From: Moshe on
On Thu, 25 Mar 2010 03:32:41 -0700 (PDT), RayLopez99 wrote:


> Check out this humourous link on Linux distros:
>
> http://ibidem.homeip.net/fun/linux/


Linux is safer.

Most people who try Linux never even get it installed.
From: FromTheRafters on
"Charlie Wilkes" <usexpedition(a)gmail.com> wrote in message
news:qlg88z4abptl.4qtf88axwp8l.dlg(a)40tude.net...

> As a practical matter Linux bestows a lot of immunity. You can go to
> trashy
> websites and click the button that says "WARNING - YOUR SYSTEM IS
> INFECTED
> WITH SPYWARE, CLICK HERE TO FIX."

I'm not sure I understand the concepts of a little, or a lot, of
immunity isn't that like "a little bit pregnant"? One is "immune" or
else one is not, no?

Linux makes some attacks more difficult. Truth be told, I can do the
same with my Windows box, I can click whatever I want to. It is an
unsafe practice that will *eventually* get me into trouble due to the
large amount of malware extant for the Windows platform and the
applications usually found on them.

Linux users have less to worry about for a multitude of reasons.
Immunity *not* being one of them.





From: Leythos on
In article <8e0f56dc-79cb-4de0-a222-
fde64270179c(a)g28g2000yqh.googlegroups.com>, raylopez88(a)gmail.com says...
> So the issue is this: please vote on what system would (in your mind,
> since data is really hard to come by) be safer in terms of malware
> breaches
>

Having a LOT of real-world experience in this, from an OS platfor, as
currently exists, in the hands of a HOME user that is not technical,
Most Linux installations are more security than most Windows
installations.



--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
spam999free(a)rrohio.com (remove 999 for proper email address)
From: Rex Ballard on
On Mar 25, 6:32 am, RayLopez99 <raylope...(a)gmail.com> wrote:
> Some misguided dude made this statement:

> > whether Linux would be inherently more secure
> > than Windows and whether--this is the point--it would require AV/
> > Firewall protection.  I say yes, if and when (never) it ever got 90%
> > market share like Windows.

> No, it would not need AV. No OS should need AV if written properly

On this we agree, yet Windows, even Windows 7 still needs Ativirus and
this is still the fastest growing segment of the software industry in
terms of software written exclusively for Windows, both in terms of
revenue and unit volume.

> So the issue is this:  please vote on what system would (in your mind,
> since data is really hard to come by) be safer in terms of malware
> breaches--a MSFT Windows system that has all the latest patches
> (updates/ sig files, firewall, etc), meaning it has a third party
> antivirus program running, and a software firewall, or, NATIVE (naked)
> Linux, meaning a Linux machine connected to the net (OK to have a
> hardware firewall via the router or NAT box), but without any AV
> program running on the Linux machine?

By "naked" - I would assume that you mean as pre-installed or as
installed by using the standard installation media DVD.

If that's the case, the answer would be Linux.

The standard installation includes the following security measures by
default:

The installer is prompted for a root password, most also check the
password to make sure it's not too obvious.
The installer is prompted to create a user account with a user
password.
The standard configuration includes a fire-wall that blocks all
incoming connections.
The standard configuration only lets the ordinary user do basic things
like mount the CD/DVD drive.
Most administrative changes have do be done using either root access
or sudu, either way, the user is prompted for a password. Software
can't easily be installed without the user's knowledge.
File Directories used to store executable files can only be changed by
root.
File files that are executable are owned by users who don't even have
passwords.
The user can only make changes to files in his home directory and
below that tree.
The home directory can easily be backed up and recovered, even when
applications are still running.
The system keeps a history of all su and sudo requests, making it easy
to identify what user ID attempted the restricted access, and when.
The system keeps a history of all incoming TCP connections, making it
easier to identify how the machine was being accessed if it was being
accessed remotely.

Konqueror doesn't trust cookies or signed java applets.

FireFox will run signed java applets, but only with the same rights as
the user. The user can mess up his home directory, but not system
files.

Many server applications use chroot to keep incoming connections in
"jail" - making it nearly impossible for them to do mischief to other
applications or public directories.

FTP automatically strips the write and execute bits of incoming
files. Assuring that you can look but you can't touch.

Anonymous FTP is to a writable but not readable directory. This is
assuming that the user is sophisticated enough to install the FTP
server and start it.

Stack-overruns are most likely to trigger memory exception faults if
someone tries to execute memory which isn't executable. Linux
carefully separates executable/read-only (bin/text) from buffers (bss)
and heap. Normally, a fork produces an exact copy of the map to the
parent process, and the exec loads the new application and preserves
the mapping to shared libraries, but the mapping is read-only.
Attempts to modify program memory will trigger a segmentation fault.
Attempts to execute writable memory will trigger a segmentation
fault. About all you can do is some clever pointer arithmetic.

Most successful attacks against Linux have resulted in denial of
service (server program crashes), but most robust programs
automatically restart themselves when new traffic arrives (xinetd).
Of course, on a desktop system, you wouldn't have any servers, so
hackers couldn't even get through the front doors.

> Apples and oranges?  I think not.



> You see, the Linux cultists believe that Linux is so inherently secure
> that it does not need a third party firewall or AV program,

This is because it has the same firewall software used by companies
like CISCO and NorTel without the really nice graphical user
interfaces and all the fancy options required to manage 30-40
subnets. The iptables system can be used to configure multiple
subnets, but the GUI for most desktop systems is oriented toward your
typical NAT scenarios.

Most Linux distributions also include an antivirus. This is only
needed if you plan to share your file space with two or more Windows
users, since one could have an infection that gets stored on your
share, then the other person could pick up the infected file.

> see above
> ("No, it would not need AV. No OS should need AV if written
> properly").  But I say that Windows, with the requisite security,
> would be SAFER than Linux.

If you mean by requisite security, things like:

ActiveX disabled
Signed Java Applets disabled.
DHCP disabled
IPPNP disabled
Only RSA and THAWTE as trusted Certificate Authorities (Not
Microsoft).
Better yet, only a corporate CA is trusted by employee systems.
Certificate Age checking enabled.
All inbound ports blocked
software updates supplied by corporate server rather than Microsoft
(so they can be tested first)
Each update must be approved by corporate IT management then by end
user.
User uses non-administrator account.
User has a SEPARATE administrator account which is ONLY used for
installing software and configuration updates.
MS-Office macros disabled
MS-Office OOXML documents and attachments automatically rejected by
corporate e-mail filter.
VBA disabled
SQL Server Express disabled.
OLE objects are restricted to only those in a specific directory.
Separate read and execute permissions (oops, Windows doesn't have
that).
System directories are read-only to all but Administrators
System DLLs are execute only to all but administrators.
Limit the number of threads in a process or apartment thread to 4 or
5.
Use memory management to separate code, read-only values, and read-
write buffers.
Have operating system automatically terminate all threads and release
all resources before being allowed to exit.
Use memory mapping of I/O buffers to force segmentation faults if
buffer overrun is attempted.

Can Windows even do all that? Windows NT, 2000, and XP couldn't, but
maybe Windows 7 does.

Linux does things like this, and more...
MUCH more...

>  As evidence of this, in the last six
> months the official Linux kernel org has issued two updates to the
> Linux kernel to patch potential security breaches.

Sure, there are lots of people who want the prestige, and even in some
cases, a bounty that comes with finding a theoretical bug. Such bugs
are often impossible to exploit, but because anyone who wants to
review it can have access to the full source code, there have been
several hundred people who have found thousands of bugs in the kernel,
libraries, and various applications. Most are such things as using
gets() instead of fgets() which limits the number of bytes read into
the buffer.

With Microsoft, there are only a hand-full of people who have access
to the code, and no one person has access to all of it. That hand
full of people has their hands full getting out patches for the
current release and getting the next release developed.

Microsoft has provided segments of the code to government agencies
willing to sign a very strict non-disclosure agreement which pretty
much prevents anyone involved in a review from programming anything
for anyone other than that government agency, or Microsoft.

> The fact that there are few Linux viruses, I maintain, is only due to
> the less than 1% market share of Linux.

Yet there are thousands of patches to theoretical flaws that
theoretically COULD be exploited by a Virus. If you managed to get
past all the security measures, could tweak memory management, and
could compile your own code into the kernel and give your program root
access and disable all of the protections the virus would have to get
to BEFORE it got to this errant code, you MIGHT be able to be lucky
enough to call a routine that lives in a predictable location.

> I vote for Windows--and de facto so has 90%+ of the computing public.

Actually, the computing public didn't vote at all. Windows was
IMPOSED on them by corporate management, by OEMs who pre-installed
Windows, and by Retailers who never put anything BUT Windows on
display.

And by the way, Apple captured 14% of the laptop/desktop combined
market in several quarters since 2007 when Vista was released. Even
today, people are willing to pay $1000 to $2800 for OS/X machines
compared to $400 to $700 for technically superior hardware pre-loaded
with Vista or Windows 7.

Furthermore, Windows XP "downgrade" kits have become a hot new
market. The last time this happened was when ME came out and people
scrambled to downgrade to Windows 98.

> RL

> Check out this humourous link on Linux distros:

> http://ibidem.homeip.net/fun/linux/

This is the very best part of the whole article Roy, Who would I need
to contact to get permission to publish them on my web site?

Rex Ballard
http://www.open4uccess.org

From: Rex Ballard on
On Mar 25, 8:22 am, Agent_C <agent-c-hates-s...(a)nyc.rr.com> wrote:
> On Thu, 25 Mar 2010 03:32:41 -0700 (PDT), RayLopez99

> <raylope...(a)gmail.com> wrote:
> >Apples and oranges?  I think not.

> Linux is for Hippies and Communists.

Who eat healthy foods, salads, and fish, meditate, do yoga, and engage
in creative activities, like theater, music, dance, and art. People
who are advocates of change, who want to make a difference by
enhancing the lives of others.

Many of them are in their 70s and still doing all of these things.
They may not live to be 100, but they will probably enjoy almost all
of the time they are alive.

> Real men use Windows!
Real men also think that a 7 course dinner is a pizza and a six pack
of beer, preferably tall ones. They eat lots of saturated fat,
starch, and watch football and basketball so they can experience the
memories of the days when they played in Pop Warner, Little League, or
even high school, mostly just beating the daylights out of each other.

Real men die of heart attacks by the time they are 55.

> A_C