Think as you wish. It's your freedom. Are you saying 'normal user in all circumstances' in the absolute sense? If so, a Linux box would be pretty much useless, as you wouldn't be able to configure it, or install software you need, etc. without admin privilege. If you are speaking non-absolutely, then I stand by what I said previously, that the admin/user concept should be adhered to as much as possible.

In the end, whether or not a person uses admin or regular user depends on that person's preferences. It's their machines, so let them run it how they want to run it.

Truthfully, one of the best ways to learn a computer system is to mess it up and then figure out how to fix it

IMHO, regular users are only useful for multiuser systems. Since I'm the only user on my system, why should I bother with making myself log into root or use sudo whenever I want to do something that requires admin rights? Either way I'm going to do what I want so I personally rather just use root to begin with and save myself the annoyances of typing in my password over and over again.

Again, this is all about personal preference and nothing more.

A few days ago a Flash Player vulnerability was discovered that allowed arbitrary code execution if the user accessed intentionally malformed Flash. Let's say you didn't know that the vulnerability existed, and you got exploited by visiting a website. Would you rather the exploit have access to just your "normal user" files, or would you rather it have access to your entire system (since you're running as root!)?

Just curious...because that certainly would be an example of "one of the best ways to learn a computer system is to mess it up and then figure out how to fix it"...

On that note, a quote is required: "Security is only as good as the discipline that drives it" (source? anyone?)

I know someone that was so obsessed with creating a 100% secure system that he ended up locking himself out of his own system.

My point is that there will never be a truly 100% secure system because there will always be people exploiting bugs, glitches, and security holes in software. And if you think an admin password is adequate to keep your system files safe then you are sadly mistaken my friend.

With that aside, I am not saying it is wrong to use the traditional admin/user scheme. I'm just saying for some people it is more convenient to keep in root depending on the things they do with their machines.

From my own experience, the best way to keep a system safe is to periodically make backups of it and store it somewhere that is always offline, such as external storage devices or, my personal preference, DVDs.

Agreed...but I wouldn't drop the idea completely just because perfection isn't achievable...in that case, rather, I'd strive for excellence.

First, no single security mechanism will achieve security. It's quite juvenile to assume ONE item will provide adequate security. Rather, security should be run in layers...if one misses, then another should pick up the slack. (like iptables, PAX, and an access control system, for instance)

Second, an admin password is but a portion of the security chain. Why then, I ask, would you simply give that link away? Running as root means any exploit you run into will have one less problem to deal with. Does that make sense?

Edit - just for reference, I've come *very* close to locking myself out of my own system while experimenting with different security models...but how is that any different than "one of the best ways to learn a computer system is to mess it up and then figure out how to fix it"?

Simple. It's not any different. That's what I am trying to say.

Everyone has different experiences and different setups. What you're saying works for you, and that's great. What I'm saying works for me, and that's great too. But just because it works for one of us doesn't mean it'll work for all of us. That goes to the point of Linux being a customizable operating system.

I'm not saying I am against security measures, I'm just saying that when I run my system in regular user mode, then I have to type my admin password pretty much every 30 sec simply because of what I do with my systems. And should one of my systems get hacked and/or killed, I am already prepared to fix it. But nothing has ever killed my system that wasn't related to some strange project I randomly decided to pick up.

Neither one of us is wrong here, it's just personal preference based on our own experiences.

I agree. I tend to not back up as often as I *should* (which bit me hard when I had Vista crap out on me a while back) so I tend to lean more towards prevention. You, on the other hand, appear to lean more towards recovery. As you've stated, it's just a different approach.

I guess having come from a prevention approach, running as root seems like a seriously bad idea. But again, it's your Linux install and you are more than free to do with it what you wish. I can't fault you there...it just seems like more work over a longer period of time doing things the recovery way. I'll spend an entire weekend getting a system set up *just right* the way I want it, and I hope to not have to mess with it again, you know?

And while I don't mind "su", I seriously detest sudo. It's not sudo itself, mind you, it's having to type sudo in front of every command (Seriously, if I'm working on my system, I'd rather just su and leave that term open for the duration of whatever work I'm doing so I can run the commands that I need to, rather than having to prepend sudo to everything). I agree with you there...it's annoying.

Ick.

I was helping install Vista in a computer lab and it was the most annoying operating system I ever put my hands on. We always used Norton Ghost as a simple and quick way of imaging the machines, but Vista doesn't like that. All the machines had identical hardware, yet Vista detected a hardware change and wouldn't boot up. For a volume license of Vista, we needed 25 machines connected to the network (there was only room for about 19 or 20), and to image it we needed a WindowsPE boot disk, which we didn't have, and I don't even remember the rest of the process but needless to say, Vista was not installed on those machines. We were considering manually installing Vista on each machine, but I don't think it would've been worth the trouble, even if we were required to run it. <grumble> stupid Microsoft </grumble>

Absolutely. It is your right to choose how to use your computer.

Again, I agree. I'm sure that's how all of us have learned.

My stance on admin/user comes from my background in IT, as well as personal experience as a user. I've watched numerous MS based systems eat the dust due to malware, usually due to the security infrastructure of the OS. When brand new to Linux, I ran as root. I ended up getting hit by a popup malware and had to reinstall the OS. From that point I only root when I need to perform a root task. Otherwise I'm on my normal account.

To ALRED:
Reading back, I think my posts sound like I'm attacking you. It's not personal. It just appears we have differing opinions on this specific subject. I value your, and everyone else's, opinion on the matter, and do realize that my modus operandi is not necessarily everyone elses.

Regarding above said matters, we could claim the 80s as computer 'globalisation' (c64 Spectrum Amiga .../ games), the 90 as the era of communication (PC+internet+http).
I personaly regard this decade ('00s') as the era of security.
And regarding security, me personally, have it this way:
1. to overemphasize prevention is wrong.
2. to overemphasize recovery is wrong either.
3. security is about balance and ratio of effort/gain.
4. above said under 3. is to be measured per case basis.
or in other words:
"Nothing is allways
everything is sometimes
everything is maybe."

>> "To ALRED:
Reading back, I think my posts sound like I'm attacking you. It's not personal. It just appears we have differing opinions on this specific subject. I value your, and everyone else's, opinion on the matter, and do realize that my modus operandi is not necessarily everyone elses."

this ought to be seen as just a "game" ... ^_^

ok , what i also trying to say(i'm not proposing anything) is let starter and newbies enjoy their linux desktops systems as much as possible(to the fullest if thats possible) ... when comes to systems like *nix/linux , its hard to not knowing(or come across) the security "characteristic" of them -- something that windows doesnt made aware of obviously and easily ...

and some people in this thread are talking about the style in files storage ... maybe that would make linux even earsier , faster and therefore more common-sensical than windows ...

btw ... windows systems so far havent bring down the world , they are even the one who make the world goes round(i'm not talking about those big "severs' stuffs like what i heard and read , they are not really important) ...


.

I ... uhhh ... have no ... idea what you just said but ok ... I guess

maybe we can try guessing started from his "to be measured per case basis" ... but behind that , there will always be an always ...

sometimes(though i hope not) this works ...


.

I agree to an extent. Overemphasizing one realm of security to the detriment of others is wrong, obviously...security should be run in layers that complement each other, not shut each other out. Can you honestly say that any portion of security *could* be overemphasized?

The topic asks the question "Why Linux over Windows?" My thought on it is tightly coupled with my thoughts on security. Why should I prefer one over another? Because my computer is MINE. I put the time in to learn how to build it by hand. I put in the time to research which components are compatible. I worked my tail off for the money I put together to purchase the components.

It's mine...and it's going to stay that way...so why would I put an operating system on there from an operating system vendor that has a history of "phoning home" and constant "activation/validation"? Why would I put lesser effort into my security setup?

Truth be told, I don't feel that security can be overemphasized, and I don't feel that an operating system vendor has a say in how I use my computer as long as I'm abiding by the EULA/license.