Something about Linux

[Padma]

Okay, I haven't closely read all the posts since my last. I meant to expand on it before, but got called away.

Basically, the myth that Linux would be just as virus-ridden as Windows if it were more popular has been debunked many times since it was first promoted. I am almost embarassed to see it still being expounded. It was first put out by MS "Technical Evangelists" - people who are paid by, and trained by, Microsoft to do everything they can to slow the uptake of Linux, including lying and cheating. (James Plamondon was a MS TE for years, and testified about this in the Iowa anti-trust trial in 2007.)

I could go into why and how Linux is *designed* for multi-user security, compared to Windows, where security is bolted on as an afterthought (and, if it is too solid, will reduce MS's profits), but that has been done to death as well. I will just point out that the vast majority of active internet servers run Linux or Unix, yet the vast majority of server outages due to malware are Windows servers. If Linux were as easy to crack, don't you think there's be more Linux shutdowns?

 

[Aramazd]

The principle that Linux is created with security in mind.

So, you want to ignore facts because it conflicts with something you believe?

Okay, I haven't closely read all the posts since my last. I meant to expand on it before, but got called away.

Basically, the myth that Linux would be just as virus-ridden as Windows if it were more popular has been debunked many times since it was first promoted. I am almost embarassed to see it still being expounded. It was first put out by MS "Technical Evangelists" - people who are paid by, and trained by, Microsoft to do everything they can to slow the uptake of Linux, including lying and cheating. (James Plamondon was a MS TE for years, and testified about this in the Iowa anti-trust trial in 2007.)

I don't really buy it myself, but I don't have a doubt that viruses would actually exist and do some harm if Linux has Windows' market share.

I could go into why and how Linux is *designed* for multi-user security, compared to Windows, where security is bolted on as an afterthought (and, if it is too solid, will reduce MS's profits), but that has been done to death as well.

I'm not a programmer(actually I'm an ecology major who has an interest computers), but I've heard this argument before, and I don't get it. Surely, the programmers at Microsoft can go in and add the code they need to make Windows more secure. That code would be just as good as if it was written at the same time as Windows.

 

[taper]

So, you want to ignore facts because it conflicts with something you believe?

I don't really buy it myself, but I don't have a doubt that viruses would actually exist and do some harm if Linux has Windows' market share.

I'm not a programmer(actually I'm an ecology major who has an interest computers), but I've heard this argument before, and I don't get it. Surely, the programmers at Microsoft can go in and add the code they need to make Windows more secure. That code would be just as good as if it was written at the same time as Windows.

Let me get this straight. You don't really understand how software works, you don't know the difference in security models between Linux and Windows, and you think Microsoft developers can just add code as they feel like, but you think you can argue that Windows is better with people that have taken the time to understand the differences? Don't get me wrong, Linux has plenty of problems, and I think non-geeks learning as much as they can about computers is a great thing, but don't just repeat FUD you don't really understand.

And yes, virus do exist for *nix systems, but they are far rarer, both from market share and security of the system. As far as users clicking on anything that moves, you can't fix stupid, but at least Linux is good at preventing the worst of it. There is a fundamental difference between security in Windows and *nix, of which UAC was a half-hearted attempt to fix.

I do play Civ4 in Linux with absolutely no issues, and Padma has a thread in the Civ3 section about how to get that running.

 

[Aramazd]

Let me get this straight. You don't really understand how software works, you don't know the difference in security models between Linux and Windows, and you think Microsoft developers can just add code as they feel like, but you think you can argue that Windows is better with people that have taken the time to understand the differences?

Of course they can add code, unless I'm missing something fundamental. Not that it would be simple or anything, but Microsoft a huge company that can devote lots of resources to that sort of thing. I asked a simple question. Instead of answering, you go and attack me. I honestly want to know the answer.

Don't get me wrong, Linux has plenty of problems, and I think non-geeks learning as much as they can about computers is a great thing, but don't just repeat FUD you don't really understand.

I haven't been spreading FUD. The one thing I said was "if linux was a popular as windows their would be more viruses just due to the fact that you'll have bad users as well". Just because I'm not a programmer doesn't mean I don't know anything.

And yes, virus do exist for *nix systems, but they are far rarer, both from market share and security of the system. As far as users clicking on anything that moves, you can't fix stupid, but at least Linux is good at preventing the worst of it. There is a fundamental difference between security in Windows and *nix, of which UAC was a half-hearted attempt to fix.

That's exactly what I said.

 

[aimeeandbeatles]

If you're really interested in the subject, this is an article:
http://librenix.com/?inode=21

And another:
http://www.securityfocus.com/columnists/188

 

[Mise]

Padma, there is clearly a difference between servers and desktop environments, and multi-user and single-user implementations. My understanding of "mainstream popularity", and specifically what I was talking about, was single-user desktop implementations of Windows Vista vs say Ubuntu (or whatever Linux distro is most suited for mass-market penetration).

A single-user Windows environment lends itself to virus propagation in a virtually identical way to a single-user Linux environment, because the way viruses propagate on these environments is primarily via the user being duped into installing programs that contain viruses. Whether that be through opening an attachment in Outlook (and honestly, how many people even use Outlook? most people use Gmail or Hotmail or Yahoo mail for email) or clicking a banner ad to install some "internet boosting" program isn't impacted by whether you run Windows or Linux, and can't be prevented by any clever programming in the OS.

You can argue all you want about Windows Server 2008 vs Linux as servers, but we're talking mainstream popularity, and what mainstream popularity means is stupid people who click things they shouldn't, don't run virus scanners, and bring viruses on themselves. Not only would more viruses be designed to exploit Linux users, but more Linux users would be stupid enough to install viruses.

Out of everyone I know, only 1 person has ever had a virus on their computer, and it was because they downloaded something dodgy, installed it, and got infected. Everyone else I know uses Windows and has never, ever got a virus. Granted, I know a larger proportion of tech-savvy people than average, but my experience has been that it's very difficult to get a virus on Windows unless you bring it onto yourself by downloading something you shouldn't have. Your experience is clearly different to this, which is why you have different opinions (and, incidentally, it's the fact that two different experiences can lead to two different conclusions that lead me to believe that there's no tangible difference between Linux, Windows and MacOS for a tech-savvy user).

But to call it "BS" (what's the rules on abbreviated swearing?) purely because it was also expounded by Microsoft's marketing team strikes me as just as evangelical. And I would certainly be surprised if Microsoft's marketing team argued that Windows is especially vulnerable to viruses because its user-base was stupid enough to install them...

 

[Zelig]

Whether that be through opening an attachment in Outlook (and honestly, how many people even use Outlook? most people use Gmail or Hotmail or Yahoo mail for email)

The vast majority of the business world uses Outlook.

But in any case, there's really no fundamental difference to opening an attachment via outlook or via webmail.

 

[Mise]

The vast majority of the business world uses Outlook.

But in any case, there's really no fundamental difference to opening an attachment via outlook or via webmail.

Yeah, I suppose you're right. I guess that accounts for at least a third of all Windows installations.

 

[Souron]

I'm not a programmer(actually I'm an ecology major who has an interest computers), but I've heard this argument before, and I don't get it. Surely, the programmers at Microsoft can go in and add the code they need to make Windows more secure. That code would be just as good as if it was written at the same time as Windows.

Its the difference between designing a boat to be water proof, and patching all the holes after the boat is built. You can miss a few that way. And a single small hole constitutes a major security problem.

 

[Aramazd]

Its the difference between designing a boat to be water proof, and patching all the holes after the boat is built. You can miss a few that way. And a single small hole constitutes a major security problem.

But it's just as possible to miss something in the design stage as well.

 

[kuukkeli]

Ease of use???

You can't get easier than a good distro running KDE 3.5. And once KDE4 is fully stable and up-to-date with all its apps, it will be even better. Windows is a PITA to use.

Linux can be very easy to use for someone who just browses the web and reads mail but anything more than that adds much more complexity than Windows does. Far too many common tasks require modifying configuration files and the documentation of those files is often rather bad. In addition to that the problems mentioned by Aramazd (wireless, sound and hardware acceleration in video playback) are more PITA than anything in Windows.

In my opinion Linux is still far away from the state where it could seriously claim to be an alternative as a mainstream OS. It has benefits too but in my books the problems outweigh them. I still use Ubuntu as a secondary OS (mainly for my downloads) but with just couple of minor exceptions I consider Windows 7 more pleasant to use.

 

[Padma]

@Mise: I will agree that there is some difference between servers and single-use home desktops. However, the information that most viruses are after exists largely on the servers. (Viruses are no longer 'garage-lab' 'hobbyist' toys. They are written by paid developers working for major crime cartels, e.g., the "Russian Mafia".) If Linux security were no better than Windows, surely more Linux servers would be getting hit. Home desktops are more likely to be targeted to become members of botnets. Again, with the intent to attack servers. Since nothing can be installed on a Linux system without your consent (assuming you're not running as 'root'), you should *know* when something is asking to be installed that you didn't authorize.

Still, I will agree with the above poster(s) who said, "you can't fix stupid!". There will always be social engineering based malware to dupe the "stupid" into installing them. "I don't care what hoops I have to jump through, I'm going to see these naked pictures of Anna Kournikova!" But Linux at least makes you jump through hoops. At the very least, you would have to make the file executable. In Windows, standard install hides the file name extensions. So a file named "Pictures.jpg.exe" is listed as "Pictures.jpg". Most people will never notice the difference, until they click on the jpeg, and the drive and CPU get busy, but no pics show. (Another wonderful idea from Bill Gates: have the file extension determine whether the file can be executed. )

As for knowing people whose computers have been infected, my own wife's laptop has been infected twice during the last year, simply by being connected and browsing perfectly normal web sites. Nothing dodgy about the sites, nothing she downloaded or even clicked on. Just opening sites that had been infected with javascript which IE (and most browsers, to be fair) arbitrarily execute. She's the only user on the system, which means she automatically is the Admin. Which means that anything she "executes" can affect the entire system. (Another brilliant idea out of Redmond.)

And it wasn't the "marketing team" that expounded this myth. It was the "Technical Evangelists", a semi-secret group paid to use any means, ethical or not, legal or not, to convince people to stay with / switch to MS Windows. Their tactics include outright lying, "astro-turfing", bribing jounalists, stacking discussion panels, etc.

@kuukkeli: If you do what the average use does: browse the web, read/write email, listen to music, etc., Linux is as easy to use as Windows, if not easier. The specific problems you cite are not a problem for the majority of users. My system, for instance, has no problem with wireless, sound, and hardware acceleration out of the box. Some distros may have some trouble with specific hardware configurations, usually because some hardware manufacturers tie themselves tightly to Windows. The only thing that I can't really do on my Linux desktop is play newer Windows-based games. And that is because they are tied to DirectX, which MS explicitly wrote to break the OpenGL standards on which it was based.

 

[aimeeandbeatles]

And couldn't you run a lot of Windows games in WINE? Or use a virtual machine or something?

 

[Padma]

*Some* run okay in wine. *Some* run fine in a VM. *Some* run well in Cedega (a special version of wine). *Some* run well in Crossover Games (a special version of wine).

Wine is rapidly improving, and the number of games it will run is steadily increasing. VM systems often have display adapter quirks, that prevent one from having decent (in gaming terms) video. My recommendation to serious Windows gamers is to either dual-boot, or have a separate system for gaming.

 

[Mise]

@Padma, I agree with a lot of what you say, and whilst there might be details that I disagree with, I don't really want to go down the whole nitpicking-every-detail-with-fellow-computer-geeks thing.

However, whilst I agree that most people won't have the problems mentioned by kuukkeli and others, neither will most people be infected by viruses or succumb to any of the nasties that Linux supposedly protects from. Personally, I believe that the differences between Windows, MacOS and Linux are just too small for such debates to occur over them. It's like arguing between Pepsi and Coke, which is all just a bit silly. Since we all know Pepsi's better!

 

[Zelig]

As for knowing people whose computers have been infected, my own wife's laptop has been infected twice during the last year, simply by being connected and browsing perfectly normal web sites. Nothing dodgy about the sites, nothing she downloaded or even clicked on. Just opening sites that had been infected with javascript which IE (and most browsers, to be fair) arbitrarily execute. She's the only user on the system, which means she automatically is the Admin. Which means that anything she "executes" can affect the entire system. (Another brilliant idea out of Redmond.)

Honestly, I feel pretty safe in claiming there was some sort of user error here.

My computer has been on broadband, turned on 24/7 for the past 3 years, running Windows without any realtime antivirus or anti-malware programs.

I run as admin with UAC disabled, make no effort to filter my browsing habits based on the propensity of sites to be hosting malware, and have never gotten an infection of any kind.

At the very least, you would have to make the file executable. In Windows, standard install hides the file name extensions. So a file named "Pictures.jpg.exe" is listed as "Pictures.jpg". Most people will never notice the difference, until they click on the jpeg, and the drive and CPU get busy, but no pics show.

I don't think this matters much in practice. The average user is oblivious to file extensions, they just click some icons and expect stuff to happen.

I'm guessing MS implemented the prompts before running any executable files partly because executable can use anything as an icon...

I'm not sure there's anything further along these lines that can be done to protect those types of users.

 

[aimeeandbeatles]

Okay, I've finally gotten Linux installed in VirtualBox. Ubuntu, to be exact, because I knew it was supported well. And it's rather interesting.

figured it'd be safer to install it in a VM rather than to accidentally overwrite the Windows partition and not have the OS disc

 

[Mise]

You'll have a lot of fun with it, Aimee.

 

[Shadylookin]

meh the whole if linux distos were popular it would get more viruses is bunk. It is popular on servers and servers actually tend to have important info on them worth getting into, unlike joe blow and his porno collection.


Anyway I think it's a bad question. Linux the kernel is fine. Distros that use Linux have their own philosophies and some of them would suck(in my opinion) regardless of how many people used them. For instance I dislike most low resource distros, I've got 2 gigs of ram and a reasonable processor Damn small linux is just a waste of time. For someone with a low end computer ubuntu is always going to suck because he'll never be able to use a good chunk of the programs.

If we generalize this to say open source software in general then open source has it's own set of fundamental flaws. Many projects will never make any money and the creator will abandon them for other things. Open source only has one business model and that is pay for support(well 2 there's always the beg for donations option). However some things that while popular will never bring in the support money. For instance high end video games will never survive under an open source model along with other programs that are equally self exploratory.

So I guess the real question is what do you mean by Linux?

 

[Genocidicbunny]

meh the whole if linux distos were popular it would get more viruses is bunk. It is popular on servers and servers actually tend to have important info on them worth getting into, unlike joe blow and his porno collection.

Wrong. Joe Blow has a credit card and SSN that he may use online that can be stolen. Most virus/adware creators are after money. Joe Blow is also most likely not very computer-savvy and so its easier to dupe him. Servers on the other hand, those with important info, tend to be watched over by people who's entire job is watching to make sure those servers run fine. Makes it a helluva lot harder to get into them.

The whole "Joe Blow" has nothing of value, go after corporate info argument is 'bunk' as you put it. If I were a virus writer, looking for money, would I write a virus to hack into one company's server, considering that company has most likely millions of dollars in IT funding and a huge legal retainer, or would I create a virus to hack the thousands of unsecure machines out there that are used by people in their daily lives, including making purchases and other sensitive actions? Id go with the latter. You also have to consider that there are many, many configs for linux servers out there, and some even have different kernels. Hell, my dads company has at least 9 different kernels on a single rack, and they add a rack a month. Thats at minimum 9 different kernel configurations, most likely closer to 20, not to mention the customized configs on top of those that every blade gets.

Information may be money, but why get info to turn into money when you can get money directly.