GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Originally posted by Megaman X Seriously, I doubt it. Linux has such a consistent file structure and a very well thought permission system locking users to their home that without root access, not much can be done. Also, Linux is not as integrated as Windows. Get a virus using Internet Explorer as a normal user in Windows and your system is compromised... you can't "remove" IE, so it's natural that peoples will try to find exploits on it (which is not that difficult to do, since MS security is a joke).
Also, Linux is a community driven-based Operating System. It means that most of it's community works together to improve the system, not to ruin it. I doubt you would spit on the same plate you eat...
On the top of it, its open-source philosophy let everybody to look at the code and search for malware. As long as you download your programs from trusted sources (say, grab Mozilla from mozilla.org, not from some underground crap) you should be fine.
Virus in Linux might increase if Linux gets more market share. Still, I would believe that Linux robust design for the file structure, permission settings and open-source will make it very difficult to fat kids who never get laid to create viruses for it... (because for me, virus creators are just that... virgin 35+ yo guys using a cracked compiler who never kissed a girl before...)
QUOTE :: "A lot of those crappy sites like yahoo games their crapware will only work in IE. Also most linux users are already running popup stoppers and know not to install some antispyware program from a popup window. Also most linux users know to not open attachments from paypal saying here is your password and such."
i think we are lucky to have linux for us , i mean , we have "os designs" , tools and apps which are built with security in mind from the ground-up(whatever it means) , and we dont need to purposely be so *security-minded-phobia* as what we experienced with MS Windows , i mean we feel safe and normal to make casual assumptions when comes to users of linux , i mean users of linux shouldnt be otherwise ...
Originally posted by aysiu
[B]The user being dumb or smart contributes to about 90% of the security of the OS.
The user is important, however its not 90%
For example. I am far from a newb and I know not to install spyware, know to not run as admin, etc. I was running XP a couple years ago after getting my nice new laptop, runnins as a plain old user, active x and java disabled in IE, google toolbar (popup blocker), ad aware, av, had applied more secure security templates, etc. I mistyped an address in IE and got some sort of spyware installed. Ad aware recognized and removed it until the next reboot it was back. Adaware again, search the reg for the different startup places and remove anything, reboot it still came back. I was just experimenting with Linxu then and was running it as a dual boot. It was then that I deleted the Xp aprtition on my drive. So even though I was far more secure than the average user, poor design of the OS still won out.
Originally posted by alred QUOTE :: "A lot of those crappy sites like yahoo games their crapware will only work in IE. Also most linux users are already running popup stoppers and know not to install some antispyware program from a popup window. Also most linux users know to not open attachments from paypal saying here is your password and such."
i think we are lucky to have linux for us , i mean , we have "os designs" , tools and apps which are built with security in mind from the ground-up(whatever it means) , and we dont need to purposely be so *security-minded-phobia* as what we experienced with MS Windows , i mean we feel safe and normal to make casual assumptions when comes to users of linux , i mean users of linux shouldnt be otherwise ...
Thats one of the reasons I switched. I got tired of having to keep up so much with the antispyware and security holes and wanted to actually be able to use my machine again.
My work PC has Win XP Pro, service pack 2 all the latest patches, firewall anit virus software. I don't know what more we could have done, however - it still got Sasser !
A complete reinstall was neccessary.
Originally posted by enine
So even though I was far more secure than the average user, poor design of the OS still won out.
That's the 10%. The percentages aren't scientific, of course, but my point is really that if you're a dumb user, it doesn't matter how securely the OS is designed.
That also makes it sound like windows problems are 90% user. I'd say maybe over 50% but not 90% are user related. The poor design lends to more than 10%
Originally posted by enine That also makes it sound like windows problems are 90% user. I'd say maybe over 50% but not 90% are user related. The poor design lends to more than 10%
I'll freely admit I was pulling numbers out of my ass. I didn't do any kind of scientific study of this, so I don't even know what these percentages mean. The only thing I know is that a savvy computer user running as user (not administrator) in Windows is often better off than a dumb computer user running as root in Linux.
Edit: I take that back. A clueless Linspire user (I'm not saying most Linspire users are necessarily clueless--I just use Linspire as an example because it defaults to root, and a clueless user is more likely to not create a user account in Linspire than any other distro) is probably better off than a savvy Windows user in today's climate. (And to the Linspire-defensive, I'm not bashing Linspire--I happen to think it's a great distro, but it does, in fact, default to a root user, and I don't consider this screen to be a satisfactory prompt for encouraging someone to set up a user account that's not root).
Makes me wonder....I feel safe with apt and emerge and any distro with a package manager. Where does this leave a distro that does not use a package manager when it comes to virus? Like slack for instance (not to offend,I use it to) when it comes to maybe getting a virus? Might be easy for a noob or someone not knowing to say "it ends with .abc it must be safe to install. But I guess the only useful thing a virus writer might do with that is use the power of a linux machine to attack a windows one. OH well guess that might not be that bad.
Just as a modifier to the above (I'm not a Linspire user) - Linux Format magazine reports that despite the "running as root" thing, Linspire is one of the more secure (from external attack) desktop distros as it has all but one port closed by default.
Admittedly though, it doesn't stop the rm -Rf problem
Originally posted by aysiu The user being dumb or smart contributes to about 90% of the security of the OS. I refer you to this part of the Seinfeld episode "The Robbery":
Code:
ELAINE: [Kramer enters the apartment] Someone left the door
open. [it's clear that she means Kramer; she walks to the
bathroom]
JERRY: [to Kramer] You left the door open?!
KRAMER: Uh, Jer, well ya know, I was cookin' and I, I uh, I
came in to get this spatula...and I left the door open, 'cause
I was gonna bring the spatula right back!
JERRY: Wait, you left the lock open or the door open?
KRAMER: [bobs his head guiltily] The door.
JERRY: The door? You left the door open?
KRAMER: Yeah, well, I was gonna bring the spatula right back.
JERRY: Yeah, and?
KRAMER: Well, I got caught up... watching a soap opera...[with
a broken voice] The Bold and the Beautiful
JERRY: So the door was wide open?
KRAMER: Wide open!
JERRY: [Elaine enters the living-room] And where were you?
ELAINE: I was at Bloomingdale's...waiting for the shower to
heat up.
KRAMER: Look, Jerry, I'm sorry, I'm uh, you have insurance,
right buddy?
JERRY: No.
KRAMER: [looks shocked] How can you not have insurance?
JERRY: Because...I spent my money on the Clapgo D. 29, it's
the most impenetrable lock on the market today...it has only
one design flaw: the door...[shuts the door] must be CLOSED.
No matter how secure you make Linux, Windows, or whatever, if the user is dumb, malware will proliferate.
There are about 60000 to 70000 Windows viruses. A few hundred of them became widespread and dangerous. There are maybe 40 known Linux viruses, none of them became widespread and they were all confined to the laboratory so to say.. There are 5 or 6 Mac viruses, 2 of which became widespread enough to cause concern.
Linux is such a virus hostile environment, putting a virus into Linux is like throwing a penguin out in the desert (sorry for that), it'll halt really quickly. Also getting your Linux box infected will most probably be your fault. With Linux, 95% of all errors are between the chair and the monitor. (Windows is another story).
Windows on the other hand is where viruses thrive. You'll need some rock solid protection to keep it running (which I had, but didn't protect me from the occasional blue screen of death).
Actually there are about 40 known Mac viruses in 2000* so probably more today. It is funny to note though that many of those are virus' that infect Microsoft Office for mac.
There are many factors to the number of virus'
1. user skill, Most Linux users are a bit more computer literate than the normal windows/mac user.
2. market penetration, there are more windows boxen out there so its easier to find the less ecure ones.
3. Administrator skill level, applies to servers more, since windows servers look like windows desktops there are a lot of people who think that since they can mouse around a windows desktop they can admin a web/sql/app server so you get a lot of underskilled admins.
4. Easy of writing/modifying virus code, a lot of script kiddiz can bash together a simple vb script and have it infect other machines thanks to some of the point and click programming tools.
5. Out of the box security (or insecurity), windows has too many services enabled out of the box and too much installed by deafult. Servers should not have e-mail clients or web browsers.
6. too much integraton of unnecessary apps. internet browsers and e-mail and word processors should not have access to low level parts of the OS as they do in windows.
7. securability (is that a word) . I once removed the everyone full controll right from a folder on a DNS server and then DNS failed and I found a MSKB saying you have to leave everyone full on the whole system folder for dns to work properly, bad design there.
So while many like to blame the users and the market size there are many other factors as to why windows is not as secure as it should be.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.