another reason to use adblock and noscript... or just use Linux
Derek Atkins
warlord at MIT.EDU
Wed Mar 24 16:28:50 EDT 2010
Benjamin Scott <dragonhawk at gmail.com> writes:
> On Wed, Mar 24, 2010 at 3:02 PM, G Rundlett <greg.rundlett at gmail.com> wrote:
>> So, it seems that you're saying: "Don't switch to Linux because even though
>> it will prevent you from getting 99% of the malware out there today, someday
>> it could be targeted and vulnerable".
>
> No. What I'm saying is: A false sense of security is a bad thing.
> Don't misrepresent what's really happening. When it comes to
> security, it is critical to understand what's actually happening.
>
> I'm also looking ahead. Let's say everybody on Earth says, "Wow,
> Greg Rundlett says to switch to Linux because it's more secure. Let's
> do that!" So next week, everyone is running Linux. Now all these
> problems that happen on MS Windows will happen on Linux instead.
That of course assumes that the target platform is as vulnerable. I
think Linux is much less vulnerable to escalation-requiring attacks than
Windows, mostly because in general on Linux users do not run with admin
privs, whereas on Windows most people do. So there's a whole class of
attacks that don't work out-of-the-box; they need to find a priviledge
escalation attack in addition to the user attack in order to hook in.
I do agree that we'd see more Linux-targeted attacking if Linux were
more prevalent on the desktop, but I think Linux does start as a more
secure platform that Windows, so you've already got a leg up.
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord at MIT.EDU PGP key available
More information about the gnhlug-discuss
mailing list