For those that don't know yet, The HeliOS Project is raffling off two killer laptops plus some other cool stuff. Drawing is on the 3rd of July so get your entries into the hopper soon. You can click the TEXT link on the left side of the page or you can click here to enter. Details of the raffle can be found here.
A colleague and a friend of mine recently had to resort to moderating her blog comments based on the number of (kindness and light helios...kindness and light) uh,.... uninformed readers who insisted on trotting out the tired old line:
"Oh yeah...well Linux is only secure because no one uses it. You just wait until the hackers think it's worth messing with, then you'll see, Mr. smarty pants Linux user.
I think I want to run knitting needles through my eyes and brush my gums with a potato peeler.
Look, we're going to knock this down right here, and for all time, unless of course it gets proven wrong. I doubt that it ever will. this is going to be Linux security 101 for people that you send here to get the real story on how it works. It's going to be told via mildly condescending story-telling techniques and simple analogies. It won't go into Guru depth but we'll drill far enough down and unpack it enough to make our point. Is that elitist? Sure it is, but we're already accused of that anyway.
They haven't advanced the ball a bit by saying it.
Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted...Gene Spafford.
Here's how it works.
It was a different day, a different era when Microsoft Windows was born. The whole idea behind Windows was to make everything backwards compatible with everything else. Slight changes caused by a patch or upgrade would normally break currently installed software, so the engineers at Microsoft made it so that didn't happen. The code was written so that the system adapted itself to the changing API's and system calls. That way your favorite pinball game didn't stop working when a program using an almost identical dynamic link was called.
If you've rummaged around inside a Windows machine at all, you've seen that there are a number of seemingly identical dll's registered with the system. I'll bet some of you, in order to save hard drive space, at one time or another have even deleted some of them.
"Honey, why is there a blue screen on the computer...? Honey...?"
They are not identical at all...they may have the same names but there are variations of code that make them unique to the programs they belong to. Another brilliant move by Microsoft...identical file names for different files.
In the first place, you should have never been allowed to even touch that file, but we'll get to that in a bit.
The point is, once malicious, evil hackers discovered that most code had free reign in a Windows system, they went to work. If legitimate code was allowed to cuddle with the system, why couldn't their's...kind of like the first digital STD's. Actually, we can thank Microsoft for vastly strengthening our economy, from their efforts sprang multi-billion dollar companies like Symantec, McAffee, Kaspersky...the stockholders were ecstatic.
The way that Microsoft Windows was coded insured that you would have to indeed pay for or use other software in order to insure the software you already purchased will work. There's some more of those dll's gumming up your works. Microsoft, not being the financial slacker, saw an opportunity to turn crap into gold. They actually "sold" space to these companies on their install disks so that they could give you "antivirus subscriptions". They found a way to make money on the sub-standard system they wrote and sold you.
You lucky dog you. And quite the wise consumer.
So with all this code running around loose in your system, it's no wonder that you have to wrap your computer in bits and bytes of security chains before you even connect to the internet. You just never know what you've picked up that will want to co-exist with the software on your machine. Here's what I find absolutely hilarious. Those antivirus and antispyware programs you use often, can slow your system down so much that it becomes an exercise in patience just to go from page to page. Many of you in turn blame viruses for doing what the antivirus software is actually doing. Your hard-earned dollars at work.
The Microsoft Windows file system, coupled with a user's free reign within that system is what makes Windows so fallible. There are absolutely no road blocks or speed bumps to deter reckless behavior or intrusion.
With me so far?
Good, we're gonna show you why Linux is light years safer than Windows.
What we got here is yer good ol' natural laws of the universe.
In Linux, there is a system of "user permissions" set up when you install the system on your computer. There are two parts to your system.
User Account and Root Account.
You operate as the user in Linux. In fact, and as in Windows, you can have as many user accounts as you want. There is, in some form, an Administrator account in Windows...it just doesn't function as one. Each account is an environment unto itself, and it evolves as the user interacts with that environment. Making changes to the color scheme and installing applications will dictate how the account changes as the user works. These are little worlds unto themselves and are not aware of other user accounts residing on that hard drive.
The root account, or Administrator account is a different story. It remains largely untouched as it exists only to keep order. If you install a program, it insures all the individual parts are in place and havoc does not ensue. Whereas you had all the permissions in the world to alter and ultimately screw up your Windows system, in a Linux environment, restricted privileges insure that order is maintained and access to critical files is controlled. The end result is a stable, reliable machine that rarely needs rebooting.
"Well helios, so much for Linux being all about freedom then. Turns out all that is a bunch of poop. Linux is actually an authoritarian, police-like system. At least in Windows I had the choice whether I could screw up my system or not."
You could look at it that way, but only if your ultimate goal is to eventually screw up your system. Besides, on a single-user machine, who do you think assigns the root password? You do, so ultimately, you have the same privileges you had in Windows.
Microsoft Windows assumes you are an idiot. Linux makes you leave irrefutable evidence.
With this system, if a bad guy should ever gain access to your machine via socially engineering you to initiate a script (you know them as .exe's), it can only cause its havoc within the user account. It cannot do silly little things like meander its way to your address book and send itself out to dozens or thousands of recipients. How do you think these viruses propagate so quickly? The root account, the keeper of the castle, will not allow the bad code to do anything but trash your own house...It's house stays in order. You can rebuild your system after a disaster in minutes if you are properly backed up. Oppose that to a 3+ hour Windows re-install.
And that's what this is all about.
Productivity and order. Natural Laws Of The Universe.
You know, I've worked Tech Support on and off for ten years now and Vista actually did implement a stringent Root account system. It makes me laugh to know that the majority of the bad attitude of Vista is that it makes you provide a password before doing certain stuff.
Gee...wonder where Microsoft got that idea?
Chances are, those commenters in Carla's blog really didn't know a thing of which they spoke. They had heard or read someone say that Linux was only secure because it is obscure and were simply repeating it to show off.
My dad had a saying he was fond of telling me...and he did it often as I remember.
"People can only assume your an idiot. Once you open your mouth, you prove it to them."
Think for yourself for a change. Stop to think that upwards to 70 percent of the Internet runs on Linux. Is that obscure? If what you say were true, wouldn't the Internet be brought to its knees on a daily basis? If it were Microsoft servers running the show, it may very well be. As our good friend Sander from LXer.com noted recently, even if you want to argue the merits of what I say, the obvious evidence is right in front of you. Google runs entirely on Linux. Now you run right along and hack that. And one more point for the road. Many of you sidestep this to the point of embarrassment. You insist on clogging your Windows System with Antivirus software for some reason. I have never, ever had a byte of AV software on my Linux boxes.
You need it, I don't. Deal with it.
The fact that Linux exists gives you a stable environment to dwell on the Internet. I'd be a bit more respectful and check my facts before I went leaving public record of my ignorance. What you say or do on the Internet never goes away. Carla should have posted those comments.