Quote:
Originally posted by Seraph:
</font><blockquote>quote:</font><hr />Originally posted by LennonCook:
<span style="color: lightblue">Not realy. It isn't possible to elminate the viruses and the spyware, but it's definately possible to reduce the effect it can have. Just look at Linux: most security vulernabilities in it require someone to be physically sitting at your computer, and be logged in.
|
The slapper worm back in 2002 showed just how solid linux systems are.</font>[/QUOTE]<span style="color: lightblue">One worm. Three years ago. Nothing prior, nothing since. Compare to... how many for Windows?
Quote:
From the standpoint of remote buffer-overruns, all operating systems are
vulnerable to sloppy programming.
|
<span style="color: lightblue">Remote buffer overruns are more than sloppy coding. They need bad design for them to be able to be executed remotely, relying only on a computer to be logged in.
Quote:
From the standpoint of social engineering
e-mail worms, all systems are vulnerable to stupid users.
|
<span style="color: lightblue">OK, now, why are there stupid users? Mainly because when something goes wrong, Windows says "Something went bang! Go tell Microsoft".
Linux gives you some idea of what went wrong, and possible ways to fix it yourself. Linux teaches you to be able to fix simple problems, Windows encourages stupid users.
Quote:
If you can explain why any software that is going to bind to a port 1-1024 needs to be started as root then I might start to belive in some of the mythical security that Linux has.
|
<span style="color: lightblue">If that were true, you would need to start a web browser as root since they bind to port 80. FTP clients, mail clients, GAIM and its kin. They all connect to ports, inbound and outbound, and yet they can be started by anyone who can access the executable. I run aMSN, Thunderbird, Firefox, xChat, ncFTP, and GAIM regularly as me. Check your facts.
Quote:
Other then crapy design there is no good reason why something like Apache needs to be started as root,
|
<span style="color: lightblue">How about, it is designed specifically to allow other people to connect directly to your computer? That makes it an admin level function. And this is Windows mistake - it not only allows anyone to start something like Apache, it has other servers running by default which most people should not need to care or know about. And yet, if they don't disable them, it can cause major problems. Ever wondered why things like trojan droppers can exist?
Quote:
and it provides a nice window of vulnerability that defeats the whole privliges system that Linux security is usually based on.
|
<span style="color: lightblue">If anyone could start Apache, that obvious little problem (Apache by it's very nature allows other people to connect to you without necesarily having your permission) could be opened by anyone. As it stands, it can only be started by root, and - except for home users - the only people with the root password are expected to know this stuff anyway. It is encouraging you to understand what you are doing, and to realise that it isn't necesarily safe.
Having things being only startable by root doesn't undermine the priveledge system. It enforces it. To allow anyone to start anything on the other hand would make root almost redundant, and this
would undermine the priviledges, as much as people can at the moment by encouraging people to be root all the time. This is the primary mistake Windows makes, and if it fixed this, it would improve alot of things.