All times are GMT -5. The time now is 11:23 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration