Vote--> which is safer: Windows with all updates OR naked Linux?
in [Anti-Virus]
|
Prev: Avira version 10
Next: un anti-virus
From: Moshe on 25 Mar 2010 09:24 On Thu, 25 Mar 2010 03:32:41 -0700 (PDT), RayLopez99 wrote: > Check out this humourous link on Linux distros: > > http://ibidem.homeip.net/fun/linux/ Linux is safer. Most people who try Linux never even get it installed.
From: FromTheRafters on 25 Mar 2010 09:33 "Charlie Wilkes" <usexpedition(a)gmail.com> wrote in message news:qlg88z4abptl.4qtf88axwp8l.dlg(a)40tude.net... > As a practical matter Linux bestows a lot of immunity. You can go to > trashy > websites and click the button that says "WARNING - YOUR SYSTEM IS > INFECTED > WITH SPYWARE, CLICK HERE TO FIX." I'm not sure I understand the concepts of a little, or a lot, of immunity isn't that like "a little bit pregnant"? One is "immune" or else one is not, no? Linux makes some attacks more difficult. Truth be told, I can do the same with my Windows box, I can click whatever I want to. It is an unsafe practice that will *eventually* get me into trouble due to the large amount of malware extant for the Windows platform and the applications usually found on them. Linux users have less to worry about for a multitude of reasons. Immunity *not* being one of them.
From: Leythos on 25 Mar 2010 14:43 In article <8e0f56dc-79cb-4de0-a222- fde64270179c(a)g28g2000yqh.googlegroups.com>, raylopez88(a)gmail.com says... > So the issue is this: please vote on what system would (in your mind, > since data is really hard to come by) be safer in terms of malware > breaches > Having a LOT of real-world experience in this, from an OS platfor, as currently exists, in the hands of a HOME user that is not technical, Most Linux installations are more security than most Windows installations. -- You can't trust your best friends, your five senses, only the little voice inside you that most civilians don't even hear -- Listen to that. Trust yourself. spam999free(a)rrohio.com (remove 999 for proper email address)
From: Rex Ballard on 25 Mar 2010 17:22 On Mar 25, 6:32 am, RayLopez99 <raylope...(a)gmail.com> wrote: > Some misguided dude made this statement: > > whether Linux would be inherently more secure > > than Windows and whether--this is the point--it would require AV/ > > Firewall protection. I say yes, if and when (never) it ever got 90% > > market share like Windows. > No, it would not need AV. No OS should need AV if written properly On this we agree, yet Windows, even Windows 7 still needs Ativirus and this is still the fastest growing segment of the software industry in terms of software written exclusively for Windows, both in terms of revenue and unit volume. > So the issue is this: please vote on what system would (in your mind, > since data is really hard to come by) be safer in terms of malware > breaches--a MSFT Windows system that has all the latest patches > (updates/ sig files, firewall, etc), meaning it has a third party > antivirus program running, and a software firewall, or, NATIVE (naked) > Linux, meaning a Linux machine connected to the net (OK to have a > hardware firewall via the router or NAT box), but without any AV > program running on the Linux machine? By "naked" - I would assume that you mean as pre-installed or as installed by using the standard installation media DVD. If that's the case, the answer would be Linux. The standard installation includes the following security measures by default: The installer is prompted for a root password, most also check the password to make sure it's not too obvious. The installer is prompted to create a user account with a user password. The standard configuration includes a fire-wall that blocks all incoming connections. The standard configuration only lets the ordinary user do basic things like mount the CD/DVD drive. Most administrative changes have do be done using either root access or sudu, either way, the user is prompted for a password. Software can't easily be installed without the user's knowledge. File Directories used to store executable files can only be changed by root. File files that are executable are owned by users who don't even have passwords. The user can only make changes to files in his home directory and below that tree. The home directory can easily be backed up and recovered, even when applications are still running. The system keeps a history of all su and sudo requests, making it easy to identify what user ID attempted the restricted access, and when. The system keeps a history of all incoming TCP connections, making it easier to identify how the machine was being accessed if it was being accessed remotely. Konqueror doesn't trust cookies or signed java applets. FireFox will run signed java applets, but only with the same rights as the user. The user can mess up his home directory, but not system files. Many server applications use chroot to keep incoming connections in "jail" - making it nearly impossible for them to do mischief to other applications or public directories. FTP automatically strips the write and execute bits of incoming files. Assuring that you can look but you can't touch. Anonymous FTP is to a writable but not readable directory. This is assuming that the user is sophisticated enough to install the FTP server and start it. Stack-overruns are most likely to trigger memory exception faults if someone tries to execute memory which isn't executable. Linux carefully separates executable/read-only (bin/text) from buffers (bss) and heap. Normally, a fork produces an exact copy of the map to the parent process, and the exec loads the new application and preserves the mapping to shared libraries, but the mapping is read-only. Attempts to modify program memory will trigger a segmentation fault. Attempts to execute writable memory will trigger a segmentation fault. About all you can do is some clever pointer arithmetic. Most successful attacks against Linux have resulted in denial of service (server program crashes), but most robust programs automatically restart themselves when new traffic arrives (xinetd). Of course, on a desktop system, you wouldn't have any servers, so hackers couldn't even get through the front doors. > Apples and oranges? I think not. > You see, the Linux cultists believe that Linux is so inherently secure > that it does not need a third party firewall or AV program, This is because it has the same firewall software used by companies like CISCO and NorTel without the really nice graphical user interfaces and all the fancy options required to manage 30-40 subnets. The iptables system can be used to configure multiple subnets, but the GUI for most desktop systems is oriented toward your typical NAT scenarios. Most Linux distributions also include an antivirus. This is only needed if you plan to share your file space with two or more Windows users, since one could have an infection that gets stored on your share, then the other person could pick up the infected file. > see above > ("No, it would not need AV. No OS should need AV if written > properly"). But I say that Windows, with the requisite security, > would be SAFER than Linux. If you mean by requisite security, things like: ActiveX disabled Signed Java Applets disabled. DHCP disabled IPPNP disabled Only RSA and THAWTE as trusted Certificate Authorities (Not Microsoft). Better yet, only a corporate CA is trusted by employee systems. Certificate Age checking enabled. All inbound ports blocked software updates supplied by corporate server rather than Microsoft (so they can be tested first) Each update must be approved by corporate IT management then by end user. User uses non-administrator account. User has a SEPARATE administrator account which is ONLY used for installing software and configuration updates. MS-Office macros disabled MS-Office OOXML documents and attachments automatically rejected by corporate e-mail filter. VBA disabled SQL Server Express disabled. OLE objects are restricted to only those in a specific directory. Separate read and execute permissions (oops, Windows doesn't have that). System directories are read-only to all but Administrators System DLLs are execute only to all but administrators. Limit the number of threads in a process or apartment thread to 4 or 5. Use memory management to separate code, read-only values, and read- write buffers. Have operating system automatically terminate all threads and release all resources before being allowed to exit. Use memory mapping of I/O buffers to force segmentation faults if buffer overrun is attempted. Can Windows even do all that? Windows NT, 2000, and XP couldn't, but maybe Windows 7 does. Linux does things like this, and more... MUCH more... > As evidence of this, in the last six > months the official Linux kernel org has issued two updates to the > Linux kernel to patch potential security breaches. Sure, there are lots of people who want the prestige, and even in some cases, a bounty that comes with finding a theoretical bug. Such bugs are often impossible to exploit, but because anyone who wants to review it can have access to the full source code, there have been several hundred people who have found thousands of bugs in the kernel, libraries, and various applications. Most are such things as using gets() instead of fgets() which limits the number of bytes read into the buffer. With Microsoft, there are only a hand-full of people who have access to the code, and no one person has access to all of it. That hand full of people has their hands full getting out patches for the current release and getting the next release developed. Microsoft has provided segments of the code to government agencies willing to sign a very strict non-disclosure agreement which pretty much prevents anyone involved in a review from programming anything for anyone other than that government agency, or Microsoft. > The fact that there are few Linux viruses, I maintain, is only due to > the less than 1% market share of Linux. Yet there are thousands of patches to theoretical flaws that theoretically COULD be exploited by a Virus. If you managed to get past all the security measures, could tweak memory management, and could compile your own code into the kernel and give your program root access and disable all of the protections the virus would have to get to BEFORE it got to this errant code, you MIGHT be able to be lucky enough to call a routine that lives in a predictable location. > I vote for Windows--and de facto so has 90%+ of the computing public. Actually, the computing public didn't vote at all. Windows was IMPOSED on them by corporate management, by OEMs who pre-installed Windows, and by Retailers who never put anything BUT Windows on display. And by the way, Apple captured 14% of the laptop/desktop combined market in several quarters since 2007 when Vista was released. Even today, people are willing to pay $1000 to $2800 for OS/X machines compared to $400 to $700 for technically superior hardware pre-loaded with Vista or Windows 7. Furthermore, Windows XP "downgrade" kits have become a hot new market. The last time this happened was when ME came out and people scrambled to downgrade to Windows 98. > RL > Check out this humourous link on Linux distros: > http://ibidem.homeip.net/fun/linux/ This is the very best part of the whole article Roy, Who would I need to contact to get permission to publish them on my web site? Rex Ballard http://www.open4uccess.org
From: Rex Ballard on 25 Mar 2010 17:41
On Mar 25, 8:22 am, Agent_C <agent-c-hates-s...(a)nyc.rr.com> wrote: > On Thu, 25 Mar 2010 03:32:41 -0700 (PDT), RayLopez99 > <raylope...(a)gmail.com> wrote: > >Apples and oranges? I think not. > Linux is for Hippies and Communists. Who eat healthy foods, salads, and fish, meditate, do yoga, and engage in creative activities, like theater, music, dance, and art. People who are advocates of change, who want to make a difference by enhancing the lives of others. Many of them are in their 70s and still doing all of these things. They may not live to be 100, but they will probably enjoy almost all of the time they are alive. > Real men use Windows! Real men also think that a 7 course dinner is a pizza and a six pack of beer, preferably tall ones. They eat lots of saturated fat, starch, and watch football and basketball so they can experience the memories of the days when they played in Pop Warner, Little League, or even high school, mostly just beating the daylights out of each other. Real men die of heart attacks by the time they are 55. > A_C |