The HeliOS Project is now.....

The HeliOS Project is now.....
Same mission, same folks...just a different name

Search the Blog of helios and all comments

Loading

Friday, June 19, 2009

What Myth Do You Want To Kill Today?

For those that don't know yet, The HeliOS Project is raffling off two killer laptops plus some other cool stuff. Drawing is on the 3rd of July so get your entries into the hopper soon. You can click the TEXT link on the left side of the page or you can click here to enter. Details of the raffle can be found here.

A colleague and a friend of mine recently had to resort to moderating her blog comments based on the number of (kindness and light helios...kindness and light) uh,.... uninformed readers who insisted on trotting out the tired old line:

"Oh yeah...well Linux is only secure because no one uses it.  You just wait until the hackers think it's worth messing with, then you'll see, Mr. smarty pants Linux user.

Sigh...

I think I want to run knitting needles through my eyes and brush my gums with a potato peeler.

Look, we're going to knock this down right here, and for all time, unless of course it gets proven wrong.  I doubt that it ever will.  this is going to be Linux security 101 for people that you send here to get the real story on how it works.  It's going to be told via mildly condescending story-telling techniques and simple analogies.  It won't go into Guru depth but we'll drill far enough down and unpack it enough to make our point.  Is that elitist?  Sure it is, but we're already accused of that anyway.  

They haven't advanced the ball a bit by saying it.

Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted...Gene Spafford.

Here's how it works.

It was a different day, a different era when Microsoft Windows was born.  The whole idea behind Windows was to make everything backwards compatible with everything else.  Slight changes caused by a patch or upgrade would normally break currently installed software, so the engineers at Microsoft made it so that didn't happen.  The code was written so that the system adapted itself to the changing API's and system calls.  That way your favorite pinball game didn't stop working when a program using an almost identical dynamic link was called.

If you've rummaged around inside a Windows machine at all, you've seen that there are a number of seemingly identical dll's registered with the system.  I'll bet some of you, in order to save hard drive space, at one time or another have even deleted some of them.

Oops.

"Honey, why is there a blue screen on the computer...?   Honey...?"

They are not identical at all...they may have the same names but there are variations of code that make them unique to the programs they belong to.  Another brilliant move by Microsoft...identical file names for different files.

In the first place, you should have never been allowed to even touch that file, but we'll get to that in a bit.

The point is, once malicious, evil hackers discovered that most code had free reign in a Windows system, they went to work.  If legitimate code was allowed to cuddle with the system, why couldn't their's...kind of like the first digital STD's.  Actually, we can thank Microsoft for vastly strengthening our economy, from their efforts sprang multi-billion dollar companies like Symantec, McAffee, Kaspersky...the stockholders were ecstatic.

The way that Microsoft Windows was coded insured that you would have to indeed pay for or use other software in order to insure the software you already purchased will work.  There's some more of those dll's gumming up your works.  Microsoft, not being the financial slacker, saw an opportunity to turn crap into gold.  They actually "sold" space to these companies on their install disks so that they could give you "antivirus subscriptions".  They found a way to make money on the sub-standard system they wrote and sold you.

You lucky dog you.  And quite the wise consumer.

So with all this code running around loose in your system, it's no wonder that you have to wrap your computer in bits and bytes of security chains before you even connect to the internet.  You just never know what you've picked up that will want to co-exist with the software on your machine.  Here's what I find absolutely hilarious.  Those antivirus and antispyware programs you use often, can slow your system down so much that it becomes an exercise in patience just to go from page to page.  Many of you in turn blame viruses for doing what the antivirus software is actually doing.  Your hard-earned dollars at work.

The Microsoft Windows file system, coupled with a user's free reign within that system is what makes Windows so fallible.  There are absolutely no road blocks or speed bumps to deter reckless behavior or intrusion.

With me so far?

Good, we're gonna show you why Linux is light years safer than Windows. 

What we got here is yer good ol' natural laws of the universe.

In Linux, there is a system of "user permissions" set up when you install the system on your computer.  There are two parts to your system.

User Account and Root Account.

You operate as the user in Linux.  In fact, and as in Windows, you can have as many user accounts as you want.  There is, in some form, an Administrator account in Windows...it just doesn't function as one.  Each account is an environment unto itself, and it evolves as the user interacts with that environment.  Making changes to the color scheme and installing applications will dictate how the account changes as the user works.  These are little worlds unto themselves and are not aware of other user accounts residing on that hard drive.

The root account, or Administrator account is a different story.  It remains largely untouched as it exists only to keep order.  If you install a program, it insures all the individual parts are in place and havoc does not ensue.  Whereas you had all the permissions in the world to alter and ultimately screw up your Windows system, in a Linux environment, restricted privileges insure that order is maintained and access to critical files is controlled.  The end result is a stable, reliable machine that rarely needs rebooting.

"Well helios, so much for Linux being all about freedom then.  Turns out all that is a bunch of poop.  Linux is actually an authoritarian, police-like system.  At least in Windows I had the choice whether I could screw up my system or not."

You could look at it that way, but only if your ultimate goal is to eventually screw up your system.  Besides, on a single-user machine, who do you think assigns the root password?  You do, so ultimately, you have the same privileges you had in Windows.

Microsoft Windows assumes you are an idiot.  Linux makes you leave irrefutable evidence.

(see /var/log/)

With this system, if a bad guy should ever gain access to your machine via socially engineering you to initiate a script (you know them as .exe's), it can only cause its havoc within the user account.  It cannot do silly little things like meander its way to your address book and send itself out to dozens or thousands of recipients.  How do you think these viruses propagate so quickly?  The root account, the keeper of the castle, will not allow the bad code to do anything but trash your own house...It's house stays in order.  You can rebuild your system after a disaster in minutes if you are properly backed up.  Oppose that to a 3+ hour Windows re-install.

And that's what this is all about.

Productivity and order.  Natural Laws Of The Universe.

You know, I've worked Tech Support on and off for ten years now and Vista actually did implement a stringent Root account system.  It makes me laugh to know that the majority of the bad attitude of Vista is that it makes you provide a password before doing certain stuff.

Gee...wonder where Microsoft got that idea?

Chances are, those commenters in Carla's blog really didn't know a thing of which they spoke.  They had heard or read someone say that Linux was only secure because it is obscure and were simply repeating it to show off.

My dad had a saying he was fond of telling me...and he did it often as I remember.

"People can only assume your an idiot.  Once you open your mouth, you prove it to them."  

Think for yourself for a change.  Stop to think that upwards to 70 percent of the Internet runs on Linux.  Is that obscure?  If what you say were true, wouldn't the Internet be brought to its knees on a daily basis?  If it were Microsoft servers running the show, it may very well be.  As our good friend Sander from LXer.com noted recently, even if you want to argue the merits of what I say, the obvious evidence is right in front of you.  Google runs entirely on Linux.  Now you run right along and hack that.  And one more point for the road.  Many of you sidestep this to the point of embarrassment.  You insist on clogging your Windows System with Antivirus software for some reason.  I have never, ever had a byte of AV software on my Linux boxes.

You need it, I don't.  Deal with it. 

The fact that Linux exists gives you a stable environment to dwell on the Internet.  I'd be a bit more respectful and check my facts before I went leaving public record of my ignorance.  What you say or do on the Internet never goes away.  Carla should have posted those comments.

All-righty Then



58 comments:

WE ARE *NIXED! said...

Great post. However... (and trust me, it is just a pet peeve of mine, but you'll see why in a moment).....

The word hacker has been abused way too long. Legitimate hackers have an actual code of ethics that they follow, and trashing someone's system is a no-no (believe it or not). The misconception of a "malicious hacker" came about thanks to this country's media (yay!) looking to make a quick buck off of hype, fear, and hysteria (John Markoff and Kevin Mitnick for example... you may want to watch Freedom Downtime for the full story on that one). Speaking of which, you may want to add the fact that all those computer publications out there have touted antivirus and spyware for years, thus adding to the whole mess.

kozmcrae said...

In my years FUD busting on the forums and comment boards I've come to realize how the Windows user understands computer security:

1) As more people use an OS, more security holes magically appear.

2) Security holes don't come into existence until they are listed for removal on Patch Tuesday.

There may be more but that's what I've encountered over and over.

Anonymous said...

I laughed so hard I had to get up and go outside. My co-workers must think I am crazy.

I love this guy.

Anonymous said...

Great post. Considering the fact that most, if not all of the Servers that actually allow us to BE online in the first place are running Linux. You would think that Linux viruses would be more common. That means that either Linux truly is more secure, or the hackers havent realized that yet .. and I seriously doubt the latter is true.

Anonymous said...

Considering that, on proprietary systems, it is security by obscurity, no wonder that some see it as magic, something one cannot understand.

Chuckula said...

A malicious script executed under Linux most certainly can access your personal address book and most certainly can send itself out in emails. I am sitting here with my Arch Linux laptop using a Firefox beta that I installed completely in my own limited user account... if I can install & run Firefox without needing any root permissions whatsoever, then I most certainly can run a program that can send out spam or operate as part of a botnet as well.

Still don't believe me? Here's a fun example of sending emails with python scripts. Absolutely no root privileges required, and it would be trivial to turn that dumb script into a mass mailer. Your personal address book is most certainly NOT off-limits to regular programs running with ordinary user permissions. Oh and for anybody thinking that setting the /home partition as noexec to prevent users from running their own programs, just remember that the python script I showed you doesn't need to be an independent executable to run, so noexec isn't complete protection either.

Chuckula said...

Part 2:


The point about only being able to trash personal files is also true but also a non-sequitur: The only data I actually care about at all are my personal files! If malware could only trash the system files then it would be annoying to re-install, but not fatal. Malware that can destroy or steal my personal data (which require zero root access) is actually a far worse problem.

I think it is you who have a misunderstanding of the actual security situation with Linux and Windows. You operate under the false dichotomy that Linux must be secure and Windows must be insecure, but in reality it is both systems that are generally insecure when put into default configurations.

What really protects Linux users from malware? The first point is that there isn't as much malware in existence for Linux, and most of the malware that does exist is targeted at server installations instead of at regular users on desktops. There are plenty of hijacked Linux machines on the internet... just open up port 22 to listen for incoming SSH attacks that originate from compromised Linux installations nearly 100% of the time.

The real protection that Linux users have from malware on the desktop has nothing to do with Linux's inherent security architecture, which uses Discretionary Access Controls in a scheme that is very similar to what a modern Windows installation uses. Instead, it is that downloads in Linux default to not being executable, while in Windows the execute permission comes from the ".exe" on the end of the file. Of course, a Linux user can always chmod +x the file, but the userbase of people who knows how to actually do this is also a userbase that is skilled enough to be wary of what they are downloading. In other words: make the general public use Linux en masse, teach them just enough to be dangerous (how to make a download executable) and you can have most of the same malware that affects Windows operating on Linux.

Another vector that makes Linux less secure is the web browser. There are already vulnerabilities in Firefox that exploit javascript holes and will run just as well on Linux as on Windows... once again, no protection because Firefox isn't running as root. Firefox doesn't have to run as root to steal all your personal information or become part of a botnet.

Linux does have some powerful security frameworks that can help go beyond the limitations of the 40 year old discretionary access control systems that Linux inherited from UNIX. I know because I did my master's thesis on one of them. However, all of these systems (SELinux being the most famous) have drawbacks when it comes to the complexity of managing them, and the fact that very few people in the Linux community know how to implement new policies with these frameworks. As it stands, they are mostly relegated to single-purpose servers that an experienced administrator wants to lock down, and they are almost never used on general-purpose desktops where there is a wide variety of installed software that may be broken by the strict controls SELinux puts in place.

As much as I love to bash Windows, its security model is not inherently any different than Linux's and it is not necessarily any less secure. Instead of writing blogs about why you don't like Windows, try to write blogs about how Linux can improve its own security in ways that allow ordinary users to run software, but also protects their personal data from malicious code.

Scotty B said...

The original quote is by (purportedly) from Abraham Lincoln:

"Better to remain silent and be thought a fool than to speak out and remove all doubt"

Rawler said...

Good post, but slightly fails to prove the point.

While I agree on the basics, and have been using Linux exclusively since ~2002 partly due to the inherent security, much of the discussions regarding Linux security is more or less moot.

While the root-separation effectively restrains attacking code on a system-level, attacking on a per-user level can be mostly as effective. I.E. what hinders code running under your user-account to install itself into ~/.bashrc, or your KDE equivalent? An unknowing Linux-user would not detect that any more than an unknowing Windows-user, and it could in practice do roughly as much harm. (Spying, setting up a botnet, or whatever.)

One of the things that that really do make Linux a bit more resilient to viruses is largely the same thing that people are complaining about regarding legit software, namely the distro fragmentation. This fragmentation is (allegedly, although often just a bad excuse) a problem in packaging 3d party software. The same thing goes for viruses, only multiplied a few times. Too large dominance from one distro would probably ruin some of that.

Then there's of course also the open-source aspect, where auditing actually IS a bigger thing than in many commercial companies I've seen. (Albeit some commercial companies seem to to it better as well)

One of the things where I think Linux and distributors actually could do an even better job, is enforcing security helpers such as different randomization-techniques for stack, pid:s, FD:s etc. That is a technique proven to really protect against malware. It may also break some badly written desirable software, but is then a really good reason to improve that, and quickly. (For example, why is the HUGE X-server still running as root?)

Stephon said...

As a new Linux user and concurrent OS X user, I wondered where you thought OS X fares in your argument?

Anonymous said...

I'm not nearly as eloquent as you helios, so this probably won't be readable by the masses, but - you missed pointing out umask.

Windows - dancing_pigs_trojan.exe arrives in email. Double-click. p0wned.

*nix - dancing_pigs_trojan arrives in email. Double-click opens in text editor or similar. Hmmm, I really want to see the dancing pigs. Detach file. Open command prompt. Chmod +x dancing_pigs_trojan. Double click. p0wned.

Sigh.

Kory from Utah said...

This was a great article, my brother sent this to me because I asked him why he loves Linux so much and is it secure. I am an idiot and I do prove it by opening my mouth, all the time :)

I will start migrating over to Linux, begrudgingly.

Ken Jennings said...

"nix - dancing_pigs_trojan arrives in email. Double-click opens in text editor or similar. Hmmm, I really want to see the dancing pigs. Detach file. Open command prompt. Chmod +x dancing_pigs_trojan. Double click. p0wned."

Actually, on linux, before one does the double click, the desktop shows the icon for an generic executable program, hmmmmmm. Shouldn't that be one of those media icons that looks like a film strip or a TV? Curious user with the ability to know how to chmod looks at file properties and concludes the file is not what it pretends to be. Drag icon to trashcan.

Anonymous said...

"Instead of writing blogs about why you don't like Windows, try to write blogs about how Linux can improve its own security in ways that allow ordinary users to run software, but also protects their personal data from malicious code."

My aren't we full of cheerful advice. My point to your question is why should he Shakespeare? It looks like you just did.

The guy personally builds and delivers hundreds of computers a year to disadvantaged kids in Texas. I've got some advice of my own. Instead of posting haughty, brow-beating comments, why don't you give him a hand doing what he does? His points are, for the most part correct. You state nothing that the average Linux user doesn't already know anyway. What did he say in his blog? He wasn't going to go too deep into it? You didn't read that part did you?

You can start with craigslist. Tell them you build computers for kids and you are looking for old computers to refurbish.

Chelle

Anonymous said...

sorry it truely is is more secure than windows and it has nothing to do with the amount of users. if it was that easy it would of been done already.

Anonymous said...

Security holes can occur on both Linux and Windows, and you can also run trojans and malicious scripts on both operating systems.

The main difference between the two is that on Windows it is easy to automate attacks whereas on Linux you can't easily automate such attacks - that is what makes Windows vulnerable to worms and viruses while Linux has never has a successful virus run on it, and is rarely affected by worms, spambots or other malware so prolific on Windows.

The reason for this is due to flaws in Windows' basic security model. On Linux, you have to use a programming error to break in. When this flaw is fixed, it is secure and cannot be broken into again using the same vulnerability. On Windows you use a flaw in the basic design of the security model to break in, and since it is the design of the security model, and not a programming error that is the vulnerability, it cannot be fixed. Hence you install an anti-virus or anti-malware program to cover for the vulnerability which remains open. If you remove your anti-virus or anti-malware program, the virus, worm, malware can return - ie. the vulnerability is not fixed.

Anonymous said...

Yes, your personal files are the most important data on your computer. But most Window's exploits exist in the form of overwriting a system file, which then grants the virus liberal control from which it can then access personal data etc... In *nix, this type of exploit in impossible without explicitely making it happen. So in that aspect, *nix is much much more secure because it eliminates the majority of serious exploits by restricting the system files.

Anonymous said...

Chuckula - I agree with you, 100. You've made a good point when you say your personal data is more valuable than the system.

There seems to be a common misunderstanding among Linux promoters on why Linux is so secure out of the box and Windows always suck. It isn't that simple.

I am a Linux user (Archlinux by the way!) and I love to tinker with it. But just because my preference of OS is Linux I'm not going to listen to hearsay and myths about Linux's strengths without investigating further to see if the claims are true or not.

Linux has its pros but so does Windows. Linux has its cons and so does Windows. But, if a Window box is set up in a very conservative way (like using a restricted account, implementing software restriction policy etc), I actually feel more secure with that box than the Linux box.

Take the third-party firewalls for Windows for instance. Comodo firewall lets you know if a software/file wants access to the internet. Why, in Linux you have no such thing. No message, nothing. You could manually block ports but compare that with couple of clicks in Windows.

A final note: if Linux were so secure, why are there tons of tips and how-to's on how to secure /harden a Linux box.
Why all the security software like snort, samhain, rkhunter etc?

I R A Darth Aggie said...

The only data I actually care about at all are my personal files!

There's no operating system in the world that will protect your files from yourself. Not even Windows.

No one can stop you from issuing a "rm -rf ~/" or "format C:" command.

FelixTheCat said...

You can't cure stupid. Users have been the bane of technicians since the beginning of binary time and they will invariably find a way to screw something up.

As Ken stated, Vista went quite a ways from giving users admin privileges by default and now follows *nix and OS X requiring some degree of action before making some administrative update/change. The problem still remains, though, that, contrary to what Chuckula states, the default Windows installation is still more insecure than the default Linux installation. The environment is improving and developers are finally getting the point they cannot assume a user MUST have admin privileges to run Windows apps. That's horrible! But even now, Windows' default is to hide extensions so that evil executable BritneySpears.jpeg.exe only shows up as BritneySpears.jpeg and a randy teen isn't going to think twice that the icon isn't right for a pic.

Now, this all makes no account for users that have no inkling about doing backups. Errant commands or hardware failures are going to cause just as much damage to lazy users who don't run backups on either platform. It is more likely is for a Windows box to be pwnd by a drive-by malware script on some website, unsuspecting or not. You can't even say these sites shouldn't be visited in the first place since there were quite legitimate sites recently that had malware code injected into some ads and straight into the site data itself.

So far, for a Linux box (even on a default install!) to be pwnd requires direct user intervention. You can't remotely brute-force your way into a default Ubuntu box because it doesn't include sshd or telnetd by default. You can't log in as root by default so the X-server doesn't have escalated privileges.

See a pattern yet?

I won't mention SELinux since that's better for a server environment than a desktop environment for now. I think if more folks got interested in writing SELinux policies for desktop apps, it'd be an even greater argument for Linux security on the desktop.

Back to Ken's original thesis, the Linux user permissions architecture (remember, the default umask means no executable files in a user's home directory!) combines with the rest of the overall structure, and a default Linux box is usable but still secure. Can a user totally screw up their box? Yep, especially if they have sudo privileges or the root password. In Ken's installs, he doesn't give the kids admin access for much that very reason. Unlike legacy Windows, they can still run apps without having it!

What a concept! ;)

My apologies, I've grown long-winded.

Marx said...

I agree with all the points made here, but I think for the AVERAGE user, another important "security" feature is the Linux package management system(s). The average user will get 99% of there software from the official repository. Now, assuming it doesn't get hacked or there isn't some unscrupulous person packaging an app (which would easly enough be found out by the community), then it's much safer than searching the web and downloading an app from some random website. Although it's purpose is to provide an easy installation mechanism for software it also negates the need for the average user to download, run and install anything from untrusted sources. Will that stop people from doing stupid things? Nothing ever will, the biggest problem with security on any desktop system is always the user. In it's convenience it offers a way for them to not hurt themselves.

PV said...

I think there should be more hacking competitions just to prove the point that while Mac OS X is more "secure" due to obscurity (and this is changing and so is the security situation), Linux is fundamentally more secure due to the underlying architecture setup. That would REALLY prove the point, especially as Linux is F/OSS so hackers (benign or not) would have the code necessary anyway.

Anonymous said...

Mr. Starks raises this point often and I am constantly surprised how often it is side-stepped, even by some of the seeming Linux supporters who long-windedly tell us that Linux isn't really secure at all.

In case you don't remember one of the major points of the article, Don't you as a Windows User feel just a little bit hosed that you have to use someone elses software to protect you from microsofts software? I mean, If I understand Starks correctly, Microsoft ought to just put all the anti virus businesses out of business and protect their crappy code for free, and from in-house.

Now I'd like to see the point taken on head on without all the obliviousness. Why does Microsoft Windows need antivirus software and I have run a linux box for 7 years without ever even downloading one?

That was one of his major points. Now address it.

Mark Benning
Atlanta

Anonymous said...

@ Mark Benning

You know what you have done don't you. You have left the door wide open for some putz to come in here and tell you that Windows only needs antivirus software because no one uses Linux.

Anonymous said...

*sighs* This "article" is the usual condescending nonsense wrapped in irrelevant meandering storytelling, and garnished with the usual lack of insight, references or critical thought.

Somewhat predictably the article starts off with some random moaning about backwards compatibility in Windows followed by a groan about security products (virus scanners and the like). This is followed by a few gratuitous and condescending sneers aimed at users who dare to think that keeping their legacy apps working was somehow more important than attaining geek Nirvana by installing an operating system with a terminally user-hostile commandline-oriented UI. Yeah right. Some people need their PC to get some useful work done instead of spending most of their time learning how to get the OS to what could have been done with a point and a click. Ah well, to each his own, but drop the idea that somehow sticking with a UI from the seventies has merit.

It wasn't until the advent of GNOME and KDE that Linux begin to get any usable interface. Nowadays of those two projects one prides itself on offering no options (and usually not the ones users want), and the other on throwing in two kinds of kitchen sink for any task (just in case anyone wants it) and with version 4.3 is struggling to whip what they have into actually working. Slag MS Windows all you like, its GUI works.

Another fine item of drivel is the "look-the-Internet-runs-on-Linux" fairytale. Well ... it doesn't. Look at the Netcraft figures. Almost any exposed server of any importance, every router, and every name server runs under some flavour of Unix (SunOS, HP-UX, AIX or even BSD). Not Linux. Most web-servers on the other hand do run under Linux. About 30% of them run under (gasp) Windows. Seen them being pwned all the time do we? I didn't think so either.

In all its verbiage, the article makes one-and-a-half point.

The "one" point is that Linux is "safer than Windows" simply because under Linux (and all Unix lookalikes) you're supposed to do all of your work while logged in as user-with-limited-privileges (so that any malware you inadverently run can't mess up the system because it doesn't have write privileges in the system folder), whereas under Windows you are logged in as "root" by default. This is of course complete nonsense. In Windows too it's possible to log in as ordinary user with limited privileges, meaning you get the very same protection you had in Windows. It is more unusual to do that on Windows boxes (although that's just changed with Windows Vista).

The half point being made is about backwards compatibility. Backwards compatibility in itself doesn't compromise security. Ordinary users logging in with root privileges does. Of course legacy apps weren't made to work in a multi-user environment, but proper privilege settings will either break the legacy app (in which case it needs to be replaced by a more modern one) or will constrain it to work where it can't do harm.

Chelle Minkin said...

sighs* This "article" is the usual condescending nonsense wrapped in irrelevant meandering storytelling, and garnished with the usual lack of insight, references or critical thought.

Well thanks for dropping by again...you seem to be one of helios' most frequent visitors. My only surprise is that you didn't make first post with you usual verbose and acid pontification.

Mr. Starks is actually an entertaining and popular writer. Many of his facts are indeed accurate. Listen, just drop your birthdate in here somewhere and we'll see if we can't all chip in and pick you up a sense of humor. Are you registered anywhere? Comedy Defensive Driving maybe? Oh, and while I am doling out advice...

by installing an operating system with a terminally user-hostile commandline-oriented UI.

Join us in the 21st century. Your above statement is so...it's so, well; 1996. You and Internet Explorer must be good friends. Statements like that simply exist hoping some happless newbie strolls along and takes it as gospel. Obvious Hail Mary there.

You either don't bother reading other comments or can't be bothered with fact so let me paraphrase Mark above here. When it all boils down to its essence, there are two facts that make MS Windows a millstone. Anyone that agrees to a EULA that allows any predetermined third party access to their machine has either not read the EULA or is so afraid of learning anything new that they sacrifice their freedom in trade for convenience. From the sound of your writing, you obviously have a deal with MS that Sony et al cannot slither around inside your machine. Must be nice. There may be others, I just can't think of them right off the top of my head.

As well, Windows Users are quite happy to gum up their systems with the likes of Symantec or AVG registry bloat. That's right. Use a product that in fact demands that you use another product to use it. Thanks Mark for bringing those things up.

You obviously don't like this guy. I've actually worked with him, interacted with him and held long conversations with him. What he does is an asset to this community and to Linux at Large. You don't like his articles? That's your right, but to say that a Windows User isn't logged in as root normally is playing semantics again. They have every right as a user that they do as an administrator unless set otherwise. How many Windows Users on a single user system take the time to do that?

You know as well as I do. Who can be bothered when they are updating their virus patterns.

Chelle

Brilliant consumership if I say so myself.

Anonymous said...

"Yeah right. Some people need their PC to get some useful work done instead of spending most of their time learning how to get the OS to what could have been done with a point and a click. Ah well, to each his own, but drop the idea that somehow sticking with a UI from the seventies has merit."

Helios, don't mod this guy. He's just proven one of your Dad's tenants.

Idiot.

Anonymous said...

Take the third-party firewalls for Windows for instance. Comodo firewall lets you know if a software/file wants access to the internet. Why, in Linux you have no such thing.

LOL, you might want to take a stroll around Sourceforge until you get comfortable. I only found three in ten minutes.

Besides, there are some of the most sophisticated intrusion detection apps in Linux that you could want, all real time and they operate independently of any firewall.

Anonymous said...

Quoted from some guy named Sander at lxer.com.

Google runs Linux. What do you think you know about computers and networks that Google doesn't know?

The Internet does certainly run on Linux...Google IS the internet.

Or soon will be

Hack that fanboi.

Anonymous said...

Well, I thought Mark Benning made a very compelling argument. Others have brought up salient points about package managers, etc. But noone has yet touched on some of the inherent flaws in NTFS. Helios touched on it briefly when he said,

"The Microsoft Windows file system, coupled with a user's free reign within that system is what makes Windows so fallible. There are absolutely no road blocks or speed bumps to deter reckless behavior or intrusion."

I was appalled when I learned how trivial it is to start a rogue task in NT, XP, Vista, etc. Any Windows version using NTFS is affected. Using an alternate data streams technique, one can "attach" an executable to another one. For example, one could attach wordpad to notepad. If the notepad icon is double-clicked, or notepad is started by calling the executable, (notepad.exe at command prompt or in run box), wordpad is run instead. With wordpad running, a check of Task Manager will show noteoad running, not wordpad. Brilliant.

I'm with ya, Ken.

djohnston

Anonymous said...

@ the anon poster that started his tirade with *sighs* This "article" is the usual condescending nonsense

You spend 4 paragraphs personally attacking the author and the other two or three showing us your absolute ignorance about the Linux operating system. In most minds, when the comments are focused more on attacking the author without providing any real substance to his argument, I give the point to the author. If you have to stoop to name-calling or derogatory remarks, obviously the author hit a spot.

Author - 1
anon - 0

and if you are going to attack the author or his style, have the fscking courage to sign your name to it.

Ami Myers

Kenneth said...

Well Ken you finally did it!
While trying to prove a point with fact and truth you have shown that people will not accept it. I think the greatest truth has to be that Microsoft users read all the GNU/Linux info they can find! If you look at the comments in different forums it is easy to see that this is true. They are not trying to prosper Microsoft. They are trying to learn how to become a Linux user. Treat them kindly they are committed to being one of us! It is just a matter of time.

Anonymous said...

ROFLMAO @ Chelle Minkin

I'm glad I didn't post that.

Excellent points all Chelle

Anonymous said...

One point that seemed to be missed bu those saying Linux is not secure. In any properly configured installation, the root password is required to install programs, and also to edit system files. Most of the distros that I have tried/used are this way. Maybe there are ways around that, I don't know. But, with most programs in Linux being installed from secure repositories, and requiring rood access to install things, these 2 things alone make Linux much more secure than Windows.

Up until Vista, there was practically no security in Windows at all. Vista had many problems, one being that the UAC was so annoying and intrusive that most people just turned it off. Other security problems with Windows are Active X, the fact that programs can install files to system folders (thus sometimes overwriting system files), and I could go on.

Oh, and on ANY system, users should regularly back up important data.

seriouslycgi said...

youd think _any_ windows user who is also a virus programmer, would be sick of linux users saying "the os virus to population issue, is a myth" youd think that that windows user, also programmer, would love to see his name immortalized as a genius who shut all the li-nutters up. we linux users have all been waiting for some time, for that genius to come along. either he doesnt exist or linux is secure. until it happens, windows users need to put up or shut up.

CrispBacon said...

As a relative newcomer to Linux, I'm always looking for equivalents to programs that I used to use under Windows. If I find out about some interesting software, then where possible, I use the version supplied in the repos. However, not all Linux software is available from the "official" repos or, if it is, may not be the most current version. In the last few months I've noticed a number of websites appearing where you can download pre-packaged binaries and even install them directly from within Firefox. Since there is no guarantee that these packages were compiled from the official source, do other people (like me) see these websites as a real vector for the introduction of malware into a Linux system (since the user is deliberately downloading and installing what they believe to be a legitimate package)?

Blog of helios said...

That's a good question and one that deserves some attention.

There is always sourceforge. Sourceforge is the clearinghouse for all free software (some refer to it as open source). That particular source is probably just as safe as your own repositories. I've downloaded binaries and source from there for 4 years and never had a problem.

Another almost sure bet of clean software is Softpedia.com. They carry an extensive array of Linux applications and again, I've used them for years without incident.

Remember, no one posts code anonymously...they may lie about who they are but never anonymously. Brand new coders or submitters tend to be scrutinized harshly until they have "proven" themselves so the checks and balances are strongly in favor of no bad stuff in most places like this.

Another good source is from your own forums. Often, distros have little known public repositories that house apps that haven't yet made it into the official repositories. Those are also a good place to go for stuff that isn't in your official repos.

You can also go to getdeb.org and rpmfind.com to get your applications that are not housed in the official repos. Those are a lead-pipe cinch to be clean of any malicious code.

That was a good question and I'm glad you asked. I am sure I missed some sources so you other folks in the know might want to add to what I've supplied.

h

Blog of helios said...

I mis-typed one of the sources above. That is getdeb.net sorry
h

uberregenbogen said...

"kind of like the first digital STD's"

Far from the first. Computer viri [not virii] are at least as old as 1982—when Rich Skrenta devised a practical joke that attached itself to Apple DOS (and soon got out of control).

"Vista actually did implement a stringent Root account system."

Which has existed in all of the NT based versions of Windows (incl XP and 2k). Vista is simply the first version to configure it correctly out of the box.

It's a good thing, in either case. But even in a unixoid OS, it doesn't save you from bad administration. How many people out there (raise your hands) have sudo configured not to require a password? Indeed, many distros configure it that way out of the box! This puts any programme (even a script) running in the context of a normal user no more than a shell command away from root privs—and free reign of the system. All you need is a remote code execution vulnerability. Owned.

Probably the biggest security threat to a unixoid system is its keeper thinking that they have nothing to worry about.

Anonymous said...

imo the repo style of installing things in linux is the biggest advantage(about virsu that is) for "linux on desktop".

The Nat said...

"Oh yeah...well Linux is only secure for idiots because no idiots use it. You just wait until the idiots think it's worth messing with, then you'll see."

The truth is that the inherent security of linux vs that of windows is only of secondary importance.

It IS possible to keep windows secure without using any additional software like a firewall or virus scanner (provided that there's a firewall somewhere in the network between your computer and the big bad internet), BUT you have to be pretty bright and paranoid and never sleepy. The thing is, it requires 100 times the intelligence needed to install Linux. And if you're paranoid enough to do it you probably run OpenBSD anyway ;P .

On the other hand, put an idiot with the root password behind a Linux computer, and you have root. Never mind you don't even need root to be able to do terrible things. And let's face it, we all have our idiot moments sometimes.

Step one, convince user to run a command:

Send out a "tell your friends" message saying "you'll get a dancing penguins screensaver if you press alt-f2 then type this code...". Or solve a common problem and hide your command somewhere in a script you post to ubuntuforums. Or...

It's pretty easy to hide what a command really does and make it look like something different. Beware of `something` (backticks) and $(something), these are usually hints that a decrypt-then-execute is performed by a command, but they have legitimate uses and I'm sure there are other ways to get the same effect.

Optional step 2: modify user configuration files so your code gets wrapped around su, sudo and their graphical equivalents.

The point of all this is, once the idiots who now say linux is secure because it's not widely used on the desktop start using linux, it's very likely these same people WILL get viruses and other malware, and then say "I told you so".

Trying to explain security to people who clearly are too dumb to understand it is just a waste of time, and potentially harmful because they'll expect "linux magic" to protect them from their own stupidity, after which they'll badmouth linux when things don't work that way...

Anonymous said...

Ken, well done. I find it extremely amusing that some of your detractors use "proof" as ridiculous as your original premise. What they are doing is basically explaining to us that they have so much emotional time and energy invested in Windows that they will resort to nasty comments and half-baked arguments to try to justify their allegiance. As a 17 year system admin, I can't find any that, to your point, succeeded. There are however some valid points about user responsibility. I might suggest a future article on how to sensibly secure a Linux machine. Surely you don't have to jump through the hoops we do that administer IIS.

You mentioned the space shuttle. There are a number of Linux and Open Source mission critical apps that run on the shuttles. My best justification for using Linux apps there can be found in twisting an old movie blurb:

"In Space, there's no one there to reboot"

Again Ken, well done.

John

Anonymous said...

It's funny, this blog has made me hyper-aware of the whole Microsoft support "ecosystem".

I'm a hardware noob and the last time I needed support I had to *argue* with the "certified expert" that I was experiencing a video hardware issue and not a Windows problem. He still wiped my system completely and claimed it was fixed only for me to prove him wrong when it crashed again. A new video card fixed the problem instantly. He didn't even try.

They have so little faith in the Windows product that the default answer for absolutely everything (even minor issues) is to completely wipe the system FIRST. Without hesitation.

It's like cutting off your arm to treat a bee sting.

Further proof - MS support techs will recommend that your system needs to be wiped at least twice a year to remain functional. One book I read recommend every 4 months! That's insanity! Who buys into a system like that?

Anonymous said...

Security is a virtue, either you practice it or you do not. The operating system is not the answer. however I still feel a lot safer running Linux then I ever did running windows. I believe it is a mistake to promote Linux on the issue of security. That is after all, the user's responsibility. Instead we should make an issue of what the GPL was created to protect, our rights. Unfortunately this is harder to convey to people, especially when they view their computer as an appliance and not what it is, a general purpose programmable computer.

Scott said...

"They have so little faith in the Windows product that the default answer for absolutely everything (even minor issues) is to completely wipe the system FIRST. Without hesitation."

Thats a different issue altogether, though. Especially from an OEM's standpoint. As a former tier-2 agent of a major OEM, I can attest to that.

It costs the OEM nothing for a customer to preform an FFR (full format and recovery) on their system. However, it can cost them in excess of $200 in shipping costs alone for "in warranty" repair service.
Thats why formats are required before depot service can be rendered.

Colonel Panik said...

Time to get all hardcore about the evils
of Mafia Soft!

http://www.groklaw.net/article.php?story=20090619161307529

Up with this the Colonel will not put!

Time to kick butt and take names! The
Colonel has the pencil.

Thanks for shaking their cage Ken.

Anonymous said...

These are (some of) the decisions that made Windows the reed basket of sea faring ships.

1 Graphical applications have direct access to hardware and effectively have administrative privileges

2 Any browser will run ActiveX downloads with Administrator Privileges. What root password? Simply click yes.

3 Internal communication between OS components goes over network port numbers (yes it really does), making them instantly available to the world

4 Email JavaScript is executed, as are any attachments if opened. The same in IE.

5 All applications settings are done in the Registry, which requires Administrative rights. This is not necessary anymore, but there are still too many applications that do this.

As an exercise to the reader, equate any of the security problems below to the decisions above.

Problem:
Why does Windows alone under the OS', and only Windows have virusses?

There are no virusses KNOWN to any version of *nix. That is not quite true, Mac OSX saw its first virus in February 2006:
http://www.sophos.com/pressoffice/news/articles/2006/02/macosxleap.html
Still, I have never seen a Mac virus in my life, and never heard of them outside obscure AV vendor sites.

Problem:
Drive by javascript attacks.
Why are they Windows only?

Problem:
Why do I need a personal firewall for Windows only?
Under Linux and OSX, you do not need a firewall because you will not open ANY service to the network.

Winter

Reid said...

@PV

Mac OS X is built off of BSD and as such carries many of the same ideologies as *nix does, therefore I think it is, for the most part, safe to say that it will be secure even out of obscurity. Yes, there are still some flaws that creep in - it was vulnerable to the same Java flaw that Linux was for far longer than it should have been, but that should be proof that they are pretty secure.

Yes there have been a couple trojans, but they were carried through pirated software that required the users to enter their password to install - stupid user tricks that will compromise any *nix, Windows, or OS X box.

You also sign over rights in the EULA, but as far as a mainstream for profit OS goes it is still leaps and bounds more secure out of the box than Windows is.

Anonymous said...

If anyone has bothered to read this far, I believe the article makes some good points but misses the biggest:

Security is a process, not an event or product.

That process is easier with *nix.

Anonymous said...

"LOL, you might want to take a stroll around Sourceforge until you get comfortable. I only found three in ten minutes.
Besides, there are some of the most sophisticated intrusion detection apps in Linux that you could want, all real time and they operate independently of any firewall."

That so? Please share with us, I've been looking for a firewall with a GUI that allows me to know if (a known or unknown) app suddenly needs access to the network. Last time I checked, there was ONE app that did exactly what I wanted, but the project had been abandoned years back.
These three firewall projects you're referring to, are they like a one-man's-job or something? Good documentation?

The various IDS solutions in Linux are great. But most of them a pain to configure if you're a semi-newbie like me. Take snort for instance - a great piece of app but a pain in the __s to configure. Samhain is a decent one but looks better on paper than in real use... well for some reason Samhain doesn't jibe well with my system. No GUI btw.
Comodo has an excellent IDS with a GUI that works well and can be installed independent of their pro suite.
I believe there is Snort for Windows as well.
Actually, there are tons of good IDS apps for Windows!

I want to repeat that if you run Windows as a regular user, implement Software Restriction Policy and have set a conservative file/folder permissions you don't even need an antivirus or IDS - you could use AV for scanning email messages but same goes for the Linux box. You're at least as secure as you could accomplish with Linux + other security apps.

In many distros, you don't even get a firewall. Ubuntu for example doesn't come with one. Hundreds of thousands of ubuntu-users don't use a basic protection layer as a firewall and with no security measures taken, plus an ill-configured sudo file, they think they're so secure because everybody else says Linux is so secure out-of-the-box. I simply don't buy that.
Fedora and CentOS are serious distros that take security seriously and they both come with a firewall and SElinux.

What about unnecessary services/daemons that many distros still uses in their default configurations that make your vulnerability landscape so much vaster? (Same can be said for Windows but I've already said there are pros and cons for both systems.)

BTW, Windows has better file permission config options than Linux. All available via a nice GUI.

I may sound like a Linux basher but i'm not. But I'd like to see some balance in the arguments for the pro's and con's every OS have.

zelrik said...

I think that while Linux is more secure overall, it is far from bulletproof.

If Linux Desktops get more popular, you'll see more 'viruses' designed for it. I am pretty sure servers are attacked too. The good part is that the Viruses designed for Linux have to be fancier, that all.

Also, nothing prevents attacks based on Social Engineering, the main security hole is ALWAYS between the chair and the keyboard.

Lester McGrath-Rosario said...

I recently heard an "expert" on radio use this same argument against the Mac OS: "It's not as popular as Windows so there aren't that many viruses created for it".

Does the explanation Helios uses for Linux apply to all Unix based systems, or just Linux?

Andrew Magnus UT-Austin said...

It wholly depends on how that Unix system is structured and administrated. The Pwn2oWn contest of 2008 hacked the mac in like some ridiculous time...4 minutes or something but they used a java/flash exploit to do it. Your system may be rock solid but if your browser is wonky, then it is the weakest link in the defense.

On a side note, I remember the hackers, after being asked why they could never make Linux fall, responded that if they only had a few more minutes, Linux would have fallen too. Well, it's been two years almost and it still hasn't fallen. Whoever hacks Linux after those guys failed has some huge cred coming their way and you would think that if it could have been done it would have been.

Mac fell because of sloppy peripheral policies...not because the Unix backbone was deficient in any way.

This whole argument has been interesting but I think helios boiled it down nicely.

"You must use antivirus, I do not, deal with it.

Christopher Lees said...

Despite some technical inaccuracies, Ken has it. But there's more.

Recently there was a bit of publicity over an article that claimed it was possible to circumvent the use of the execute permission, so a user could download a malicious file and double-click it to run it, and that it could eventually gain root permission through some trickery. It used a .desktop file to do this.

When the Windows fans responded to the article with "Haha, Linux is insecure" they were forgetting a couple of things:

1. Only Gnome was fully vulnerable, as it neither displayed the ".desktop" extension nor required the file to have execute permission.

2. KDE's behaviour toward the file would raise alarm bells for users, and XFCE would require execute permission for the file (so, basically unaffected).

4. The VERY NEXT version of Gnome contained a comprehensive fix for the theoretical vulnerability - the .desktop extension is now displayed for any .desktop files that have not been created by Gnome, and if you try to use one of those files it gives you a warning.

Compare that to Microsoft. Firstly, every piece of software is immediately runnable on Windows anyway; so a Linux distribution with the flaw becomes as secure as Windows, not less secure. Secondly, this sort of non-critical vulnerability would take Microsoft months to fix, and could take Apple up to four years to fix (if we take the setuid Applescript vulnerability as an example).

Thirdly, the vulnerability affected something like 40% of desktop Linux users (Gnome users only); on Windows, a vulnerability like that would affect 100% of desktop Windows users, and possibly a large number of Windows CE/Windows Mobile users.

Mac OS X hasn't really been attacked much because there aren't as many crackers with OS X, and there aren't really many users. Apple has frighteningly-bad security auditing that has resulted in leaky firewalls, privilege escalation attacks that use the design of the system rather than the implementation (can't be fixed without breaking program compatibility), a guest user account that can still run code after logout, and designed remote code execution in Safari.

Linux systems, at least, are designed with a bit of care toward secure practice.

Lester McGrath-Rosario said...

Regarding Ubuntu firewalls:
Ubuntu does come with a firewall called ufw. It's pretty easy to activate, but could be easier.

Cannonical could, in the Ubuntu install process, ask if the user wants the firewall activated, and how.

Glen Turner said...

Security if more than an operating system, it is a mindset. If the mindset is wrong, then the OS won't save you.

I mention this because there is a world of insecure Linux machines on the Internet right now -- in boxes marked "ADSL modem". Those machines run everything as root, can't be automatically upgraded, don't run SELinux, etc.

The difference between Windows and Linux is that if you set about making Linux secure you end up with a machine not too far from what came out of the distributor's box, whereas with Windows you end up with a very customised machine that isn't useful for very much.

mtinman said...

Amen Helios, Amen!

Van' said...

@kozmacrae, quite so. And really the attitude is understandable considering the industry giant, the one smaller companies aspire to kick off its pertch, absolutley will not tell you about a flaw in its software.

You can see the same attitude from the Xbox360 users and the RRoD issue: it's not the machine it's the user/developer because dust/didn't lift the powerbrick/pushed the machine to hard/whatever. It's never Microsofts fault.

Indeed OSS's tendancy to go "Yep, that's a problem" is used against us because well... MS is 100% fault tollerant so we're not.