LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

GNOME 3.4 released

GNOME 3.4 released

Posted Apr 5, 2012 12:21 UTC (Thu) by elanthis (guest, #6227)
In reply to: GNOME 3.4 released by Pawlerson
Parent article: GNOME 3.4 released

> Yes, you are right, but I know the person I was replying to. The problem is every argument falls on deaf ears in this case and the FUD is being spread. ;)

You absolutely do not know me, in the least. You have never met me, never had a conversation with me, and couldn't guess my motivations or beliefs to save your life.

That said, there's no FUD here. Windows is more secure in that it offers user-facing security features that Linux never has. There's absolutely no argument here. Sure, maybe Windows -- offering tons of features and subsystems that the Linux desktop does not -- has more lines of code and hence more places for mistakes to be made is truth, but that's entirely different than the _design_ of Windows being one focusing on desktop security, where as Linux focuses on ancient POSIX-compatible time-shared system security.

On the desktop, security is not "user A cannot negatively affect user B." On the desktop, security is "user A accessed something that could find a hole in random application he's using, but that still shouldn't negatively affect user A."

Linux has almost no solution here, besides adding SELinux (only even used on one major-ish distro) and some weak sand-boxing. Windows has numerous features that help to ensure that even if the sand-boxing mechanisms (which, according to more than a few places, are more complete and secure on Windows than on Linux) are broken, the conscientious user still has means to do a basic sanity test of the screen he's staring at.

Yes, the Windows mechanisms can be hacked by modifying Windows, but then the same can be said about Linux. I've seen root-kit'd Linux systems. They're a thing. Maybe you're not aware.

But hey, claim you know me, say that basic facts are "FUD," and then try to discredit me. That's the kind of response reasonable people expect out of folks who make emotional -- rather than logical -- attachments to technology, and isn't doing "your side" (which I'd say I'm on; I don't post here just to make fun of people, but rather to point out the dumb things that the Linux community could be doing better with) any favors. :(

(Log in to post comments)

GNOME 3.4 released

Posted Apr 5, 2012 16:33 UTC (Thu) by khim (subscriber, #9252) [Link]

That said, there's no FUD here.

Oh, but there is. Right here:

Windows is more secure in that it offers user-facing security features that Linux never has.

Security can not be measured by counting features. In fact often additional features make security worse, not better. Windows ACL model is quite powerful and convenient, but I'm not sure it offers better security. It's complexity is it's worst enemy. When I try to remove SYSTEM-owned file in FAR from Administrator account it explains to me that it can not be done. Unless I'll give permission agree to “try harder” - then it repeats with DEBUG permissions and file is gone. That's not security, that's snake oil.

That's entirely different than the _design_ of Windows being one focusing on desktop security.

Windows is designed for convenience, not for security. Sure, Windows NT was designed with some good security ideas in mind, but when it become obvious that they hurt performance and usability most of them were abandoned and subverted.

Only after huge outcry when totally insecure design of Windows XP (let's not even talk about Windows 9X, ok) created plethora of malware Microsoft started adding features which can provide real security on desktop. Some of them are genuinely useful, some are more of snake oil.

Linux has almost no solution here, besides adding SELinux (only even used on one major-ish distro) and some weak sand-boxing.

Actually seccomp sandboxing can be quite robust, but hard to use. There are interesting development in this direction under Linux which makes it more useful.

But hey, claim you know me, say that basic facts are "FUD," and then try to discredit me.

FUD education 101:
Basic fact: in Windows you can do X, Y and Z, in Linux it's impossible.
FUD: Windows is super-hyper (according to more than a few places), Linux is meh (according to more than a few places).

Where are your facts?

Here is an example of your “fact”:

On Linux, there's basically no way to be sure that the screen you're looking at is really your desktop or admin panel or whatever and not some other malware that injected itself via the a hole in the non-sandboxed Firefox processes Linux users are still primarily using as their Web browsers.

First of all it mixes the issues (Chrome uses pretty robust sandbox on Linux), then it includes true statement (yes, Windows's Ctrl-Alt-Del is pretty robust protection against some kinds of attacks) but omits an important detail (in Windows Vista and above you don't need to press Ctrl-Alt-Del before you'll be asked to enter Admin's password).

The sad truth is that Ctrl-Alt-Del was useful security feature in Windows NT 3.1, but over time Microsoft worked long and hard to make it less and less useful. Today Microsoft have trained users to enter password after screen “flash” instead of doing it after Ctrl-Alt-Del. Which turned Ctrl-Alt-Del from genuine protection to snake oil security.

This “fact” is FUD, plain and simple. Good, high-quality FUD (it includes genuinely true statements and lies mostly by omission), yes, but it does not make it less FUDish.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds