[Buka The Earthworm]

The Ubuntu site claims that Ubuntu is really safe and that it never gets viruses or malware and other crap like that. How true is that? Just how safe is Ubuntu from that?

What about the Apple OS? Is it safer than Windows and Ubuntu?

 

[z3r0_k00l75]

Basically what it boils down to is 1) Virus' are written to target specific OS's. From a hacker's point of view it makes more sense to target the millions of Windows machines. 2) Yes there are getting to be more virus and trojans and rootkits written to attack OSX as well, but still not as much as windows. 3) Recently there has been more and more reports of virus' and the like being written for Android which when you boil it down is Linux based. The more popular the operating system, the more people will try to find exploits for it. If only 3 people in the world use a specific OS then it is hardly worth it to spend the time to write a virus for it.
Open source has one great benefit, bwing that the code is open for anyone to look at. Meaning that anyone can take a look, find a security flaw and fix that flaw whenever they want to. You just don't have that in Windows or OSX.
From a strictly professional point of view I see it as being something we in the business call PEBCAK - problem exists between chair and keyboard. If you use good security habits you will be fine. If not....

 

[Shadowrunner340]

There ARE viruses for Linux, but there's far less than there are for Windows. The way Linux is set up, it's harder to program a virus for it. Apple has more than Linux, but still less than Windows.

It kind of depends on how you define secure. There's no security method that can't be circumvented, but Windows and Mac have a larger market share than Linux, which means hackers will focus more on those. If Linux had the market share that Windows does, there would be far more viruses for Linux than there are now. Not as many that Windows has, because of the security in Linux, but still.

 

[OwnedINC]

Why are so many people on OCN so worried about this stuff.

And what z3r0 said.

 

[Cloudforever]

You have to think about this one lol.
Ubuntu:
Can you manipulate anything in ubuntu? Yes.
Is it hackable? Yes.
Could I randomly write a virus just for you? Yes.

Windows:
Are you safer? Yes. *safer than others*
Is it prefered than most? Yes.

Apple:

dont do it
dont do it
dont do it
dont do it you will regret it

Lol its not a good idea, most things are not compatible either with others besides windows. Unless you can find the driver for them.

Just dont surf to random sites such as.... Pr0n or sites that you are not familiar like frostwire type stuff and you'll be oke! Or download anything free or free Anti viruses cause they mainly dont work! THEN you'll be oke

 

[That Guy]

The real question is: Can you be trusted to use a computer without getting it infected, or not?

 

[Cloudforever]

Quote:

The real question is: Can you be trusted to use a computer without getting it infected, or not?

+1 to this

 

[Shrak]

Linux in nature is safer. Need elevated privelages to do anything regarding system files. Windows tried to copy that by implementing the UAC, which failed miserably as it was completely intrusive, and most people turned it off because it was so annoying. And also, there are much much less viruses written for it since the userbase is so small. In fact there was a recent bug in one of sudo's files that could be abused and used to elevate your user privelages. But the good thing about most Linux distro's is they fix these bugs almost as instantly as they are found.

But I also agree with the above. A dumb user on any OS can bring down any system. Just be smart about what you do and use common sense. And while there are more viruses for Windows, if you're smart about what you're doing you really don't need an anti-virus program. It's really hard to get viruses unless you're being a complete idiot.

 

[Plan9]

Quote:

Originally Posted by Buka The Earthworm

The Ubuntu site claims that Ubuntu is really safe and that it never gets viruses or malware and other crap like that. How true is that? Just how safe is Ubuntu from that?
What about the Apple OS? Is it safer than Windows and Ubuntu?

Safer against malware, yes. Safer against hacking, not really.
Quote:

Originally Posted by Shadowrunner340

There ARE viruses for Linux,

No there aren't - at least not in the wild. There's malware for Linux but not all malware are viruses.

Linux does have a few key defences against malware that Windows does not:

• executables are not defined by extension: which means you can't get tricked into running "steal ur dataz.vbs" on Linux like you could on Windows. In Linux, you need to expressly define an executable via a file permission (much like readonly, etc permissions)
• programs are generally installed from trusted sources: ie the old "google the application you want and be smart enough to avoid the dodgy sites" vs "install from a trusted repository". Obviously this isn't a flawless solution as package maintainers can push dodgy code downstream (as has happened on Ubuntu before). But it certainly does significantly reduce the chance of nabbing dodgy executables
• lower market share means less attractive target: specifically I mean drive by download attacked (aka booby trapped sites which secretly download and install dodgy programs to the PC). Linux is a bigger target for attacks against web servers. Web servers are usually attacked to either server booby trapped content on apparently harmless sites (eg when mysql.com got hacked) or because crackers are trying to harvest company data (usually e-mail addresses, passwords and bank details. Sometimes they want something more personal to the business -source code, e-mails, etc- which means the web server is just used as web-facing node to penetrate the corporate network)

In terms of desktop usage, a desktop is only as stable as the idiot behind the monitor. If you find a very special idiot, then not even Slackware would survive. However if the user has some smarts about them, then even XP can be stable and secured.

 

[mushroomboy]

less user base = less viri written due to less targets so it equals to a smaller "impact". if you know what I just said then you understand the demographics of computer viruses. With that said and done, yes it's safer but only for 2 reasons. 1) less people use it... 2) we don't have ACLs as default so it's either you can mod the system or you can't. The best advice is to set up a separate "admin" (root) with an advanced password and use sudo (with a decent/advanced pass) to install/modify anything. That way a standard user process can't go rouge and make system changes.

 

[Plan9]

Quote:

Originally Posted by mushroomboy

less user base = less viri written due to less targets so it equals to a smaller "impact". if you know what I just said then you understand the demographics of computer viruses. With that said and done, yes it's safer but only for 2 reasons. 1) less people use it... 2) we don't have ACLs as default so it's either you can mod the system or you can't. The best advice is to set up a separate "admin" (root) with an advanced password and use sudo (with a decent/advanced pass) to install/modify anything. That way a standard user process can't go rouge and make system changes.

Technically the plural for virus is viruses.

Also Linux does have native / included ACLs of sorts - it just functions very differently to Windows. So that's really got nothing to do with the security of Linux. What has a bigger play is the points I raised above.

 

[mushroomboy]

Quote:

Originally Posted by Plan9

Technically the plural for virus is viruses.
Also Linux does have native / included ACLs of sorts - it just functions very differently to Windows. So that's really got nothing to do with the security of Linux. What has a bigger play is the points I raised above.

Yeah I know, it's called a typo, if you look I do use the word.

Depends on the linux distribution. Debian doesn't come with any form of ACLs, neither does Ubuntu, Slackware, or Gentoo. i know some of the business oriented ones do, but generally linux doesn't ship with ACLs in mind.

 

[Plan9]

Quote:

Originally Posted by mushroomboy

Yeah I know, it's called a typo, if you look I do use the word.

So you did. My apologies

Quote:

Originally Posted by mushroomboy

Depends on the linux distribution. Debian doesn't come with any form of ACLs, neither does Ubuntu, Slackware, or Gentoo. i know some of the business oriented ones do, but generally linux doesn't ship with ACLs in mind.

Actually all Linux distros ship it. Even just user groups are a basic form of ACLs as you can assign more than one group per user and then set individual permissions per group thus affecting all users with that group attached (in fact, this is the best method of managing shell logins: sticking AllowedGoups ssh_users in your sshd_config file and then attaching the users you want to give SSH access to ssh_users group).

There's also advanced permissions that can be set with commands, such as setfacl (which Ubuntu does support - as proven by this man page:
http://manpages.ubuntu.com/manpages/gutsy/man1/setfacl.1.html )

What desktop distros don't ship is networked ACLs. But then Windows Home OSs don't ship with Active Directory either. However install SLES or Windows Server and you'd expect to see LDAP / AD available.

 

[mushroomboy]

Quote:

Originally Posted by Plan9

So you did. My apologies

Actually all Linux distros ship it. Even just user groups are a basic form of ACLs as you can assign more than one group per user and then set individual permissions per group thus affecting all users with that group attached (in fact, this is the best method of managing shell logins: sticking AllowedGoups ssh_users in your sshd_config file and then attaching the users you want to give SSH access to ssh_users group).
There's also advanced permissions that can be set with commands, such as setfacl (which Ubuntu does support - as proven by this man page:
http://manpages.ubuntu.com/manpages/gutsy/man1/setfacl.1.html )
What desktop distros don't ship is networked ACLs. But then Windows Home OSs don't ship with Active Directory either. However install SLES or Windows Server and you'd expect to see LDAP / AD available.

Traditionally groups aren't talked about as an ACL, You would be better off saying the simple user/owner/group is a minimal ACL. Groups and users are close but not an ACL. That's a separate file on the system controlling access and permissions. ACLs are to be set per file, as each file now has it's own set of user permissions.

 

[Plan9]

Quote:

Originally Posted by mushroomboy

Traditionally groups aren't talked about as an ACL, You would be better off saying the simple user/owner/group is a minimal ACL.

That's exactly what I did say! Go back and re-read my post

Quote:

Originally Posted by mushroomboy

Groups and users are close but not an ACL. That's a separate file on the system controlling access and permissions. ACLs are to be set per file, as each file now has it's own set of user permissions.

I know what ACLs are, my point was that the groups can actually work similarly to ACLs on Windows (and I even referenced an example why). given that the users and groups permissions can be configured per file and subsystem as well as controlled centrally, it does fill many ACL needs. However (and another part of my post you completely ignored), Linux does ship more fine-grained control - and I had even included a man page which you also conveniently ignored.

I will say that ACLs on Linux are not as simple to just pick up and use as they are on Windows. But then no server administration on Linux is. However that doesn't mean that the controls are not there.

 

[mushroomboy]

Quote:

Originally Posted by Plan9

That's exactly what I did say! Go back and re-read my post

I know what ACLs are, my point was that the groups can actually work similarly to ACLs on Windows (and I even referenced an example why). given that the users and groups permissions can be configured per file and subsystem as well as controlled centrally, it does fill many ACL needs. However (and another part of my post you completely ignored), Linux does ship more fine-grained control - and I had even included a man page which you also conveniently ignored.
I will say that ACLs on Linux are not as simple to just pick up and use as they are on Windows. But then no server administration on Linux is. However that doesn't mean that the controls are not there.

You can't say "my point was that the groups can actually work similarly to ACLs on Windows" after "Even just user groups are a basic form of ACLs as you can assign more than one group per user and then set individual permissions per group thus affecting all users with that group attached". To say something is a basic form kind of gets you off the hook but not really. You originally state groups as a basic form of ACL, you never implied that it was to mean they "work similarly". I know what you said.

 

[Plan9]

Quote:

Originally Posted by mushroomboy

You can't say "my point was that the groups can actually work similarly to ACLs on Windows" after "Even just user groups are a basic form of ACLs as you can assign more than one group per user and then set individual permissions per group thus affecting all users with that group attached".

Why not? I know english isn't my strong point, but those two sentences essentially state the same thing.
You've also conveniently ignored (yet again) where I elaborated to demonstrate other more fine grained control (which again is hooked into the user / group system). Which, to be honest, I'm getting sick of you doing. If you have a problem with the methodology, then by all means impart your wisdom. But all you're doing is ignoring examples of real world applications and actual man pages in favour of sticking your fingers in your ear and yelling "la la la I'm not listening"
Quote:

Originally Posted by mushroomboy

To say something is a basic form kind of gets you off the hook but not really.

It's no different to the term you used, and I quote: "simple user/owner/group is a minimal ACL". How is "minimal" any better (or different) to "basic"? You're whole argument now is simply moronic and completely irrelevant to the topic of ACLs.
Quote:

Originally Posted by mushroomboy

You originally state groups as a basic form of ACL, you never implied that it was to mean they "work similarly". I know what you said.

Clearly you don't because you've ignored huge chunks of my post and taken the remainder out of context. I'm starting to think that perhaps you just want to believe that Linux can't ACL through pride of being proven wrong. I'm also now regretting ever responding to you as clearly nitpicking sentence structure is more important than actual facts.

 

[mushroomboy]

Quote:

Originally Posted by Plan9

Why not? I know english isn't my strong point, but those two sentences essentially state the same thing.
You've also conveniently ignored (yet again) where I elaborated to demonstrate other more fine grained control (which again is hooked into the user / group system). Which, to be honest, I'm getting sick of you doing. If you have a problem with the methodology, then by all means impart your wisdom. But all you're doing is ignoring examples of real world applications and actual man pages in favour of sticking your fingers in your ear and yelling "la la la I'm not listening"
It's no different to the term you used, and I quote: "simple user/owner/group is a minimal ACL". How is "minimal" any better (or different) to "basic"? You're whole argument now is simply moronic and completely irrelevant to the topic of ACLs.
Clearly you don't because you've ignored huge chunks of my post and taken the remainder out of context. I'm starting to think that perhaps you just want to believe that Linux can't ACL through pride of being proven wrong. I'm also now regretting ever responding to you as clearly nitpicking sentence structure is more important than actual facts.

Because I was referring to the file attributes. Owner/User/group are file attributes that allow Read/Write/Execute depending on the numerical value you assign. That's an ACL but groups alone are not an ACL as they aren't really controlled by the file system.

[edit] I know I'll need to clarify, don't know why I posted. ACLs refer to objects, objects mean files. A group isn't an object, it's a definition and would work more similar to a registry as opposed to an ACL. Even so, it's really just a simple list. The file that stores that list is an object and can be attributed by an ACL, however the "groups" that the file holds are in no way related to an ACL.

I also don't generally talk about the standard owner/user/group as an ACL because you can do that without an ACL. In fact most people don't talk about the standard chmod attributes as ACLs. I was actually unaware that the they now ship with full ACL tools, I still think most systems don't actively use them unless you enable it. That is a new thing to me, probably the last couple years.

 

[royalflush5]

I think you should also add that *NIX users who have modded their kernal can either close or open security holes, because they, well, changed the kernal

 

[Plan9]

*double post*