MyDoom (was: Test)
Derek Martin
invalid at pizzashack.org
Tue Feb 3 23:01:47 EST 2004
On Tue, Feb 03, 2004 at 10:24:44PM -0500, bscott at ntisys.com wrote:
> > I disagree, and I'm surprised to hear you say that. It's true that FOSS
> > does have many buffer overflows, but even when they are attacked, the
> > Linux/Unix model is inherently more secure. The fact that under most
> > circumstances, ALL code executed on a Windows PC being used by the average
> > home user runs with the equivalent of superuser priviledges means that
> > essentially any compromise is devastating.
>
> Yes, but this has nothing to do with the design or implementation of
> either Linux/Unix or MS-Windows. It's simply a matter of operator mindset.
Er, I can't say I agree there either. Until very recently, Microsoft
provided no separation of privileges in their for-home OSes.
> It absolutely requires a higher level of knowledge and interest to replace
> your OS. But if tomorrow, Dell, HP/Compaq, IBM, Sony, and Gateway all
> started shipping Linux as the default OS on their computers, and by default
> those computers used "root" for the regular user account, do you really
> think FOSS would do any better?
Do you forsee this as even a possibility in anything resembling the
near-term? I think (out of necessity) computer users in general are
becoming more savvy all the time, and hopefully by the time this is
even a possibility, the typical computer user will know better than
they do today.
> It is not an inherent difference, or a technical one; it is entirely about
> the people using the software, and how they use it.
See above.
> > I don't see that changing any time soon; but even when it does, Linux will
> > still be better.
>
> You are assuming. LindowsOS uses "root" as the default user account.
> Sure, LindowsOS is not exactly taking the world by storm, but who is to say
> that the Linux distribution that *does* take the world by storm is going to
> be better designed? I should point out that if design superiority was a
> necessary criteria for success, Microsoft Windows would not be in the
> dominant position it is, and we would not be having this conversaion...
You have a point here. But, Lindows is a special case, where in
remarkably short-sighted fashion, it is trying to mimic Windows' poor
security model for ease of use. This really makes them no better than
Windows itself, though it might still arguably be more stable... I
don't know who uses Lindows, or who their target audience is... But I
suspect this company will not last long. I don't want to go into why
right now, and maybe you can already see it, so I won't need to.
"Normal" Linux distributions do not go out of their way to defeat the
wisdom of the normal Unix security model. Only particularly ignorant
users do this.
> I actually do have a point here. A lot of FOSS advocates frequently voice
> the opinion that Linux is somehow inherently more secure then MS-Windows.
> As it turns out, I agree with them -- it is. But, as we all know, security
> is only as good as your weakest link.
I agree, of course, as I'm sure you realize. I only argued the point
because you made statements earlier in the thread which I think are
not really true. Linux advocates make such arguments because they
are, in fact, technically true. But, when we make such claims to
non-computerati (yeah, I just made that up), we need to be sure to
also explain the shortcomings. Which, as you astutely point out, are
with humans...
--
Derek D. Martin
http://www.pizzashack.org/
GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address.
Replying to it will result in undeliverable mail.
Sorry for the inconvenience. Thank the spammers.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20040204/2df4434c/attachment.bin
More information about the gnhlug-discuss
mailing list