Weekly Edition
Return to the Press pageSponsored link
Vyatta –
Linux & Open Source
Alternative to Cisco –
Advanced Routing,
Firewall, VPN, QoS..
Free Download ->
| |||||||||||
Open source gets serious (USA Today)
USA Today looks
at the growing acceptance of Linux and reviews five desktop-oriented
distributions. "In terms of end-user training requirements, Lindows,
Lycoris and Xandros present the least costly options for switching to a
Linux desktop interface. Libranet and Mandrake may require more training
but are still worth considering."
(Log in to post comments)
Open source gets serious (USA Today) Posted Mar 10, 2004 20:33 UTC (Wed) by a_hippie (subscriber, #34) [Link] I am no fan of USA Today, but. . . I really liked the way the authorkeeps the geekese to a minimum and manages to cover five distro's in this article. The conclusion is that Gnu/Linux *is* ready for the desktop and the corptop! Good read. Wishing you well.
Open source gets serious (USA Today) Posted Mar 10, 2004 21:49 UTC (Wed) by allesfresser (subscriber, #216) [Link] Unfortunately the author didn't go deep enough to mention that Lindows has a huge security problem running everything as root. Glowing reviews that miss problems that big are not very helpful... even though it was otherwise well-written and probably will be instrumental in helping some non-technical users try out one of the mentioned distributions.
Open source gets serious (USA Today) Posted Mar 10, 2004 22:27 UTC (Wed) by jwharmanny (guest, #971) [Link] LindowsOS actually offers a user-account-setup step in the installation procedure. But it is very easy to skip that step and run simply everything as root. Besides; Mandrake has had a setup option which is even worse: install a root account with an empty password. (Don't know if it is still present in the newer versions though.)I think the only reasonable way of messing with the root account this way, is on a system that is not connected to the internet. It is interesting to see some Linux distributions becoming less secure (for useability reasons), while Microsoft is making much effort to let the (by default very insecure) Windows OS behave more secure even at the cost of some user-friendliness.
Mandrake security Posted Mar 11, 2004 10:32 UTC (Thu) by eru (subscriber, #2753) [Link] Mandrake has had a setup option which is even worse: install a root account with an empty password.I just recently installed Mandrake 9.2, and its installer at least had a field to fill for the root password. Pity I did not think of trying whether it would have accepted an empty password. The installer offers "security levels" and was pretty good at explaining the intended uses of them. Setting up a local firewall in installation was very easy, just fill a checkbox (that was my first home machine with broadband). Choosing the "sloppiest" options in installer sure would result in poorly secured machine, but Mandrake also made it very painless to set the machine to a high security level. What Mandrake and other distros should do is make the high level settings the default, and allow low security installation only if the user navigates through a lot of bright red warning dialogs... I wish there were some way to legally prevent calling a Linux distribution that does not force a separate root account a Linux (maybe excepting embedded cases). Perhaps some kind of certification mark could be created that would be awarded to distributions that uphold good security standards?
Open source gets serious (USA Today) Posted Mar 10, 2004 22:40 UTC (Wed) by sbergman27 (subscriber, #10767) [Link] The running as root point is far overrated. This is a desktop for Christ's sake. If your user account is compromised, the only thing at risk is your spreadsheets, wordprocessing documents, email, etc. But if they get root privilege they can delete the whole 30 minute OS installation!Think about it...
Open source gets serious (USA Today) Posted Mar 10, 2004 22:47 UTC (Wed) by JoeBuck (subscriber, #2330) [Link] The reason someone wants to crack your box is not because there's something valuable on it. Rather, the bad guy wants your machine as a resource, for use in launching further attacks. This can be done either to collect a whole army of machines as tools to launch distributed denial of service attacks, or simply as a way to cover the attacker's tracks (so he can do the seriously criminal stuff from a machine that is not his own). Given this, for Lindows to promote the model of running as root is socially irresponsible, and if they have any success at all, we will see Lindows viruses.
Open source gets serious (USA Today) Posted Mar 11, 2004 14:44 UTC (Thu) by ccchips (guest, #3222) [Link] We will also see people having access to (and the ability to snarf up) any proprietary software Robertson may be thinking that he can sell on top of Lindows, not to mention various access keys and so on.I have been saying to my friends, all along, "Don't buy LindowsOS. And if you should happen to not listen to me, don't run the thing as Root. In other words, when they ask you to create a "user account," do so, and use it. but I know they won't listen. Please understand, I don't have an ax to grind against Robertson for Lindows. I have an ax to grind with him over both Lindows and MP3.COM, and I view that man as an irresponsible, grown-up kid.
Open source gets serious (USA Today) Posted Mar 11, 2004 16:33 UTC (Thu) by pflugstad (subscriber, #224) [Link] Please note that I totally agree with you - running as root is BAD.However, the counter point to this is that you don't need to be root to launch an attack. Granted, you can't do things like fake the source IP and such things, but most of the time, that's not needed. Nor do you need to be root to make sure your trojan/worm is persistent on the users computer. So from this point of view, running as root or not is pretty much a moot point. From my point of view, running as root is dangerous in that it's *way* to easy to completely screw up the box. So it's not so much as protecting your machine from being used as an attack, it's about protecting your machine from yourself.
I think your Lindows security information is out of date Posted Mar 10, 2004 22:57 UTC (Wed) by sdalley (subscriber, #18550) [Link] To quote from the Lindows 4.5 FAQs:> Question > A lot of Linux users think that Lindows.com doesn't do enough to push > its users to create user accounts and hence most LindowsOS users run as > root. What is your opinion on the issue? > ...I think this stems mostly from the very first "Sneak Preview" of
Open source gets serious (USA Today) Posted Mar 10, 2004 22:21 UTC (Wed) by johnnylange (guest, #18647) [Link] I love it when someone says that Linux is less susceptible to viruses and hacker attacks. This maybe true right now, but don't let that give you a false sense of security.
More Secure by Design Posted Mar 10, 2004 23:14 UTC (Wed) by AnswerGuy (subscriber, #1256) [Link] UNIX and Linux are more secure from common viruses and worms for the simple reason that they were designed as multi-user systems. At its core the system is able to run each daemon (service) as a separate user and those users are normally quite limited in how much they can affect other users. However, it is well known among UNIX and Linux professionals that this design is far from perfect. There is a brittleness to UNIX security and the design and implementation of C is somewhat fragile. Far from "resting on our laurels" or smugly ignoring the limitations of our system design the open source UNIX (*BSD and Linux) communities have worked on and deployed a number of security enhancements beyond those afforded by traditional UNIX. The Linux "capabilities" system, SELinux, the *BSD systrace mechanism (also available in Linux), GRSecurity kernel patches, the work on OpenWall Linux, the LIDS effort, the NSA's SELinux project and many others are all examples of this work. These are all freely avaialable and some are used to varying degrees by various distributions and operating systems. The fact that market uptake on these has been slow can be attributed to a couple of factors: (1) Linux security is "good enough" most of the time. (The worst worm to ever affect Linux was less than a tenth as virulent as the least of the recent Microsoft worms; and all of the linux worms combined: Ramen, Lion,
Open source gets serious (USA Today) Posted Mar 11, 2004 18:22 UTC (Thu) by Destructo (guest, #17736) [Link] ha.. mandrake may require more training . thats a laugh.
|
|||||||||||