Chuck Urwiler writes:
> If only a computer were as simple as a TV, I might go with
> the analogy. But really, this doesn't work because a computer
> is *much* more complex than a TV. Of course, it's not being
> sold that way to the poor hapless computer-illiterate
> consumer, so they think when something is wrong and someone
> like us fixes it, it should all work and never have a problem
> again.
So who needs to warn the consumer that a computer isn't a toy,
and it *will* cost more than the $500 special you are getting
it for.
> I'm not trying to start a flame war here, but I have to ask
> this question since you all know Linux better than I do.
>
> Do you guys think that a Linux box would be "more secure" in
> this regard, or is this just a symptom of the dominance of
> Windows boxen on the market? In other words, could there be
> just as many exploits on the average Linux box that aren't
> being exploited since there are so many people who either
> hate MS or just want to do as much damage as possible and
> Windows is so prevalent?
I think that Linux has its fair share of security issues, to be
sure. However, it isn't as fundamentally flawed as Windows is,
and the open source development paradigm is better suited to
put out the fires as they occur.
Also, applications tend to be adopted because of their merit,
not because they are being spoon-fed from on-high like IE,
Outlook, etc.
> Or have I drank a little too much of the kool aid? <g>
>
> Waiting for the flames...
Not sure why you are expecting flames - these are great issues
to toss around.
> Most of you know, I do use Windows every day. I have
> installed various flavors of *nix but I really haven't had
> time to work with it as I'm working in Windows all day and
> trying to raise a family the rest of the time. <g>
>
> Admittedly I think I personally avoid most of this kind of
> crap not so much because I'm a windows/computer expert but
> that all my computers sit behind a NAT device and only one
> port is open to the outside world: port 80. Also, whenever my
> teenage nieces/nephews use my wife's computer, I do a
> spyware/adware/malware scan and fix any problems they find.
Firewalls are important, and I have no doubt XP SP2 will go a
long way to solving the more blatant problems. However, that
won't prevent trojans from coming in, and as far as I can see
the Windows firewall is still too basic, and once a user says
"okay let backorifice out on port 45884 - I don't know I'll
just say 'yes'", they'll never get prompted again.
> Of course, I have had to "fix" the computers for my parents,
> my brother- and sister-in-law, but their biggest problems
> were spyware, which ostensibly would be something a Linux box
> should get as well, right? It's just that people just aren't
> writing those kinds of proggys for Linux are they?
Windows is such a target for multiple reasons:
+ it is ubiquitous, and is really the same old code in all
Windows versions, just repackaged. Easy to target.
+ some people really do hate Microsoft.
There are so many Linux configurations that it won't be nearly
as easy to target Linux in an attack. Whereas you can expect
Windows to broadcast on ports 135-139, and 445 and some others,
and you can expect Windows to be running IE, you can't make
those same expectations with Linux systems. I'm running
FireFox, Konqueror, Galeon, depending on my browser mood for
instance.
I think that while there are certainly plenty of exploits
waiting to happen on Linux, and a hosed Linux system could be a
very powerful tool in the hands of a script-kiddie, there are
various reasons that will prevent Linux attacks to become the
huge problem Windows attacks are becoming.
--
Paul McNett
Independent Software Consultant
http://www.paulmcnett.com
©2004 Paul McNett |
