markwolfe Veteran Posted April 23, 2004 Veteran Share Posted April 23, 2004 I just read an interesting article here: http://www.securityfocus.com/columnists/235 I think some valid points are made about the recent push of *NIX (Linux in particular) into the entry level PC user's reach (read: Wal-Mart). Will the "casual user" cause problems for Linux, as they run systems that are not up to date with security patches (like often happens in the Windows World?) Link to comment Share on other sites More sharing options...
Nichotin Posted April 23, 2004 Share Posted April 23, 2004 they wont be any problem yet I think, because they are not running homogenous systems. Link to comment Share on other sites More sharing options...
Redestium Posted April 23, 2004 Share Posted April 23, 2004 Of course, but the number of people buying Linux desktops is next to zero as far as I know. Link to comment Share on other sites More sharing options...
the evn show Posted April 23, 2004 Share Posted April 23, 2004 Maybe not, but there are enough things common to most *NIX distributions that could effect 'everyone'. For example the problem with OpenSSL about a year ago could allow arbitrary code execution on some systems (worst case scenario for any bug) or it would crash the server in the best case (shy of not doing anything). Most *NIX systems ship with OpenSSL so a bug there has the potential to effect everyone. A bug introduced in XFree86 2 years ago that has gone unfixed to this day might be discovered tomorrow, that would be an issue for a very large part of the *NIX client world. It doesn't have to be an issue for everyone to be bad: even if only 15% of the world is affected that's still hundreds of millions of people. There are enough "common" components that it's not unreasonable to suspect it's possible for such a thing to happen - though it would be significantly more difficult than it is for people looking to bother Windows users. Apple has a *NIX distribution that is targeted for "unexperienced" users and it has a pretty good security track record. So what can the rest of the *NIX world learn from Apple: - Ship with all services off and close all the open ports - Make user administration simple - Enable the system to update automatically and often. - Make it unnecessary to ever log in as root - Don't have a mail client that will allow you to send mail 100% automatically by scripting included by default - Make it very clear which files are executable especially WRT downloaded files, attachments, etc. I would go one step farther than apple and enable the firewall to only allow outbound traffic on any port for an 'approved' list of applications and no others (sort of like how the keychain only allows certain programs access to various pieces of secured info). It's possible to make a *NIX that the world _can_ use and keep it secure, it's a matter of whether or not people want to. Link to comment Share on other sites More sharing options...
LordHatrus Posted April 23, 2004 Share Posted April 23, 2004 Make it unnecessary to ever log in as rootI'd like to see that.Just give 'em superuser stuff, and back off - otherwise, too many n00bs constantly logged in as root. Make it very clear which files are executable especially WRT downloaded files, attachments, etc. well, it can't get much clearer... its executable if its has executable properties.... But I see what you're saying, maybe *nix needs its own .exe extension... keep those n00bs in line there :) Link to comment Share on other sites More sharing options...
Recommended Posts