Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Linux, Unix › My questions about linux
New Posts  All Forums:Forum Nav:

My questions about linux - Page 22

post #211 of 241
Quote:
Originally Posted by enorbet2 View Post

C'mon Karath we're just trying to make sure a self-professed Unix Evangelist doesn't "drink the koolaid" from trying to look TOO conciliatory. biggrin.gif Linux has better security built in. This may turn out to be even more true now that with Win10 EULA, MS can read your email and browser history AND "call home" on unsecured lines even if your entire disk is encrypted. This may get worse for anyone and everyone if Intel's embedded "UEFI on Steroids" becomes a reality.

Did someone said, Unix Evangelist? Play the Intro Music! ^^

This thread has seriously got derailed off topic some time ago, and I mean no disrespect, but I am filing it under TLD;DR. Which is why for some time I did not comment at all in here. But enorbet2 said the magic words... (no I don't have a script which obsessively monitors for mentioning of these word, why you ask? haha).

In any case. My minor minor 2Cents on security.

@thiussat
TLS for all its faults is still 100% safe... as long as you absolutely trust the server. The one attack that works on it is a timing attack that relies on forced connection time outs numbering in 65000 times for the attack to actually work. Intrusion software can detect this behavior, deem channel compromised and reissue certs, or terminate the connection etc. So if I had to trust in encryption, I still would. Even after the revelations. You have to remember that if someone can't MitM you because you are operating thru TLS they have to hijack you remotely or attempt one of the attacks that explicitly rely on misconfigured server to do a force downgrade for TLS to drop security levels to what can be easily broken. Which is where a real game begins and where remote holes become ever so important, and where a difference between a successful attack and fail attack comes down to how clean your code is and how well have you configured your systems.

@other participants
This topic is so large that there should be a separate thread dedicated to this subject. I am just beginning to learn it and man its complicated.

In my small experience, I see two major issues. Systems that are mis or not configured. Systems that are miscompiled. Miscompiled? Well when you install OpenSSL on windows, did you build it from source and checked no free lists and no heartbeat? What about all host of other crap it comes with complied into it by default that you can't turn off. In Linux and BSD you can, in OS X kinda, in Windows... not really. GCC for windows is a lot more work than anyone wants to do which than provokes more work to rebuild stuff that didn't intend for you rebuild SSL with no freelists.

This is my main gripe with failsoft and my uncomfortable feeling with macs. As much as I prefer not to build crap from source to save time, sometimes (a lot of times) its not an option I can afford, and if the system is not geared to that easily I have a problem with this system.
Phantom
(13 items)
 
Flagship
(11 items)
 
Vel'Koz
(11 items)
 
CPUMotherboardGraphicsRAM
Pentium 4 HP 3.0 GHz GA-8IG-1000-Pro-G SAPPHIRE ATI RadeOn 9600 Pro 128 MB Corsair VS512MB400 x 2 = 1024 Mb duel channel 
Hard DriveOptical DriveOSMonitor
Western Digital 120 GB SONY CD-RW CRX320E Windows XP MAG LCD 17' 
KeyboardPowerCaseMouse
Logisys InWin PowerMan 350W Phantom ( power suply was replaced ) Logitech Optical mouse 
CPUMotherboardGraphicsRAM
AMD FX-8350  Gigabyte GA‑990FXA‑UD5 Nvidia crucial ballistix tactical 
Hard DriveHard DriveOptical DriveCooling
Seagate Barracuda ST1000DM003 western digital red CD Combo Drive cooler master hyper 212 evo 
OSPowerCase
FreeBSD 10.2 COUGAR A-Series A560 Rosewill REDBONE Mid tower 
CPUMotherboardGraphicsRAM
AMD Athlon 5350 Kabini Quad-Core 2.05 GHz Biostar AM1MHP EVGA GeForce GT 730 LP Low Profile Graphics Car... 4gb corsair vengeance 1600mhz ddr3 
Hard DriveCoolingOSKeyboard
ADATA Premier SP550 64GB ARCTIC Alpine M1 FreeBSD 10.2 Iogear Multimedia GKM561R Wireless 2.4 GHz Keyb... 
PowerCaseMouse Pad
SeaSonic SS‑400ET DIYPC DIY-F2-P Integral Trackball 
  hide details  
Reply
Phantom
(13 items)
 
Flagship
(11 items)
 
Vel'Koz
(11 items)
 
CPUMotherboardGraphicsRAM
Pentium 4 HP 3.0 GHz GA-8IG-1000-Pro-G SAPPHIRE ATI RadeOn 9600 Pro 128 MB Corsair VS512MB400 x 2 = 1024 Mb duel channel 
Hard DriveOptical DriveOSMonitor
Western Digital 120 GB SONY CD-RW CRX320E Windows XP MAG LCD 17' 
KeyboardPowerCaseMouse
Logisys InWin PowerMan 350W Phantom ( power suply was replaced ) Logitech Optical mouse 
CPUMotherboardGraphicsRAM
AMD FX-8350  Gigabyte GA‑990FXA‑UD5 Nvidia crucial ballistix tactical 
Hard DriveHard DriveOptical DriveCooling
Seagate Barracuda ST1000DM003 western digital red CD Combo Drive cooler master hyper 212 evo 
OSPowerCase
FreeBSD 10.2 COUGAR A-Series A560 Rosewill REDBONE Mid tower 
CPUMotherboardGraphicsRAM
AMD Athlon 5350 Kabini Quad-Core 2.05 GHz Biostar AM1MHP EVGA GeForce GT 730 LP Low Profile Graphics Car... 4gb corsair vengeance 1600mhz ddr3 
Hard DriveCoolingOSKeyboard
ADATA Premier SP550 64GB ARCTIC Alpine M1 FreeBSD 10.2 Iogear Multimedia GKM561R Wireless 2.4 GHz Keyb... 
PowerCaseMouse Pad
SeaSonic SS‑400ET DIYPC DIY-F2-P Integral Trackball 
  hide details  
Reply
post #212 of 241
Quote:
Originally Posted by KarathKasun View Post

I pretty much agree with you there, and that's why most consumers use Windows. They are too lazy to RTFM, They just want it to work. Linux needs an idiotproof distro, its not there yet.

Actually there are a few "idiotproof distros" out now and for a few years. One such is by Teliken, but there are several. They all have one thing in common - they are a locked down Linux. They are basically a Web Appliance since the "owner" gets all the most common software already installed and configured and nobody but the manufacturer has permissions to install anything, even an upgrade. These are commonly called Grandma's PCs because they have Office apps, a web browser, video chat, mail, photo editing, etc... all the basic things such limited use requires. All binaries are read-only. There is no root account except that of the manufacturer. I think this concept qualifies as eminently idiotproof and notice.....they didn't use Windows.
Edited by enorbet2 - 6/15/16 at 12:38pm
NewMain
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5 - 3550 Asrock Z77 Extreme4 Evga GTX 1070Ti  4x2GB Corsair Vengeance 
Hard DriveOptical DriveCoolingOS
Seagate SATA 2TB x 2  Plextor PX-891SAW CM-Hyper N520 Slackware 14.2 MultiLib, Slackware 14.0 32 bit,... 
MonitorKeyboardPowerCase
32" Vizio HDTV + DLP Logitech Wireless Corsair HX-850 Antec Sonata I 
MouseMouse PadAudioOther
Razer DeathAdder 2013 dual ESI Juli@ CoolGear ExtSata Enclosure w/ Optical and 3TB S... 
  hide details  
Reply
NewMain
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5 - 3550 Asrock Z77 Extreme4 Evga GTX 1070Ti  4x2GB Corsair Vengeance 
Hard DriveOptical DriveCoolingOS
Seagate SATA 2TB x 2  Plextor PX-891SAW CM-Hyper N520 Slackware 14.2 MultiLib, Slackware 14.0 32 bit,... 
MonitorKeyboardPowerCase
32" Vizio HDTV + DLP Logitech Wireless Corsair HX-850 Antec Sonata I 
MouseMouse PadAudioOther
Razer DeathAdder 2013 dual ESI Juli@ CoolGear ExtSata Enclosure w/ Optical and 3TB S... 
  hide details  
Reply
post #213 of 241
Quote:
Originally Posted by MrKoala View Post

Why do they get the infection in the first place? Social engineering or genuine software vulnerability?

If your clients get infected because they clicked on the latest and greatest free movie downloader or make-money-at-home client, don't be surprised when they come to you because what they click on no longer work.

I'm rarely surprised. Certainly a great deal of these issues come from "TLDR.... Scroll Down.... click 'Accept'" and so on. This mental state has been created almost entirely by Microsoft and maybe a little by AOL. The business model worked so well it has since been widely and wildly adopted by most proprietary coders. However this does not at all speak to the realm of permissions and what is even possible. on can drive a Jeep on the ocean floor, but only if it has electrical protection and a snorkel.

What is allowed and what is not allowed in any OpSys depends on design and the code that supports it. Example - unless a Linux user installs Wine, inserting an .exe, .com, or .bat is absolutely useless. It/they cannot execute. Inserting java, php, .sh might IF the actions it calls are allowed at that permission level. Proprietary systems, driven by money, make many allowances so that prospective users/buyers don't have to think or know anything beyond, "Oooh! Shiny! I want that!". This constitutes a design criteria all too common in Mac and Windows and one that barely exists in Linux as well as Linux users, although the advent of so-called "user-friendly" distros may diminish that difference.
NewMain
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5 - 3550 Asrock Z77 Extreme4 Evga GTX 1070Ti  4x2GB Corsair Vengeance 
Hard DriveOptical DriveCoolingOS
Seagate SATA 2TB x 2  Plextor PX-891SAW CM-Hyper N520 Slackware 14.2 MultiLib, Slackware 14.0 32 bit,... 
MonitorKeyboardPowerCase
32" Vizio HDTV + DLP Logitech Wireless Corsair HX-850 Antec Sonata I 
MouseMouse PadAudioOther
Razer DeathAdder 2013 dual ESI Juli@ CoolGear ExtSata Enclosure w/ Optical and 3TB S... 
  hide details  
Reply
NewMain
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5 - 3550 Asrock Z77 Extreme4 Evga GTX 1070Ti  4x2GB Corsair Vengeance 
Hard DriveOptical DriveCoolingOS
Seagate SATA 2TB x 2  Plextor PX-891SAW CM-Hyper N520 Slackware 14.2 MultiLib, Slackware 14.0 32 bit,... 
MonitorKeyboardPowerCase
32" Vizio HDTV + DLP Logitech Wireless Corsair HX-850 Antec Sonata I 
MouseMouse PadAudioOther
Razer DeathAdder 2013 dual ESI Juli@ CoolGear ExtSata Enclosure w/ Optical and 3TB S... 
  hide details  
Reply
post #214 of 241
Yep. The malicious exe/bat won't run. But chances are your client actually want them to run, and when they don't the unhappy client will blame you.

I'm not saying what you plan to do is necessarily bad. I can certainly see a lot of users end up being happier this way. For legitimate simple use cases, you set up the necessary apps, tell them a bit about where to click and it's good. But there will always be a group of people with the "download - double click - click every next until it runs" mentality. When those people come back to you it will consume your time/effort. Are you sure you're willing to let that happen? Is this really better than what you have to deal with right now running Windows?

The same applies to anything that's not Windows X86, be it Mac, BSD, Android, ChromeOS, Windows ARM or some other desktop environment.
Edited by MrKoala - 6/15/16 at 1:26pm
post #215 of 241
Quote:
Originally Posted by KarathKasun View Post

Linux security depends wholly on the distribution. Windows is Windows, Linux OTOH is not just Linux. Some distros don't hold your hand where security or anything else is involved.


If a Linux newbie just does a from scratch install as is possible with Debian, Slack, Arch, or many others... They may end up with inferior security OOTB.
Actually that is not too uncommon, but they are saved by obscurity. I love the Unix based OS's, but in modern systems, the difference in security is not what it once was. It mainly comes down to app security flaws and bad user practices in the real world.

My title was one of the predefined ones from way back. My main draw to Unix and Linux is the ease of stripping it down for higher performance in the specific role the PC will be serving. Which is only tangentially related to security.

I can't speak for Arch since I haven't run it in 2 years and especially not for Debian as I haven't run it in over 5 years, although some Debian derivatives I did spend a lot of time on a little over a year ago. Still I was just testing them out... thoroughly but just a test although I did utilize iptables on them. That said, I don't think Slack is in the same category at least in my limited experience of other distros.. Slack is the only distro I have seen that asks during install what default services you want to run. If you skip over that section you will have effectively limited a great deal of vulnerability as well as some function. If you're learned you will run ONLY what you need and have the best of both worlds and can further increase security by learning what you need to know.

Some distros, by contrast, allow a great many default services to run without ever asking you and the users of such distros often never even realize it is an issue they should know something about. Arch does this only a little in my experience and Debian a little more. Ubuntu and most of it's derivatives are very close to a Mac business model in this by "not bothering" users with "trivial" nuts and bolts .

Bottom Line - Slackware is NOT in that category nor is it apparently very attractive to most "newbies" although it was to me some 16 years ago and still obviously is today./ Yes Security through Obscurity does exist and to some extent works but I should hope this tangent on this thread has showed you that is by no means the only or even "the Big" Picture.

Yes Windows has improved from XP days but it still is not a contender for security on Linux's scale. If you still doubt this after the last 3 pages or so of this thread, then perhaps expand your research and really think about it. It''s just a provable fact, Bro.
NewMain
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5 - 3550 Asrock Z77 Extreme4 Evga GTX 1070Ti  4x2GB Corsair Vengeance 
Hard DriveOptical DriveCoolingOS
Seagate SATA 2TB x 2  Plextor PX-891SAW CM-Hyper N520 Slackware 14.2 MultiLib, Slackware 14.0 32 bit,... 
MonitorKeyboardPowerCase
32" Vizio HDTV + DLP Logitech Wireless Corsair HX-850 Antec Sonata I 
MouseMouse PadAudioOther
Razer DeathAdder 2013 dual ESI Juli@ CoolGear ExtSata Enclosure w/ Optical and 3TB S... 
  hide details  
Reply
NewMain
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5 - 3550 Asrock Z77 Extreme4 Evga GTX 1070Ti  4x2GB Corsair Vengeance 
Hard DriveOptical DriveCoolingOS
Seagate SATA 2TB x 2  Plextor PX-891SAW CM-Hyper N520 Slackware 14.2 MultiLib, Slackware 14.0 32 bit,... 
MonitorKeyboardPowerCase
32" Vizio HDTV + DLP Logitech Wireless Corsair HX-850 Antec Sonata I 
MouseMouse PadAudioOther
Razer DeathAdder 2013 dual ESI Juli@ CoolGear ExtSata Enclosure w/ Optical and 3TB S... 
  hide details  
Reply
post #216 of 241
All I see on the last three pages are opinions regarding security at best. Do you have actual security statistics to back all of that opinion up? Can you post security stats on default Linux distro security vulnerabilities, or will you just pull up the best and most convenient example available to you?

Perhaps the most likely explanation it that it is just how you feel?

You cant just say, "Linux on the whole is more secure than Windows" because Linux is just the kernel. The user space applications and system configuration are left to the individual distributions. Windows is a kernel, userspace apps, and a collection of services. However, You may be able to say, "Slackware is more secure than Windows" with intellectual honesty. But you don't, you claim that one distro is equivalent to "Linux" when you could not be further from the truth.

This also plays into the "security through obscurity" model. With so many operating systems based on the Linux kernel, one vector of attack will likely not work on all of them. Especially considering that not all of them use the same versions of the kernel or userland apps, or even the same userland apps period. This is quite literally the definition of security through obscurity or obfuscation. Because of this, Linux worms/malware target specific popular distros or specific userland software that is universal.

Getting root on a Linux machine can be trivial if you have another computer on the same network. I demonstrated this to a college professor much to their dismay. It is even easier if you have access to the hardware or a local "user" level login (or a live USB stick, as you can usually get these to boot. Many places don't secure the bootloader or BIOS). The same can be done with Windows, arguably Win 7 makes it very easy if you know how to abuse the startup recovery option, though this is not an option if you are time constrained as it can take 45 minutes.
μRyzen
(12 items)
 
Mini Box
(4 items)
 
 
CPUMotherboardGraphicsRAM
Ryzen R5 1400 MSI B350M Gaming Pro Zotac GTX 670 4GB G.SKILL FORTIS Series 8GB (2 x 4GB) 
Hard DriveCoolingOSOS
WD Green 3tb Wraith Stealth Windows 10 Debian 8.7 
MonitorKeyboardPowerMouse
ViewSonic VX-2257-8 Chinese backlit mechanical Kingwin 850w Chinese laser optical 
CPUMotherboardGraphicsRAM
Athlon 5350 Asus AM1I-A EVGA GTX 750 Ti SC 2x4GB DDR 3 1333 
  hide details  
Reply
μRyzen
(12 items)
 
Mini Box
(4 items)
 
 
CPUMotherboardGraphicsRAM
Ryzen R5 1400 MSI B350M Gaming Pro Zotac GTX 670 4GB G.SKILL FORTIS Series 8GB (2 x 4GB) 
Hard DriveCoolingOSOS
WD Green 3tb Wraith Stealth Windows 10 Debian 8.7 
MonitorKeyboardPowerMouse
ViewSonic VX-2257-8 Chinese backlit mechanical Kingwin 850w Chinese laser optical 
CPUMotherboardGraphicsRAM
Athlon 5350 Asus AM1I-A EVGA GTX 750 Ti SC 2x4GB DDR 3 1333 
  hide details  
Reply
post #217 of 241
Quote:
Originally Posted by KarathKasun View Post

All I see on the last three pages are opinions regarding security at best. Do you have actual security statistics to back all of that opinion up? Can you post security stats on default Linux distro security vulnerabilities, or will you just pull up the best and most convenient example available to you?

Perhaps the most likely explanation it that it is just how you feel?

You cant just say, "Linux on the whole is more secure than Windows" because Linux is just the kernel. The user space applications and system configuration are left to the individual distributions. Windows is a kernel, userspace apps, and a collection of services. However, You may be able to say, "Slackware is more secure than Windows" with intellectual honesty. But you don't, you claim that one distro is equivalent to "Linux" when you could not be further from the truth.

This also plays into the "security through obscurity" model. With so many operating systems based on the Linux kernel, one vector of attack will likely not work on all of them. Especially considering that not all of them use the same versions of the kernel or userland apps, or even the same userland apps period. This is quite literally the definition of security through obscurity or obfuscation. Because of this, Linux worms/malware target specific popular distros or specific userland software that is universal.

Getting root on a Linux machine can be trivial if you have another computer on the same network. I demonstrated this to a college professor much to their dismay. It is even easier if you have access to the hardware or a local "user" level login (or a live USB stick, as you can usually get these to boot. Many places don't secure the bootloader or BIOS). The same can be done with Windows, arguably Win 7 makes it very easy if you know how to abuse the startup recovery option, though this is not an option if you are time constrained as it can take 45 minutes.

Now who is being pedantic? I see examples being given as to why Linux, in general, and especially the more Admin oriented distros, is by design and legacy more secure by default than Windows. Regarding my comments about distros, my preceding post was the entire time about Slackware NOT being as promiscuous as some other distros, notably Ubuntu, yet you castigate me for making no differentiation. What the actual f.....?

Whether at home or at work, just what percentage of networks contain someone "out to get root" on your box? This is basically a non-issue, a Straw Man Argument, and therefore useless and deceptive. After all this and so many pro websites discrediting the "Security Through Obscurity ONLY" Myth you still rave on about that non-issue as well.

I suggest you remove "Unix Evangelist" from your profile/avatar because if anything you seem an MS shill either that or some script kiddie that tried out Kali and had to go back to Windows and now believes everyone should.

Oh yeah, even though searching for "Security - Linux vs Windows" reveals many similar hits from all levels, as commonplace as PC World or this one from ITPro, it isn't how I feel. it is how pros analyze the facts. See for yourself

ITPro on Linux Security .

There is no shame in making a mistake or being new or wrong but there is considerable shame in staying wrong/new/mistaken when the preponderance of evidence stares one in the face. If all one does is defend sacred cows, spouting the same tired mantras, one cannot grow and improve. So let's just see which of us is which. Show me some objective, professionally fact-based evidence that Linux is less secure than Windows let alone that Windows is just as secure. Privileges alone should dispel that mistake.
NewMain
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5 - 3550 Asrock Z77 Extreme4 Evga GTX 1070Ti  4x2GB Corsair Vengeance 
Hard DriveOptical DriveCoolingOS
Seagate SATA 2TB x 2  Plextor PX-891SAW CM-Hyper N520 Slackware 14.2 MultiLib, Slackware 14.0 32 bit,... 
MonitorKeyboardPowerCase
32" Vizio HDTV + DLP Logitech Wireless Corsair HX-850 Antec Sonata I 
MouseMouse PadAudioOther
Razer DeathAdder 2013 dual ESI Juli@ CoolGear ExtSata Enclosure w/ Optical and 3TB S... 
  hide details  
Reply
NewMain
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5 - 3550 Asrock Z77 Extreme4 Evga GTX 1070Ti  4x2GB Corsair Vengeance 
Hard DriveOptical DriveCoolingOS
Seagate SATA 2TB x 2  Plextor PX-891SAW CM-Hyper N520 Slackware 14.2 MultiLib, Slackware 14.0 32 bit,... 
MonitorKeyboardPowerCase
32" Vizio HDTV + DLP Logitech Wireless Corsair HX-850 Antec Sonata I 
MouseMouse PadAudioOther
Razer DeathAdder 2013 dual ESI Juli@ CoolGear ExtSata Enclosure w/ Optical and 3TB S... 
  hide details  
Reply
post #218 of 241
Ok, so its your feeling. Gotchya.
Quote:
Whether at home or at work, just what percentage of networks contain someone "out to get root" on your box? This is basically a non-issue, a Straw Man Argument, and therefore useless and deceptive. After all this and so many pro websites discrediting the "Security Through Obscurity ONLY" Myth you still rave on about that non-issue as well.

If I can get root access with a standard user account form the terminal itself or on the LAN via kernel or permission exploits, why would a script not be able to do the same in disguise as a legit app? Are you that ignorant? All it takes is one infection on the network and, viola, you have someone on your local network "out for root".

I would LOVE to see where I said "security through obscurity ONLY". I said that it plays a large part, not the whole part. I wonder how all these Linux backed websites get hacked so often if their security is so tight. Maybe you should look at server sector reported successful attacks by OS. There is only a marginal difference in total overall security between Windows and most Linux distros on a proper network. Give me the time to enforce proper permissions on a Windows box and it can be pretty close to what you find in Linux.

You can WP pretty much everything on the drive at an account level except the user reg keys and operate on an application whitelist policy. That is miles better than most Linux implementations I have seen out of the box. Oh and the registry is NOT a monolithic "one key all locks" system, Its actually a tiered structure complete with permissions and separate stores for each hive. Perhaps you are just unfamiliar with how to secure Windows?

Unix Evangelist does not mean that I accept the "common knowledge" that is not true. I don't push for Unix/Linux adoption for security, I push it because it can be fine tuned to pretty much any specific need. Regardless of this want for all systems to be Unix based, that is an impossibility in the real world. So I know both systems, because that is what my clients need.

***addendum***

Going to copyspag that article for clarity...
Quote:
Security is a cornerstone of the Linux OS, and one of the principal reasons for its popularity among the IT community. This reputation is well deserved, and stems from a number of contributing factors.

(#1)One of the most effective ways Linux secures its systems is through privileges. Linux does not grant full administrator – or ‘root’ - access to user accounts by default, whereas Windows does. Instead, accounts are usually lower-level, and have no privileges within the wider system.

(#2)This means that when a virus gets in, the damage it can do is limited, and restricted mainly to files and folders on the individual machine. This can be greatly beneficial from a damage control standpoint, since it’s far easier to simply replace one machine than scour the entire network for malware traces.

(#3)There’s also the fact that open source code such as Linux software is generally thought to be more secure and better maintained, due to the amount of people scanning it for flaws. Similar to the ‘infinite monkeys’ principal, ‘Linus’ Law’ (named after Torvalds), states that “given enough eyeballs, all bugs are shallow”.

(#4)Possibly most important, however, is the issue of compatibility. As we mentioned earlier, virtually all software is written for Windows, and this also applies to malware.

(#5)Given that the number of Windows machines in the world vastly outnumbers the number of Linux ones, cyber attacks targeting Microsoft’s OS are much more likely to succeed, and therefore much more worthwhile prospects for threat actors.

(#6)This isn’t to say that Linux machines are totally immune from being targeted, of course, but statistically, you’re probably safer than with Windows, provided you stick to best practice.

#1 Windows has these features too. This was only an advantage in the 9X days. Oh wait, NT4 (Business/network version of 95) had a full blown Sys-V style permission system.
#2 Both can be locked down pretty tight in the case of clients
#3 Opinion
#4 Security through obscurity
#5 Security through obscurity
#6 Linux still requires good user behavior for security to even work, and security through obscurity

So, where is this groundbreaking security advantage I'm supposed to see there?
Stop being intellectually dishonest, or learn how to sysadmin.
Edited by KarathKasun - 6/16/16 at 2:11am
μRyzen
(12 items)
 
Mini Box
(4 items)
 
 
CPUMotherboardGraphicsRAM
Ryzen R5 1400 MSI B350M Gaming Pro Zotac GTX 670 4GB G.SKILL FORTIS Series 8GB (2 x 4GB) 
Hard DriveCoolingOSOS
WD Green 3tb Wraith Stealth Windows 10 Debian 8.7 
MonitorKeyboardPowerMouse
ViewSonic VX-2257-8 Chinese backlit mechanical Kingwin 850w Chinese laser optical 
CPUMotherboardGraphicsRAM
Athlon 5350 Asus AM1I-A EVGA GTX 750 Ti SC 2x4GB DDR 3 1333 
  hide details  
Reply
μRyzen
(12 items)
 
Mini Box
(4 items)
 
 
CPUMotherboardGraphicsRAM
Ryzen R5 1400 MSI B350M Gaming Pro Zotac GTX 670 4GB G.SKILL FORTIS Series 8GB (2 x 4GB) 
Hard DriveCoolingOSOS
WD Green 3tb Wraith Stealth Windows 10 Debian 8.7 
MonitorKeyboardPowerMouse
ViewSonic VX-2257-8 Chinese backlit mechanical Kingwin 850w Chinese laser optical 
CPUMotherboardGraphicsRAM
Athlon 5350 Asus AM1I-A EVGA GTX 750 Ti SC 2x4GB DDR 3 1333 
  hide details  
Reply
post #219 of 241
Quote:
Originally Posted by enorbet2 View Post

I suggest you remove "Unix Evangelist" from your profile/avatar because if anything you seem an MS shill either that or some script kiddie that tried out Kali and had to go back to Windows and now believes everyone should.

I don't think his position is incongruous with the title UNIX Evangelist. Functionally, Windows is closer to UNIX-style development than Linux is. Both UNIX and Windows offer a fully-functional OS with first-party support versus Linux which is just the kernel, not very functional without a number of third-party tools supporting it.

Having said that, Windows fails at security at the most base, fundamental level which is the question of trust. The best security model is no-trust (i.e. public source code), followed by whether or not you trust the vendor to keep you safe. The ship full of any vestigial reason we might have once had to trust MS has sailed. It's fact that this is a publicly-owned corporation. It's fact that they turned their OS's update mechanism into malware. It's fact that their profit-motive is now entirely detached from most of their userbase ever since they made the decision to make the OS "free". Now there is no way out for the customer, they are paying for it either way so MS is free to do whatever they want and the user has no means of withholding payment in protest.

So yeah, as a Windows user I think it has pretty good security defaults overall, but I can't imagine any acceptable counter-argument in support of Windows security in light of this whole Win 10 fiasco.
Black & Green
(12 items)
 
Dev Box
(7 items)
 
 
CPUMotherboardGraphicsRAM
Phenom II X6 1090T ASRock 970 Extreme3 Gigabyte GTX 750 Ti mushkin Blackline PC-12800 DDR3 
Hard DriveCoolingOSMonitor
Samsung 850 EVO Cooler Master Hyper 212 EVO Debian -nosystemd- LG Flatron 
KeyboardPowerMouseAudio
MechanicalEagle Z-77 Corsair CS650M Kinzu V2 Pro Asus Xonar Essence STX 
CPUMotherboardRAMHard Drive
Core2 Duo E7400 Asus P5Q Hyper-X  Sandisk 
OSPower
Fedora 22 Thermaltake 650W 
  hide details  
Reply
Black & Green
(12 items)
 
Dev Box
(7 items)
 
 
CPUMotherboardGraphicsRAM
Phenom II X6 1090T ASRock 970 Extreme3 Gigabyte GTX 750 Ti mushkin Blackline PC-12800 DDR3 
Hard DriveCoolingOSMonitor
Samsung 850 EVO Cooler Master Hyper 212 EVO Debian -nosystemd- LG Flatron 
KeyboardPowerMouseAudio
MechanicalEagle Z-77 Corsair CS650M Kinzu V2 Pro Asus Xonar Essence STX 
CPUMotherboardRAMHard Drive
Core2 Duo E7400 Asus P5Q Hyper-X  Sandisk 
OSPower
Fedora 22 Thermaltake 650W 
  hide details  
Reply
post #220 of 241
There are distros in the Linux world that do similar things. Some Android flavors are pretty intrusive.

And yeah, Ive used it all...

HP-UX
AIX
Solaris
IRIX

Most Linux distributions pale in comparison to some of those. Some of them were DoD vetted back in the day before they died off.

MS never held trust in that sense, regardless I can see the reasoning for the forced updates in the Windows "home" ecosystem. However, it does not sit right that the Pro version only gets to delay updates though. Other than that it very much meets my expectations for an old tech company trying to roll out a comprehensive update system. They are just not fast enough in responding to issues and try to leverage their market position like its the 90's again. Not healthy for a company, but they could have done worse.

They could be like the mid 90's NEXT computing. rolleyes.gif

Honestly, I see Windows as a service being the proper long term solution. Its simply moving IT and consulting into the OS creators ranks. Nobody died when Red Hat did this, granted they sold the IT services with the OS being the free part, not the other way around.
Edited by KarathKasun - 6/16/16 at 8:56am
μRyzen
(12 items)
 
Mini Box
(4 items)
 
 
CPUMotherboardGraphicsRAM
Ryzen R5 1400 MSI B350M Gaming Pro Zotac GTX 670 4GB G.SKILL FORTIS Series 8GB (2 x 4GB) 
Hard DriveCoolingOSOS
WD Green 3tb Wraith Stealth Windows 10 Debian 8.7 
MonitorKeyboardPowerMouse
ViewSonic VX-2257-8 Chinese backlit mechanical Kingwin 850w Chinese laser optical 
CPUMotherboardGraphicsRAM
Athlon 5350 Asus AM1I-A EVGA GTX 750 Ti SC 2x4GB DDR 3 1333 
  hide details  
Reply
μRyzen
(12 items)
 
Mini Box
(4 items)
 
 
CPUMotherboardGraphicsRAM
Ryzen R5 1400 MSI B350M Gaming Pro Zotac GTX 670 4GB G.SKILL FORTIS Series 8GB (2 x 4GB) 
Hard DriveCoolingOSOS
WD Green 3tb Wraith Stealth Windows 10 Debian 8.7 
MonitorKeyboardPowerMouse
ViewSonic VX-2257-8 Chinese backlit mechanical Kingwin 850w Chinese laser optical 
CPUMotherboardGraphicsRAM
Athlon 5350 Asus AM1I-A EVGA GTX 750 Ti SC 2x4GB DDR 3 1333 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Linux, Unix
Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Linux, Unix › My questions about linux