Discussion on:
View:
Show:
For office to office file transfers we used to just rename the file XEX and it would make it through, the recipient had to save it as an exe to run it of course but it worked around the issue, I also had GroupWise set to block exe's at that time but had to find a workaround for management.
Two styles, one that infected you when you browsed its contents, and another when a server or automated process tried to check its contents.
You are quite correct though, what you said is bollocks.....
As to why you said it, must confess I'm struggling.
By the way Kernel is not root......
As to why you said it, must confess I'm struggling.
By the way Kernel is not root......
Go back through the previous posts and read this one :
http://techrepublic.com.com/5208-12846-0.html?forumID=102&threadID=337348&messageID=3374971&tag=content;leftCol
and
http://techrepublic.com.com/5208-12846-0.html?forumID=102&threadID=337348&messageID=3374965&tag=content;leftCol
Unix was designed forty odd years ago by some of the best around at the time to be an OS that was secure in a multi-user multi-connected environment. There has never been a need to change the basic architecture to still perform this task. As the Microsoft product has evolved from a product that was not originally designed from the ground up to be multi-user or connected to anything it is not surprising that the Unix like OS's out perform Windows in this environment. There is no argument.
In a multi-user, multi-connected world Unix like systems will always be more secure. To be as secure or more secure in this environment, Microsoft would need to chuck out what they have, get a clean sheet of paper, write in bold, underline, highlight, or whatever so the don't get lost along the way "Multi-connected Multi-user Secure OS" just like the creators of Unix probably did forty odd years ago. If you can't understand this computers is not your best career choice.
http://techrepublic.com.com/5208-12846-0.html?forumID=102&threadID=337348&messageID=3374971&tag=content;leftCol
and
http://techrepublic.com.com/5208-12846-0.html?forumID=102&threadID=337348&messageID=3374965&tag=content;leftCol
Unix was designed forty odd years ago by some of the best around at the time to be an OS that was secure in a multi-user multi-connected environment. There has never been a need to change the basic architecture to still perform this task. As the Microsoft product has evolved from a product that was not originally designed from the ground up to be multi-user or connected to anything it is not surprising that the Unix like OS's out perform Windows in this environment. There is no argument.
In a multi-user, multi-connected world Unix like systems will always be more secure. To be as secure or more secure in this environment, Microsoft would need to chuck out what they have, get a clean sheet of paper, write in bold, underline, highlight, or whatever so the don't get lost along the way "Multi-connected Multi-user Secure OS" just like the creators of Unix probably did forty odd years ago. If you can't understand this computers is not your best career choice.
Where to begin...
Well, first off, how about the claim that Unix was designed to be secure at all? That's absolutely nonsensical. Unix was "designed" to be a halfway usable replacement for Multics because Multics was a bear to actually use. Security was expressly _not_ important to early Unix users (and boy did it remain so--people, including AT&T, who used it in production suffered for it). It remained a joke both in practice and in design up through the Unix Wars--just look at Stallman's "no passwords, no wheel groups" nonsense.
Securitization of Unix systems really only became notable when FreeBSD (and later OpenBSD) came to the fore, and when Linux became established. And guess what? That "secure by design" nonsense you're peddling? If it was true, why does every Linux distro by sane developers ship with AppArmor? Why can I not throw a rock without hitting a SELinux warning? Answer: because the moronic "root or peon, no gradations" system of Unix _sucked_ and needed to be fixed. And it was fixed. With AppArmor and SELinux, a Linux system has a permissions and ACL system that is approximately equivalent in expressivity, albeit not user-friendliness, to the one available in NT since 3.51.
As for NT? You know, the dominant operating system on PCs the world over? The "Microsoft product" has not "evolved" from a single-user system. This is insane and false. The "Microsoft product" is NT, which was designed--yes, from the ground up!--to be a multi-user environment. Hell, NT is even POSIX-compliant (albeit with an external package today, because nobody bothered to use it).
I get that you don't like Windows, but you should leave your dickwaving fanboy nonsense at home. You, not the GP poster, are the one who doesn't understand what you're talking about. He has a clue. You do not.
(And, by the way? To forestall the "herpa herpa herp ur a M$ fanboy" nonsense? I've been an open-source contributor for half a decade and have been running Unix machines since 1995. I had a Unix machine before I had a Windows one. The thing is, though--I'm not so insecure in myself that I've got to attach to a _computer operating system_ as my personal and social identity. Maybe you should get that looked at.)
Well, first off, how about the claim that Unix was designed to be secure at all? That's absolutely nonsensical. Unix was "designed" to be a halfway usable replacement for Multics because Multics was a bear to actually use. Security was expressly _not_ important to early Unix users (and boy did it remain so--people, including AT&T, who used it in production suffered for it). It remained a joke both in practice and in design up through the Unix Wars--just look at Stallman's "no passwords, no wheel groups" nonsense.
Securitization of Unix systems really only became notable when FreeBSD (and later OpenBSD) came to the fore, and when Linux became established. And guess what? That "secure by design" nonsense you're peddling? If it was true, why does every Linux distro by sane developers ship with AppArmor? Why can I not throw a rock without hitting a SELinux warning? Answer: because the moronic "root or peon, no gradations" system of Unix _sucked_ and needed to be fixed. And it was fixed. With AppArmor and SELinux, a Linux system has a permissions and ACL system that is approximately equivalent in expressivity, albeit not user-friendliness, to the one available in NT since 3.51.
As for NT? You know, the dominant operating system on PCs the world over? The "Microsoft product" has not "evolved" from a single-user system. This is insane and false. The "Microsoft product" is NT, which was designed--yes, from the ground up!--to be a multi-user environment. Hell, NT is even POSIX-compliant (albeit with an external package today, because nobody bothered to use it).
I get that you don't like Windows, but you should leave your dickwaving fanboy nonsense at home. You, not the GP poster, are the one who doesn't understand what you're talking about. He has a clue. You do not.
(And, by the way? To forestall the "herpa herpa herp ur a M$ fanboy" nonsense? I've been an open-source contributor for half a decade and have been running Unix machines since 1995. I had a Unix machine before I had a Windows one. The thing is, though--I'm not so insecure in myself that I've got to attach to a _computer operating system_ as my personal and social identity. Maybe you should get that looked at.)
> just look at Stallman's "no passwords, no wheel groups" nonsense.
Don't blame Unix for the fact that Stallman wanted to drag Unix security backwards . Stallman is Stallman. He is not Unix. In fact, he explicitly denies any Unix-ness the moronic "root or peon, no gradations" system of Unix _sucked_ and needed to be fixed
On the other hand, a lot of what's provided by add-on tools can be done in a less centralized fashion using basic Unix privilege separation tools, such as user groups, the suid bit, and so on. The basic system is in fact capable of gradations, though perhaps not to the level of fine-grained control you would prefer. There's also the fact that the simple privilege separation system you deride so readily is, at least, actually effective within the confines of its capabilities, whereas Microsoft's attempts to retrofit for privilege separation have always been exceedingly porous and pointless. In a comparison between Unix and MS Windows architectures, the former most certainly is "designed for security", at least relatively speaking.
The fact that more advanced security architectures now exist in theory, and have been grafted onto Unix systems as add-on systems, does not mean there was not some security design in what came before those more advanced architectures. It just means that, perhaps, those previous designs have been superseded for some use cases. In fact, in some respects it could be argued that the very fact that it is so easy to graft such systems onto Unix platforms without resulting in an easily compromised kludge is, itself, a case of good security design, even if security per se was not the foremost reason for making the platform so extensible in the early days of its design. The fact of its easy extensibility also makes it likely that when the current crop of new security architectures becomes obsolete, they can be swapped out for whatever has arisen to replace them.
In the meantime, systems like MS Windows will be rewritten from the ground up to accommodate new architectures for security purposes, will have those new architectures layered on top as kludges that are highly porous and easily circumvented, or will simply not support such new architectures at all. With that in mind, I'd rather have Unix as the foundation on which my secure system is built.
Meanwhile, a microkernel system like MINIX 3 may eventually rise to a position of prominence and greatly enhance basic platform security. Even if it does so, it'd still essentially be Unix, because of the generally modular design of Unix as a Platonic ideal. The same cannot really be done with something like MS Windows, which would essentially require swapping in a completely new concept of an OS, ensuring that all that survives the transition is a brand With AppArmor and SELinux, a Linux system has a permissions and ACL system that is approximately equivalent in expressivity, albeit not user-friendliness, to the one available in NT since 3.51. The "Microsoft product" is NT, which was designed--yes, from the ground up!--to be a multi-user environment. Hell, NT is even POSIX-compliant (albeit with an external package today, because nobody bothered to use it). The thing is, though--I'm not so insecure in myself that I've got to attach to a _computer operating system_ as my personal and social identity. Maybe you should get that looked at.
You are obviously not a (competent) psychologist, because if you were you would know better than to try to diagnose people over the Internet.
Don't blame Unix for the fact that Stallman wanted to drag Unix security backwards . Stallman is Stallman. He is not Unix. In fact, he explicitly denies any Unix-ness the moronic "root or peon, no gradations" system of Unix _sucked_ and needed to be fixed
On the other hand, a lot of what's provided by add-on tools can be done in a less centralized fashion using basic Unix privilege separation tools, such as user groups, the suid bit, and so on. The basic system is in fact capable of gradations, though perhaps not to the level of fine-grained control you would prefer. There's also the fact that the simple privilege separation system you deride so readily is, at least, actually effective within the confines of its capabilities, whereas Microsoft's attempts to retrofit for privilege separation have always been exceedingly porous and pointless. In a comparison between Unix and MS Windows architectures, the former most certainly is "designed for security", at least relatively speaking.
The fact that more advanced security architectures now exist in theory, and have been grafted onto Unix systems as add-on systems, does not mean there was not some security design in what came before those more advanced architectures. It just means that, perhaps, those previous designs have been superseded for some use cases. In fact, in some respects it could be argued that the very fact that it is so easy to graft such systems onto Unix platforms without resulting in an easily compromised kludge is, itself, a case of good security design, even if security per se was not the foremost reason for making the platform so extensible in the early days of its design. The fact of its easy extensibility also makes it likely that when the current crop of new security architectures becomes obsolete, they can be swapped out for whatever has arisen to replace them.
In the meantime, systems like MS Windows will be rewritten from the ground up to accommodate new architectures for security purposes, will have those new architectures layered on top as kludges that are highly porous and easily circumvented, or will simply not support such new architectures at all. With that in mind, I'd rather have Unix as the foundation on which my secure system is built.
Meanwhile, a microkernel system like MINIX 3 may eventually rise to a position of prominence and greatly enhance basic platform security. Even if it does so, it'd still essentially be Unix, because of the generally modular design of Unix as a Platonic ideal. The same cannot really be done with something like MS Windows, which would essentially require swapping in a completely new concept of an OS, ensuring that all that survives the transition is a brand With AppArmor and SELinux, a Linux system has a permissions and ACL system that is approximately equivalent in expressivity, albeit not user-friendliness, to the one available in NT since 3.51. The "Microsoft product" is NT, which was designed--yes, from the ground up!--to be a multi-user environment. Hell, NT is even POSIX-compliant (albeit with an external package today, because nobody bothered to use it). The thing is, though--I'm not so insecure in myself that I've got to attach to a _computer operating system_ as my personal and social identity. Maybe you should get that looked at.
You are obviously not a (competent) psychologist, because if you were you would know better than to try to diagnose people over the Internet.
> this article shows both an obvious pro *nix bias *nix "root" = Windows "admin" If every user of a *nix system ran as root, the way most users on Windows run as admin, you'd have exactly the same vulnerabilities... in fact, you'd have it WORSE. So, you're saying if I try to open a file that has a file type of .docx from Word... and that file is really an executable... that Word will EXECUTE it? No, dude, it won't. Or are you saying that if I have a file that's got a .docx file type of .docx and I double-click it, and it happens to be an executable and not a word doc, the Windows will EXECUTE it? No, dude, wrong again. Seriously... where do you get this stuff?
How about decades of experience, studying the architecture of MS Windows systems over the years, and the ability to think for oneself?
Your supposed counterarguments consist of nothing but bald-faced, unsupported assertions that anyone who disagrees with you is biased, and insinuations that anyone who disagrees with you must be misinformed, crazy, malicious, or just stupid. Come back when you can present a well-reasoned argument with some kind of supporting logic or evidence.
It would help if you understood the arguments with which you choose to disagree, too.
How about decades of experience, studying the architecture of MS Windows systems over the years, and the ability to think for oneself?
Your supposed counterarguments consist of nothing but bald-faced, unsupported assertions that anyone who disagrees with you is biased, and insinuations that anyone who disagrees with you must be misinformed, crazy, malicious, or just stupid. Come back when you can present a well-reasoned argument with some kind of supporting logic or evidence.
It would help if you understood the arguments with which you choose to disagree, too.
Hey folks. Interesting article, lots of interesting comments, many with much truth to them.
Nonetheless, i think they mostly miss an important point.
Before I start, please note that I realize that the history doesn't change the current facts, but stick with me; I'm leading upto a point about the current situation.
Historically Windows and *nix were developed in and for completely different contexts and for extremely different uses. Windows was and is a commercial product developed to be directly marketed to offices and end users. It was and, excepting the server products, which are an aberation, continues to be essentially a single user OS designed to be easy for the non expert end user, to be used primarily for non technical tasks, or tasks which are technical in some way that has nothing to do with computing or networking. I will not comment on the blunders where it has failed to meet some of these goals. Overall it has been extremely successful at these things.
Unix was, from early on, a multi user networked OS with a clear separation between users and the system administrators. Anyone using it as a network server is strongly advised to respect that separation now more than ever.
Yes, this history has led to a messy situation in Windows. And yes, this has been unfortunate as personal security has become more important.
But seriously, if Windows treated me like a non root Unix user on my own home pc, it would be infuriating and inconvenient. And if a Linux server DIDN'T treat me that way, it would be an invitation to disaster that would affect a lot more than my personal stuff.
As a programmer I have worked and do work in both environments. Nothing that is critical to clients and users lives or runs on my Windows pc unless it is something I am developing for pcs. But I sure use the pc for a lot for other things!
So, basically, I am not saying that all of the reasons for the messiness in Windows are reasonable, but even the best designed Windows would have to allow the user to make his own computer insecure in order to be usable and uninfuriating and appealing to its intended user and for its intended use.
This is the opinion of a user and a programmer, but not, I freely admit, the opinion of an expert in OS architecture, but it seems to me that it would be extremely difficult for there NOT to be an inverse relationship between the security of a system and the freedom of a user to do what he wants, change what he wants, and mess up what he wants.
You all are lucky, my flight was just called, so I'm done.
Nonetheless, i think they mostly miss an important point.
Before I start, please note that I realize that the history doesn't change the current facts, but stick with me; I'm leading upto a point about the current situation.
Historically Windows and *nix were developed in and for completely different contexts and for extremely different uses. Windows was and is a commercial product developed to be directly marketed to offices and end users. It was and, excepting the server products, which are an aberation, continues to be essentially a single user OS designed to be easy for the non expert end user, to be used primarily for non technical tasks, or tasks which are technical in some way that has nothing to do with computing or networking. I will not comment on the blunders where it has failed to meet some of these goals. Overall it has been extremely successful at these things.
Unix was, from early on, a multi user networked OS with a clear separation between users and the system administrators. Anyone using it as a network server is strongly advised to respect that separation now more than ever.
Yes, this history has led to a messy situation in Windows. And yes, this has been unfortunate as personal security has become more important.
But seriously, if Windows treated me like a non root Unix user on my own home pc, it would be infuriating and inconvenient. And if a Linux server DIDN'T treat me that way, it would be an invitation to disaster that would affect a lot more than my personal stuff.
As a programmer I have worked and do work in both environments. Nothing that is critical to clients and users lives or runs on my Windows pc unless it is something I am developing for pcs. But I sure use the pc for a lot for other things!
So, basically, I am not saying that all of the reasons for the messiness in Windows are reasonable, but even the best designed Windows would have to allow the user to make his own computer insecure in order to be usable and uninfuriating and appealing to its intended user and for its intended use.
This is the opinion of a user and a programmer, but not, I freely admit, the opinion of an expert in OS architecture, but it seems to me that it would be extremely difficult for there NOT to be an inverse relationship between the security of a system and the freedom of a user to do what he wants, change what he wants, and mess up what he wants.
You all are lucky, my flight was just called, so I'm done.
A statement often made but seldom proven. It's all point and click just as with Windows. I have been using debian for some time now, and if anything for home use is more straight forward than using Windows with many advantages. Apt packaging, synaptic and software center make software installation much simpler and safer. Linux is not Windows, it does not do things the same way, it does them better. Attempting to apply Windows methods to Linux will not work. Making a small amount of effort to learn the basics of doing things the Linux is all that it takes.
I think you have not considered the actual comparative characteristics of these systems. Compare, for instance, the ease of using su on a Unix system with the annoyance and difficulty of using UAC on MS Windows Vista.
Well, I just landed and I'm waiting for my next flight. Underslept and jetlagged, but I'll try to be coherent.
I actually think that what you say is true and yet doesn't address the whole point. There is no question that you could build a better end-user operating system on top of Linux or from scratch and that Windows has had and has some serious shortcomings and the messy structure of an old city. In fact, it has been done. Look at Mac OS.
The point is that the end user WANTS a window to pop up automatically when they insert a dvd; they WANT an OS that chooses the right application when they double click on a file; they want one application to bust in to another and use its capabilities. If they thought about it, they probably wouldn't want to hide extensions for known file types, but again Windows is not ideal. They do want software to install without having to understand more about permissions than that they either trust or don't trust what they are installing.
So the question this ends up raising is, even if you build a better operating system on top of Linux, how secure will it be when you give the end-user root in a way that is transparent to her, and you allow programs to do run automatically when you insert a cdrom or double click on a file or you give all the running programs access to one another? Sure, it will be somewhat better than Windows, but the basic problem reappears.
In fact, I suspect the best you can do for the end users safety is to follow some of Apple's example. Part of the genius of Apple's software has been their success in fooling a large part of their user base into misinterpreting restrictiveness as ease of use.
My point is not about Windows itself; I'm not a Windows apologist. My point is that what you want for a single user, end user OS to do and how you want it to behave is very different from how you want a network server to do and how you want IT to behave, and that this difference has security consequences.
I used to live in a town where people would walk into a shop leaving their car or bicycle outside unlocked, possibly with their belongings sitting in the basket or on the front seat. Until the problem of bicycle and car theft becomes serious enough that the inconvenience outweighs the convenience, they will continue to do that. But even in that town, the Bank uses and has to use an armored car. Tell your Grandmother why she should only su to root for x, y, and z specific tasks, and what file permissions different files should have, and the next week go back and tell me that she is not just logging in as root because everything works more easily that way.
I actually think that what you say is true and yet doesn't address the whole point. There is no question that you could build a better end-user operating system on top of Linux or from scratch and that Windows has had and has some serious shortcomings and the messy structure of an old city. In fact, it has been done. Look at Mac OS.
The point is that the end user WANTS a window to pop up automatically when they insert a dvd; they WANT an OS that chooses the right application when they double click on a file; they want one application to bust in to another and use its capabilities. If they thought about it, they probably wouldn't want to hide extensions for known file types, but again Windows is not ideal. They do want software to install without having to understand more about permissions than that they either trust or don't trust what they are installing.
So the question this ends up raising is, even if you build a better operating system on top of Linux, how secure will it be when you give the end-user root in a way that is transparent to her, and you allow programs to do run automatically when you insert a cdrom or double click on a file or you give all the running programs access to one another? Sure, it will be somewhat better than Windows, but the basic problem reappears.
In fact, I suspect the best you can do for the end users safety is to follow some of Apple's example. Part of the genius of Apple's software has been their success in fooling a large part of their user base into misinterpreting restrictiveness as ease of use.
My point is not about Windows itself; I'm not a Windows apologist. My point is that what you want for a single user, end user OS to do and how you want it to behave is very different from how you want a network server to do and how you want IT to behave, and that this difference has security consequences.
I used to live in a town where people would walk into a shop leaving their car or bicycle outside unlocked, possibly with their belongings sitting in the basket or on the front seat. Until the problem of bicycle and car theft becomes serious enough that the inconvenience outweighs the convenience, they will continue to do that. But even in that town, the Bank uses and has to use an armored car. Tell your Grandmother why she should only su to root for x, y, and z specific tasks, and what file permissions different files should have, and the next week go back and tell me that she is not just logging in as root because everything works more easily that way.
When you place a cd / dvd in drive (Kde 3.5) will do the same as WinXP. open a window with a list of options - open in file manager, burn a copy, play if a music cd. This does not require system to run as root to do this. The Linux desktop has been as user friendly as any windows equivalent for some time now.
Running as a user does not prevent opening a file in the correct application by clicking on it's icon, but it will let you know if it is an executable file masquerading as a data file by prompting for root password. Installing from official repositories is both simple and much safer than willy-nilly clicking on all sorts of windows exe files spread uncontrolled all over the net.
The proper root / user does not make the desktop more difficult for the average user, if anything, it is easier for novice users as by restricting root access, these novice users are prevented from breaking anything. When I let anyone use one of my Linux machines with very limited computer experience, i tell them not to be frightened of breaking anything as the machine won't let them do anything that will break the system.
The difficulty of using Linux desktop myth is just that, a myth. Many once believed the sun was the center of the universe, a line of thought not based on fact, and observation of the real world but on philosophical reasons, the Linux desktop also should not be judged philosophically, but also with an open mind and real world observation.
Running as a user does not prevent opening a file in the correct application by clicking on it's icon, but it will let you know if it is an executable file masquerading as a data file by prompting for root password. Installing from official repositories is both simple and much safer than willy-nilly clicking on all sorts of windows exe files spread uncontrolled all over the net.
The proper root / user does not make the desktop more difficult for the average user, if anything, it is easier for novice users as by restricting root access, these novice users are prevented from breaking anything. When I let anyone use one of my Linux machines with very limited computer experience, i tell them not to be frightened of breaking anything as the machine won't let them do anything that will break the system.
The difficulty of using Linux desktop myth is just that, a myth. Many once believed the sun was the center of the universe, a line of thought not based on fact, and observation of the real world but on philosophical reasons, the Linux desktop also should not be judged philosophically, but also with an open mind and real world observation.
I do, you probably do, grandma won't give a crap.
So the answer is....
Why does grandma have to su at all?
If having to switch roles is the problem, why not implement privilege separation, and then set it up so all grandma's tasks can be done at the level she's comfortable with?
Inconvenience isn't good security, it's bad design....
So the answer is....
Why does grandma have to su at all?
If having to switch roles is the problem, why not implement privilege separation, and then set it up so all grandma's tasks can be done at the level she's comfortable with?
Inconvenience isn't good security, it's bad design....
There's a big difference between wanting a window opened when a DVD is inserted and having the contents of said DVD executed.
Linux does open a window when new media is inserted. It even asks you if you want to play it, browse it, use some photo utility etc.
If you want the right application to open up when a file is double clicked you need to use Linux. Windows is no good. Linux checks the header of the file to determine file type, Windows the extension.
For the sake of this post I did the test. Deleted the extension of a JPEG and Linux still thinks it a JPEG. Downloaded a JPEG as "download" (no extension) and Linux knew it was a JPEG. Put the .png extension, Linux still thought it was a JPEG.
Delete the extension on Windows and you're out of luck. Put two extensions to a file and Windows gets confused.
Installing software. Well the ease of installation on Windows is due to the distribution through install shields that bundle the application, but are not part of the OS. Without the install shield you'd have a harder time installing things on Windows.
For starters you have the registry to deal with. Then dll dependencies. Then lack of symbolic links complicates dll dependencies.
On Linux you do have applications with install shields and you have those without. Some can be handled by the OSs package manager others can't. Some applications can be a real nightmare to install because the lack the supporting tools, but that's the problem of the developer not the end user.
But if you do have the right supporting tools then it is easier to install and maintain. Configuration data is kept in a well known place. Binaries in another and user data in yet another spot. Linux solves dll hell in a way more elegant way than Windows. Which also simplifies software installation and maintenance.
Linux does open a window when new media is inserted. It even asks you if you want to play it, browse it, use some photo utility etc.
If you want the right application to open up when a file is double clicked you need to use Linux. Windows is no good. Linux checks the header of the file to determine file type, Windows the extension.
For the sake of this post I did the test. Deleted the extension of a JPEG and Linux still thinks it a JPEG. Downloaded a JPEG as "download" (no extension) and Linux knew it was a JPEG. Put the .png extension, Linux still thought it was a JPEG.
Delete the extension on Windows and you're out of luck. Put two extensions to a file and Windows gets confused.
Installing software. Well the ease of installation on Windows is due to the distribution through install shields that bundle the application, but are not part of the OS. Without the install shield you'd have a harder time installing things on Windows.
For starters you have the registry to deal with. Then dll dependencies. Then lack of symbolic links complicates dll dependencies.
On Linux you do have applications with install shields and you have those without. Some can be handled by the OSs package manager others can't. Some applications can be a real nightmare to install because the lack the supporting tools, but that's the problem of the developer not the end user.
But if you do have the right supporting tools then it is easier to install and maintain. Configuration data is kept in a well known place. Binaries in another and user data in yet another spot. Linux solves dll hell in a way more elegant way than Windows. Which also simplifies software installation and maintenance.
Look, linux based macos is already better than Win, and if you don't need to leave userland (get Grandma a netbook) because you preinstall andhardware and other things aren't an issue, then almost any Linux desktop is a better choice than Win. And if you make a good effort to handle and restrict the use of priveleges without exposing the user to stuff that they don't want to learn, then you are ahead of Win. For all I know, some of the end user, desktop oriented builds out there are easier, slicker, and all around better than Win right now. And certainly if I didn't need to develop for Win, and if World of Warcraft really ran under Linux, I would be using Linux full time instead of splitting between the two. But have another look at the title of my previous post! This is not a Windows v. Linux issue!
If you let users have a desktop from which external media can autorun, and double clicking on an executable (whether by looking at an extension or a header) leads to executing code; if the user bizarrly chooses to double click on an attachment from someone they don't know who wrote to them in Russian; if you allow the user to have a browser, a word processor and a database program that get so intimate that they have children; if your OS is dominant as the desktop OS of choice (Linux is already the OS of choice for just about anything else) and every web page and its mother is offering you nicely packaged slick downloads, then user land is going to be compromised pretty quickly.
On a Linux SERVER, if the user account "joe" gets compromised, but the attacker can't leverage that into something more, then the disaster has been effectively limited and contained by well managed privileges and keeping things seperate.
On a single user desktop everything worth doing, stealing, or destroying can be done, accessed and destroyed by Joe, or else Joe is not very happy with his desktop. But because of the other things that Joe also wants, Joe is much more prone to compromising userland than a remote user on a well administered Linux server would ever be. Luckily, though, this is just Joe's bicycle, and not the town bank (see my previous post) so this is not a big deal affecting hundreds of other people.
So maybe losing the Windows legacy would reduce, say, the chances of a key logger, because Linux is better designed than Windows. But as I said before, the fundamental problem is that the more important and powerful Joe is, and the more concessions we make to Joe's preference for convenience over security the more we will see the consequeces of the inverse relationship with system security. Linux might improve the coefficient, but it won't eliminate this relationship.
Single user desktop security just isn't the same as server security, and shouldn't be, as I said in my first post.
If you let users have a desktop from which external media can autorun, and double clicking on an executable (whether by looking at an extension or a header) leads to executing code; if the user bizarrly chooses to double click on an attachment from someone they don't know who wrote to them in Russian; if you allow the user to have a browser, a word processor and a database program that get so intimate that they have children; if your OS is dominant as the desktop OS of choice (Linux is already the OS of choice for just about anything else) and every web page and its mother is offering you nicely packaged slick downloads, then user land is going to be compromised pretty quickly.
On a Linux SERVER, if the user account "joe" gets compromised, but the attacker can't leverage that into something more, then the disaster has been effectively limited and contained by well managed privileges and keeping things seperate.
On a single user desktop everything worth doing, stealing, or destroying can be done, accessed and destroyed by Joe, or else Joe is not very happy with his desktop. But because of the other things that Joe also wants, Joe is much more prone to compromising userland than a remote user on a well administered Linux server would ever be. Luckily, though, this is just Joe's bicycle, and not the town bank (see my previous post) so this is not a big deal affecting hundreds of other people.
So maybe losing the Windows legacy would reduce, say, the chances of a key logger, because Linux is better designed than Windows. But as I said before, the fundamental problem is that the more important and powerful Joe is, and the more concessions we make to Joe's preference for convenience over security the more we will see the consequeces of the inverse relationship with system security. Linux might improve the coefficient, but it won't eliminate this relationship.
Single user desktop security just isn't the same as server security, and shouldn't be, as I said in my first post.
Joe and Grandma still want to be secure, what you are saying is they don't want to 'pay' for it.
It's too much trouble to lock the door, but people keep walking in and stealing my blue rinse, say's Grandma...
huh ???
It's too much trouble to lock the door, but people keep walking in and stealing my blue rinse, say's Grandma...
huh ???
That post IS a response to what I am saying, and what you say is also not wrong. I gave the example of the people in my old town who left their cars and bicycles unlocked, and said that until the rate of theft rose enough to make the inconvenience outweigh the convenience they would not change their ways.
As things stand now, what you describe is almost exactly what happens. The windows box used by my teenagers, even with a working antivirus, slowly accumulates crap that shouldn't be there, crap of all kinds, and after about a year the consequences become so intolerable that the kids complain to the point where I have to step in and do something drastic.
My mother uses her computer somewhat more carefully, same with my wife and others, but every once in a while they let something bad happen and they call me for help. If I'm not around they call someone else.
Maybe it costs some time and even some money, but generally not enough to make them want to give up their power to do things wrong.
If the problem becomes so regular and intolerable that the balance shifts, they will make more concessions in terms of power, convenience, and having to learn things. And if people steel Grandma's blue rinse enough times, she will start locking the door.
But the balance will never be the same for single user desktops and for network servers because bikes and blue rinses will never be the same as banks and museums, and because people will never subject themselves to the same level of care and protocol in their personal lives that they expect from the banks and museums that serve them.
As things stand now, what you describe is almost exactly what happens. The windows box used by my teenagers, even with a working antivirus, slowly accumulates crap that shouldn't be there, crap of all kinds, and after about a year the consequences become so intolerable that the kids complain to the point where I have to step in and do something drastic.
My mother uses her computer somewhat more carefully, same with my wife and others, but every once in a while they let something bad happen and they call me for help. If I'm not around they call someone else.
Maybe it costs some time and even some money, but generally not enough to make them want to give up their power to do things wrong.
If the problem becomes so regular and intolerable that the balance shifts, they will make more concessions in terms of power, convenience, and having to learn things. And if people steel Grandma's blue rinse enough times, she will start locking the door.
But the balance will never be the same for single user desktops and for network servers because bikes and blue rinses will never be the same as banks and museums, and because people will never subject themselves to the same level of care and protocol in their personal lives that they expect from the banks and museums that serve them.
Given it's a far from comfortable one for anyone including MS, seeing as they keep getting deservedly slated, how do we move to where we want to be...
> linux based macos if you don't need to leave userland (get Grandma a netbook) if World of Warcraft really ran under Linux
It does. My girlfriend refused to play it in MS Windows, actually -- in part because she did not want to have to deal with a dual-boot system, and in part because it performs better on a Linux system via Wine. Setting it up takes a little If you let users . . .
1. Autorunning executables is always a bad idea. Don't let users do it. There are other options, though, that can satisfy both good security practice and users who want things to happen automatically. For instance, pop up a dialog that tells the user what kind of program is associated with that file format, and asks what the user wants to do.
The way things work on Unix-like systems (including Linux) by default is already better than autorunning everything. If you think it's a word processor document, use the word processor to open the file -- and if that doesn't work, don't just automatically send the file to whatever does open it; let the person know it is not the correct file type for the program. Why is sending malware to the VBScript interpreter when you try to open it in MS Word such a great idea?
Another option if you really want to let users open stuff from the file rather than from the program is to use something like a right click menu to offer options for what to do, of course. Of course, with the double-click behavior I described above, this is kind of redundant.
All of the above is about as convenient as MS Windows' standard behavior, and much more conducive to good security. Unfortunately, the sad fact of the matter is that Linux distributions like Ubuntu are getting more and more like MS Windows, even going so far as to try to adopt ill-advised behavior like Microsoft-style AutoRun. I believe this is because the people making decisions for these software projects see that MS Windows is more popular on the desktop than their own projects, and think that in order to get some of that market share they have to do exactly the same things MS Windows does -- but the truth of the matter is that they should not duplicate MS Windows' mistakes since the best they'll do in that case is ensure that nobody has any particular reason to switch OSes, since they're both the same. What they should be doing is coming up with ways to supersede any conveniences of MS Windows with improvements that do not sacrifice the strengths their own systems already enjoy as benefits over MS Windows. Keep the improved security, and use convenience capabilities that do not sacrifice security, stability, and so on. Like you, though, they take the short-sighted view that to "succeed" they have to duplicate bad choices.
2. If the user double clicks an attachment from some Russian phisher, there won't be any security impact of that action unless the people who developed the software running on that OS stupidly duplicated MS Windows automatic execution behavior.
3. Browsers, word processors, and DBMSes (or maybe you meant DB client applications when you said "database program") can share code for back end functionality without sharing memory space and performing in other unsafe ways. The design of the OS architecture is part of what determines whether shared code is shared safely or unsafely; MS Windows chooses "unsafely", while the standard Unix model chooses "safely" with proper privilege and process separation, memory space separation, and other characteristics of good security design.
4. While being a more popular OS increases the benefit of compromising it, it does not increase the ease On a single user desktop everything worth doing, stealing, or destroying can be done, accessed and destroyed by Joe, or else Joe is not very happy with his desktop. But as I said before, the fundamental problem is that the more important and powerful Joe is, and the more concessions we make to Joe's preference for convenience over security the more we will see the consequeces of the inverse relationship with system security.
There are times when a compromise between security and convenience might be a practical necessity, but those times are far more rare than many people think. You do not need to make concessions to convenience in the general case: instead, you can just design the system so that convenience does not compromise security. Yes, it really is possible, in almost every case. In fact, I only admit the possibility that security might sometimes need to make concessions to convenience because I have no proof that there is never such a case -- but I'm having a lot of difficulty coming up with an example where such a concession is actually necessary. Convenience and security can, in at least the vast majority of cases, live together peacefully. The fact that MS Windows has given up on that does not prove its converse.
In short, your reference to convenience's "inverse relationship with system security" is factually inaccurate. Whether or not there are times when security concerns and convenience are in conflict, there is not an overall inverse relationship between security and convenience. That's a pervasive myth that harms both convenience and security, in part by convincing people to give up on one every time they pay any attention to the other, rather than leaving them to think about how to satisfy both needs simultaneously.
It does. My girlfriend refused to play it in MS Windows, actually -- in part because she did not want to have to deal with a dual-boot system, and in part because it performs better on a Linux system via Wine. Setting it up takes a little If you let users . . .
1. Autorunning executables is always a bad idea. Don't let users do it. There are other options, though, that can satisfy both good security practice and users who want things to happen automatically. For instance, pop up a dialog that tells the user what kind of program is associated with that file format, and asks what the user wants to do.
The way things work on Unix-like systems (including Linux) by default is already better than autorunning everything. If you think it's a word processor document, use the word processor to open the file -- and if that doesn't work, don't just automatically send the file to whatever does open it; let the person know it is not the correct file type for the program. Why is sending malware to the VBScript interpreter when you try to open it in MS Word such a great idea?
Another option if you really want to let users open stuff from the file rather than from the program is to use something like a right click menu to offer options for what to do, of course. Of course, with the double-click behavior I described above, this is kind of redundant.
All of the above is about as convenient as MS Windows' standard behavior, and much more conducive to good security. Unfortunately, the sad fact of the matter is that Linux distributions like Ubuntu are getting more and more like MS Windows, even going so far as to try to adopt ill-advised behavior like Microsoft-style AutoRun. I believe this is because the people making decisions for these software projects see that MS Windows is more popular on the desktop than their own projects, and think that in order to get some of that market share they have to do exactly the same things MS Windows does -- but the truth of the matter is that they should not duplicate MS Windows' mistakes since the best they'll do in that case is ensure that nobody has any particular reason to switch OSes, since they're both the same. What they should be doing is coming up with ways to supersede any conveniences of MS Windows with improvements that do not sacrifice the strengths their own systems already enjoy as benefits over MS Windows. Keep the improved security, and use convenience capabilities that do not sacrifice security, stability, and so on. Like you, though, they take the short-sighted view that to "succeed" they have to duplicate bad choices.
2. If the user double clicks an attachment from some Russian phisher, there won't be any security impact of that action unless the people who developed the software running on that OS stupidly duplicated MS Windows automatic execution behavior.
3. Browsers, word processors, and DBMSes (or maybe you meant DB client applications when you said "database program") can share code for back end functionality without sharing memory space and performing in other unsafe ways. The design of the OS architecture is part of what determines whether shared code is shared safely or unsafely; MS Windows chooses "unsafely", while the standard Unix model chooses "safely" with proper privilege and process separation, memory space separation, and other characteristics of good security design.
4. While being a more popular OS increases the benefit of compromising it, it does not increase the ease On a single user desktop everything worth doing, stealing, or destroying can be done, accessed and destroyed by Joe, or else Joe is not very happy with his desktop. But as I said before, the fundamental problem is that the more important and powerful Joe is, and the more concessions we make to Joe's preference for convenience over security the more we will see the consequeces of the inverse relationship with system security.
There are times when a compromise between security and convenience might be a practical necessity, but those times are far more rare than many people think. You do not need to make concessions to convenience in the general case: instead, you can just design the system so that convenience does not compromise security. Yes, it really is possible, in almost every case. In fact, I only admit the possibility that security might sometimes need to make concessions to convenience because I have no proof that there is never such a case -- but I'm having a lot of difficulty coming up with an example where such a concession is actually necessary. Convenience and security can, in at least the vast majority of cases, live together peacefully. The fact that MS Windows has given up on that does not prove its converse.
In short, your reference to convenience's "inverse relationship with system security" is factually inaccurate. Whether or not there are times when security concerns and convenience are in conflict, there is not an overall inverse relationship between security and convenience. That's a pervasive myth that harms both convenience and security, in part by convincing people to give up on one every time they pay any attention to the other, rather than leaving them to think about how to satisfy both needs simultaneously.
I thought I had hit a limit, but apparently I can post a reply.
Apotheon, thanks. I read your post and came out of it convinced that the problem is, as you say, one of good design and not, as I was arguing, some kind of inviolable relationship between convenience and insecurity.
I'm somewhat embarassed by having to be corrected on so many point, but it's always healthy to be shown how much I don't know.
As a bonus to being straightened out, any embarrassment is completely secondary to my delight at finding out that I can, in fact, play World of Warcraft under Linux.
Apotheon, thanks. I read your post and came out of it convinced that the problem is, as you say, one of good design and not, as I was arguing, some kind of inviolable relationship between convenience and insecurity.
I'm somewhat embarassed by having to be corrected on so many point, but it's always healthy to be shown how much I don't know.
As a bonus to being straightened out, any embarrassment is completely secondary to my delight at finding out that I can, in fact, play World of Warcraft under Linux.
I'm glad you found some value in it.
I see your account here is pretty new. Welcome to the community.
I see your account here is pretty new. Welcome to the community.
Is there really a reason to compromise?
So far convenience in this conversation has boiled down to autorun. If you put a disk or USB drive in your machine what is so important to autorun?
I can have many executables in a USB drive, which one will autorun? What's the convenience of autorun in that case? For me none! Just a popup to open the unit is fine.
Can't I just autorun with reduced privileges? What scenario would justify an autorun with full user rights? Does the autorun for the DVD need to access anything outside the DVD?
So I can arrive to an autorun setup which runs inside a chgroot jail and does not affect either user or system space. Thus the convenience is obtained without the expense of security.
But its cheaper and more lucrative to give you the bare bones autorun and then sell you an added tool to keep malware at bay.
So far convenience in this conversation has boiled down to autorun. If you put a disk or USB drive in your machine what is so important to autorun?
I can have many executables in a USB drive, which one will autorun? What's the convenience of autorun in that case? For me none! Just a popup to open the unit is fine.
Can't I just autorun with reduced privileges? What scenario would justify an autorun with full user rights? Does the autorun for the DVD need to access anything outside the DVD?
So I can arrive to an autorun setup which runs inside a chgroot jail and does not affect either user or system space. Thus the convenience is obtained without the expense of security.
But its cheaper and more lucrative to give you the bare bones autorun and then sell you an added tool to keep malware at bay.
You don't really need AutoRun for removable media. Even if you do think you need it, though, there's no reason it can't be sandboxed with something like chroot or a FreeBSD jail.
Made my own autorun USB drive to give to clients. When they plug it in, it automatically installs our software on their workstation. No fus, no training required. they just remove the drive when it says on the screen "Done"
[Edit: Upon reading further in this thread, I see this post is rather redundant.]
All that excess baggage!
Look:
True privilege separation, built into the architecture from the ground up, is transparent to the user no matter what OS it is. Except Windows, which doesn't have it.
Windows, if one were to magically shove in a kernel which had real privilege separation, would behave almost exactly the same for Joe as it did yesterday, before we secretly replaced his version with ours.
Now, you may have some points that I have not quite followed where you find the usability of Linux insufficient for Joe. Privilege separation is not one of them.
All that excess baggage!
Look:
True privilege separation, built into the architecture from the ground up, is transparent to the user no matter what OS it is. Except Windows, which doesn't have it.
Windows, if one were to magically shove in a kernel which had real privilege separation, would behave almost exactly the same for Joe as it did yesterday, before we secretly replaced his version with ours.
Now, you may have some points that I have not quite followed where you find the usability of Linux insufficient for Joe. Privilege separation is not one of them.
Let's take this back a step.
Chad talks about Unix (not just Linux!) being securerer than Windows because there's a mentality in the design that says "if you don't need access to [something] to do [something else], then you shouldn't have access to [something] at all."
Windows has just recently (Vista) started pushing the idea of least-privileged security. Under XP (and for sure, under 9x), everyone... EVERYone.. ran as a local admin. Most software written had no idea what to do when ran as "Guest" or "User". The security restrictions were there -- can't install a new hardware device as User -- but no one took the effort to notice the effects.
Look at the README file that comes with.. anything. "You must be administrator to --"
Now, the tables are slowly, slowly turning. Under 7, I can run as a plain User most of the time. Some software just doesn't work, but most of what I need to do can be done. When I need to do SysAdmin-y things, it's back to Admin I go. The trouble is, even now, the amount of software that "requires" me to be an Admin is somewhat ridiculous. And it does not often degrade gracefully in the manner to which I'm accustomed on my Linux PCs.
On most of my Linux boxen, I do run as root. Because, on most of them, I'm doing things that legitimately require root access most of the time. I use them for development, appliances and special-purpose builds, for administration, and on servers where having a Joe User account would just be an extra step before SU'ing to root anyway.
BUT, when I DO use Linux as a "general purpose workstation", I can successfully run as a normal User. When I need to do something special, like install a package or twiddle with some hardware, I'm either asked for root credentials, the software says "you have to be root to do this", or I don't even have access to begin with ('/usr/sbin' isn't in User's path). Things rarely just crash or give me cryptic errors ("Failed to dongle the system.lib.umathurman.unit: -0x2efe135frodo") like on Windows.
Enough rambling. Let's go back to insulting each other.
Chad talks about Unix (not just Linux!) being securerer than Windows because there's a mentality in the design that says "if you don't need access to [something] to do [something else], then you shouldn't have access to [something] at all."
Windows has just recently (Vista) started pushing the idea of least-privileged security. Under XP (and for sure, under 9x), everyone... EVERYone.. ran as a local admin. Most software written had no idea what to do when ran as "Guest" or "User". The security restrictions were there -- can't install a new hardware device as User -- but no one took the effort to notice the effects.
Look at the README file that comes with.. anything. "You must be administrator to --"
Now, the tables are slowly, slowly turning. Under 7, I can run as a plain User most of the time. Some software just doesn't work, but most of what I need to do can be done. When I need to do SysAdmin-y things, it's back to Admin I go. The trouble is, even now, the amount of software that "requires" me to be an Admin is somewhat ridiculous. And it does not often degrade gracefully in the manner to which I'm accustomed on my Linux PCs.
On most of my Linux boxen, I do run as root. Because, on most of them, I'm doing things that legitimately require root access most of the time. I use them for development, appliances and special-purpose builds, for administration, and on servers where having a Joe User account would just be an extra step before SU'ing to root anyway.
BUT, when I DO use Linux as a "general purpose workstation", I can successfully run as a normal User. When I need to do something special, like install a package or twiddle with some hardware, I'm either asked for root credentials, the software says "you have to be root to do this", or I don't even have access to begin with ('/usr/sbin' isn't in User's path). Things rarely just crash or give me cryptic errors ("Failed to dongle the system.lib.umathurman.unit: -0x2efe135frodo") like on Windows.
Enough rambling. Let's go back to insulting each other.
Much of the perceived user difficulty with the Linux desktop is myth, some built on most having gotten used to windows, the rest is just because that?s what they have heard. Most users, I find will get comfortable within a short time with a bit of use.
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
