Storm worm gains strength
Posted Sep 1, 2007 8:42 UTC (Sat) by IkeTo
In reply to: Storm worm gains strength
Parent article: Storm worm gains strength
> So you would be only securing the system, not what user has? (user doesn't
> care about "system", they care about their own data, the data to which
> they have access)
Then they should. If the system itself is not secure, we don't have a basis to talk about data security. If the system is compromised, you can trust the system to recover from neither the system nor its data. If only user data is damaged you can still trust the system. Also, since distributions like Ubuntu enpower users without much previous Unix experience or knowledge to install a Linux based system, it means they are in charge of the system, so there is no "system administrator" but themselves to keep the system in a secure shape. But how distributions can make sure their users are capable to do so? The answer needs to be: By making it simple enough. Of course the user *also* care about data security. That is very much the same argument, albeit much more difficult to provide without very much education.
> And currently Ubuntu is educating users with its sudo system that whenever
> anything popups up a "password" dialog, you're supposed give it your own
> password. And with that password the programs are able to do the same
> things as root (with sudo). Secure, yeah...
I actually do not use a Ubuntu system regularly, I have installed one and used it for less than a week. So I don't perfectly know the security implications, even though I read a lot about it. On the other hand, popping up the password dialog is no longer unique to Ubuntu. Fedora does the same. The only difference is that they prompt for the root password rather than your own password.
So Fedora is more secure *because* it prompts for the root password instead of the user password? When a Fedora (or even Debian!) system asks for a user password? What is the difference that the system trains the user to distinguish? The answer: a Fedora user prompts for the user password only for (1) login, and (2) change user password. The system thus trains the user to distinguish system access and login/password changing. What a good deal... even the worst naive idiot can distinguish them! Bottom line, if a home user using Ubuntu can be tricked to type his own password and install a malicious .deb package, the same user having switched to Fedora can be tricked to type the root password to install an equivalent malicious .rpm package.
My belief is that the system design should distinguish two types of activities that the user can be expected to do: (1) those that the users are expected to do from time to time and are easy to do, and (2) those that are hard enough to do that the user will never do casually. (1) should be safe enough that the action cannot jeapodize the system at all; and (2) should be rare enough that a casual user need not use them at all. Since Ubuntu (Debian, Fedora, whatever) is a system that allows third party packages, and their target is to make it easy, it is in class (1), so it means they should be rock solid. This is perhaps a big dream, but having a dream is better than having no dream.
to post comments)