I work in a school environment running mostly Windows XP where students bring their thumb drives, plug them in do whatever they want. How do I prevent viruses from wreaking havoc on a 12 year old OS? Well, by default, I simply setup a restricted account and that's it.
Very nice article and so true. Market share is certainly a factor but not the end all and be all.
Good point, Ive always been a big supporter of open source software, and i really do hope linux takes hold as a major OS.
Yes. Great article. I can add also that since most software for Linux is free that users are downloading legitimate copies of Gimp and Kdenlive instead of an infected Torrent version of Photoshop or Adobe Premiere.
But the issue with this is that your students then have no access to any advanced tools unless you bypass security for them.
Now try transfering this situation to a home environment. As a technician, you setup a restricted account on someone's computer. Look at the issue with this. You're now locking away access to any of the tools on that person's computer. You would have to visit them everytime they wish to bypass security.
Now, with Linux, as long as security is looked after, these issues can be avoided entirely.
For an environment where the usual unsophisticated user is expected, and frequent software changes are unexpected, a system locker like DeepFreeze will work wonders. I'm sure it can be hacked, but in normal use a simple reboot restores the system to pre-idiot settings.
I work for a small hospital and we use Deep Freeze on our 'public' computers and it saves us a TON of headaches.
This is the kind of stuff that people laugh at years down the line. It's nothing new.
If Valve or any other commercial giant is successful at driving a large market onto Linux for whatever reason (because the open-source community has proven they can't do it themselves; only commercial entities, like Canonical and Google, have had any success), chances are most people are going to have the most up-to-date version of the latest LTS distribution of Ubuntu. That vastly reduces the target variety and gives malware creators a whole hell of a lot of information to steal.
If Canonical can create a robust sandbox for developers of software commonly used by average, somewhat Linux-literate users, then that's great. But for the power user, that succeeds in only doing what they're trying to avoid in Windows 8 and OSX: reigning in many parts of the OS for the sake of safety and user experience at the expense of the core Linux philosophies. It sounds untenable, but who knows, maybe somebody will figure it out.
Great point, DRoss. I wish I had thought of that one.
What part of "Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn" don't you understand?
>> I simply setup a restricted account and that's it.
Kid has Knoppix on his thumbdrive. Kid runs chntpw. Admin account not so restricted now.
The problem isn't the operating system, and it never was. It's the users. I deal very regularly with a lot of low-income computer users, generally running donated or very old used computers, more often than not running Ubuntu. A Linux-targetted botnet would have no trouble reaching these users...it wouldn't even need to use any exploits or 0-days; all it would need to do is trick the user into entering their password with the promise of free porn, or a working Flash plugin, or even funny cat videos. Honestly, I'm shocked this hasn't been tried (or if it has, I'm shocked it's not ubiquitous). The only way to secure things for everyone in the long term is educating the users, whether they're on Windows or something else.
Not really, even on Linux people want to use Photoshop. It's not like open source can replace all the non-free software. Development of really good programs/apps takes time and money and that's hard to do Open Source.
Really, it's been years and yet there's no really good audiophile programs or a real alternative to Photoshop, among other examples. It's why people keep on trying WINE and VM solutions.
Even the move with Valve to put Steam on Linux is not going to be any more free than the Windows version.
DRM, software pirating, etc are all things mainstream OS users will have to deal with regardless of which OS they use!
>> A Linux-targetted botnet would have no trouble reaching these users...it wouldn't even need to use any exploits or 0-days; all it would need to do is trick the user into entering their password with the promise of free porn
I'm guessing you don't use Linux. Linux browsers don't support ActiveX, nor do they have Java enabled by default. It's not near as easy to start an attack on an unsophisticated user as on Windows.
>> Not really, even on Linux people want to use Photoshop
Nope. I use Gimp. Free, and does everything most people want.
I have more audio programs than I can shake a stick at, I don't know what 2004-thing you're thinking of.
Software piracy isn't going to be a big problem in Linux, because there's a free solution that is good enough for pretty much everything: LibreOffice, Inkscape, Audacity... it's not worth the Linux users time to pirate software when there's a free solution with a one-click install right in front of him.
Pirated games? Sure, I'll wager there'll be a few. But, the vast majority of Windows/Mac trojans are going to be found in pirated versions of the OS or productivity suites... so the games probably will never be a big deal. If Valve's smart, they'll do like android and run everything under a separate user account where the games can't even screw with any directory outside Steam.
Sorry but I do use Linux, along with OSX, Windows, Android, and iOS. I'm not picky! I just know better to think that any one of them is invulnerable or in any way perfect. All OS have their strength and weaknesses.
Linux has some good defaults but it still requires a good setup and careful users.
While you obviously don't use Windows if you think it's still easy to do unsophisticated attacks. Drivers like the video drivers have been sand boxed since Vista. Along with a lot of security features that's been added over the years.
The majority of Attacks on Windows are Trojans, not viruses!
So it's mostly user error and things like not all users necessarily take advantage of those security features, like many insist on always logging in as administrator instead of a limited account even if they never really need admin privileges.
Also you're assuming things like Java actually has to be installed on Windows just like Linux. So either way user permission is required.
Windows 8 Modern UI brings in the latest security improvements, like all modern UI apps run sand boxed just like Linux. Secure Boot, etc are all enhancing Windows security higher than it's ever been before. The new MS App store will make it a lot harder to attack users through apps, etc.
While like it or not though Gimp is no replacement for Photoshop, sorry but I've worked as a graphic designer and theirs no real replacement for Photoshop. Gimp is more in the class of something like Photoshop Elements, Photoshop features but not the same as the full program.
There are also no really good audio editing programs for Linux.
Really, check out the "Why Linux Sucks | LFNW 2012" (part of LinuxFest North West) on youtube. It covers what Linux still needs to overcome and it's made by pro-Linux people!
You might want to read more carefully because tricking the user into giving access has nothing to do with exploiting system vulnerabilities but exploiting the users gullibility!
Such attacks can be created with anything run online, including HTML5, and it doesn't really matter what you're running if you give the access information away.
The idea that it can only happen to a more vulnerable system is an exaggeration. User error is user error regardless of what's running, only by not giving the user any access can it be avoided.
Don’t let the users run anything they want? Is that the secret? Well, thank you, but I think I will pass on that one, I'm not a complete moron. I've seen this strategy on windows 7, when I tried to modify a system file, it was a nightmare to gain administrator access to it, something about "trusted installer". Anyway, there will always be a Linux distro that does not treat me as a moron, so I'm not worrying.
The problem lies with the user who is installing software from an untrusted source. Ubuntu, for example, is making it very easy to install .deb files from the internet. This is the danger. Someone could easily make a virus for that. Maybe they should have left out gdebi, if the user wants to install .deb files, they should have some knowledge.
>> While you obviously don't use Windows
I've used it every day in my professional work for the last 20 years, and been writing software for it all that time..
>> Gimp is no replacement for Photoshop,
For the majority of us, it is. It's just not a replacement for everyday professional designers that need that final 5% - and who probably own Mac's (and therefore have OSX) for that type of work.
>> There are also no really good audio editing programs for Linux
>> Really, check out the "Why Linux Sucks | LFNW 2012" (part of LinuxFest North West) on youtube. It covers what Linux still needs to overcome and it's made by pro-Linux people!
I'm very familiar with Bryan's work, having been a long-time viewer of The Linux Action Show. He gives that talk each year to show the progress. You should watch the talk he gave afterwards, called "Why Linux Does Not Suck (Even A Little)".
While I submit, PLowe, that you are wrong with respect to operating systems, Windows being inherently more vulnerable than GNU/Linux, I quite agree that the most important thing to do is to educate users. But when you assume, as you seem to do, that «low-income computer users» are inherently less capable of adhering to good computing practice and/or more susceptible to the blandishment of free pornography than their more well-situated counterparts, your prejudices are showing. Indeed, with such an attitude, I wonder how successful you are in «educating» those low-income consumers with whom you deal so regularly....
My wife teaches High School in an area that has a mix of high and low income families.
She has discovered that income has no bearing on a student's computer prowess at all. The kids with no computers at home are using them at their freind's houses and they know plenty about them anyways.
Don't part with your illusions. When they are gone you may still exist, but you have ceased to live.
>> Ubuntu, for example, is making it very easy to install .deb files from the internet. This is the danger. Someone could easily make a virus for that. Maybe they should have left out gdebi...
Actually the recent direction with Ubuntu is now to put those "Install in Ubuntu" apt-link logos on the site. The links they point to are not actual debs, but entries in the software center. If you click one of those links and have not manually added the source as a trusted repo, Software Center gives you a big "Not Found" error.
.debs are no longer associated with gdebi. GDebi's not even installed by default anymore. Packages open with Software Center (which is almost as bad, in my opinion). So, users could still save a deb locally and double-click to install it without knowing how to use dpkg if they really wanted to do that (though the official Ubuntu documentation tells you you shouldn't install things in this way, and why). At least they're somewhat filtered in that unlike Windows exe's the .debs will open inside of Software Center... which gives Canonical an easy vector to stop them if any known malicious packages were to ever start making the rounds.
I could see where people that come from Windows might get themselves bit if they are still under the misconception that downloading packages from random sites and running them and typing in the admin password is a good idea, but people who learn from the ground up or actually read the documentation will know that you do everything via the software center or a package manager (unless you'e 1337 haxor), should therefore not be tricked by a malicious package.
"I've used it every day in my professional work for the last 20 years, and been writing software for it all that time.."
Then you should have known better on all counts!
"For the majority of us, it is. It's just not a replacement for everyday professional designers that need that final 5% - and who probably own Mac's (and therefore have OSX) for that type of work."
Doesn't change the point that until Linux has a real replacement then it won't appeal to the professionals!
Sorry but that's like GIMP for audio, it's not a pro tool like ProTools, Cubase, Sonar, and Reaper.
"I'm very familiar with Bryan's work, having been a long-time viewer of The Linux Action Show. He gives that talk each year to show the progress. You should watch the talk he gave afterwards, called "Why Linux Does Not Suck (Even A Little)"."
I did watch both, so sorry but I'm not the one in denial here. The first video clearly points out things like Linux has yet to get any really good pro tools for audio and video editing. Among other things that still need to change for Linux.
So, like I said before, Linux has some good defaults but it still requires a good setup (it can actually be made quite a bit more secure) and careful users. Especially the latter as any attack that targets the user can bypass any security the user has access to!
I hae given many lectures on GNU/Linux and alway got same question or argument about the differences in security record between Linux and Windows.
The two very good analogies I use to (usually) satisfy the Windows advocates are:
Apache versus Microsoft IIS HTTP Servers. While Apache occupies approximately 68 - 72 % of Web servers (worldwide) as compared to approximatel 17% for IIS, the Microsoft product still registers significantly more vulnerabilities and actual intrusions than Apache, accoding to Cert.org, Threatpost.com and other security watch organizations.
The second example is Drupal Content Management system (CMS) Web site applications versus (any) similar category Dot.Net based website. Similar results from Web hosting and review entities, in favour of Drupal.
These two alone have been very persuasive and convincing when promoting benefits of Linux, although there will always be rabid Microsoft skeptics for whom nothing else matters.
As there will always be rabid Linux skeptics.
Like pointing out servers are far less often targets than individual users and of course the obvious differences between server and consumer desktop software makes such comparisons obviously one sided.
Also, not all servers are set up with just the defaults and not all servers are equal targets or even equally maintained.
Not to mention ignoring that vulnerabilities like open ports, whether the systems are running anything legacy related, etc are things to watch out for regardless of what OS is running.
Having good or better defaults is just a good start, but with the ever increasing number of attacks security should be improved regardless of what level it's at. As no system is perfect and every security setup can be improved from its defaults.
Whether another OS is more vulnerable should never be the measure of satisfactory security! Unless you're only point is trash another OS in which case you're not talking about security but bragging rights!
NEWS TIPS |
This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or hisassociates. All products and trademarks are the property of their respective owners. All content and graphical elements areCopyright © 1999 - 2013 David Altavilla and HotHardware.com, LLC. All rights reserved. Privacy and Terms