|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] Unix vs Dos for Virus Content
|
On Thu, Feb 08, 2001 at 04:33:20PM -0500, MaD dUCK wrote:
> also sprach Michael Leone (on Thu, 08 Feb 2001 04:28:08PM -0500):
> > To some extent, yes. Consider, tho - that's a user's CHOICE, to log in as
> > Administrator (or root, if you prefer). All you have to do is then set up a
> > user level account - exactly the same as you have to do in Unix/Linux - and
> > then log in as it. And use "su" or "sudo", when necessary. (that's what I
> > do - or try to)
> >
> > Standard security advice is NOT to log in as root (or Administrator) for
> > daily use. On any OS. But if you know the root password, who's to stop you?
> > (except you, of course)
> >
> > Not the OS's fault that you log in as root.
> >
> > Don't get me wrong - there's MANY things I dislike and criticize about
> > NT/Win2K. But I try to be fair about it's capabilities, too.
>
> yes and no - every linux user will know about root and at least know
> that it isn't a good thing to use it. those windows nt people i
> mentioned don't even know what an administrator is.
Uh... that's a little harsh. I've also worked in some NT
environments, and I've worked with a few people who regularly rolled
around with Administrator priveleges, even on servers (which were
poorly configured since that developers account really didn't *need*
admin privs if things had been set up right, but since everything
was convoluted and it was impossible to sort out the group
permissions situation without starting over, the IT guy--my manager--
had long ago just thrown up his hands and let developers be admins
on the development servers), and it's not that they don't
understand what that means, nor that the operating system doesn't
permit of doing things right, but that because NT merges Unix and
VMS permission schemes (either one of which is a mess), it's awfully
hard for the machine's administrator (the person, not the account)
to set things up so they'll work right.
But it *is* possible, because, when I was told to wipe out and
rebuild one of these NT servers, I did it right and, to the best of
my knowledge, that one server was still behaving properly (barring
crap leaking in from the master domain controller) when the company
went under/was bought out last year.
> the point is that there is a certain level of understanding among
> linux users which is higher than that of windows users.
Martin, for someone who, just a year and a half ago, was screaming
about how great NT was and how much everything else sucked, this is
a mighty strong turn around.
Furthermore, I find that to be flatly false. There are a *vast*
number of people using Linux (and other open source OSes, but
especially Linux) because it's the popular thing to do who don't
have the *slightest* clue about proper security measures.
(I could list five examples just on Swarthmore's campus, if you'd
like, but privately.)
> nevertheless, i think popularity is still the main argument for the
> proliferation of viruses via windows machines... as soon as linux will
> have replaced windows (if it does), it won't take long for email worms
> to surface for linux. somehow someone will figure something out...
Well... arguably, this email virus thing is the fault not of any
operating system but of Microsoft's tendency to add "features"
without considering consequences, especially "features" that make it
easier to commoditize computer use. Thus the interpretation of
scripts and html in Outlook. I don't think I've ever seen a legitimate
use of a scripted email. Sure, it might be cute to send your mom an
interactive Mother's Day card or something but, um, the only people
using this are sending spam and viruses. So why's it still part of
Outlook? By default, no less?
Userland software for Unix-like operating systems has typically seen
less feature bloat... something which is woefully coming to an end
with crap like Gnome and KDE (let's not argue about this one, kids,
I'm clearly expressing an opinion, you're welcome to express yours,
and let it go, eh?).
But even the Gnome- and KDE-affected (yes, I spelled that right)
mail readers don't do dumb stuff like presuming that, because you
received mail with a command to execute, you want it executed. And
it's the kind of step I don't see being taken.
I'm much more concerned about folks who haven't a clue how to
properly secure a Unix-like OS installing Linux on school and work
LANs than I do about them propagating email viruses, and I think you
probably ought to be too.
~ g r @ eclipsed.net
______________________________________________________________________
Philadelphia Linux Users Group - http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion - http://lists.phillylinux.org/mail/listinfo/plug
|
|