On Sep 30, 2004, at 2:05 PM, Chuck Urwiler wrote:
> Do you guys think that a Linux box would be "more secure" in this
> regard, or
> is this just a symptom of the dominance of Windows boxen on the
> market? In
> other words, could there be just as many exploits on the average Linux
> box
> that aren't being exploited since there are so many people who either
> hate
> MS or just want to do as much damage as possible and Windows is so
> prevalent?
Without a doubt, all OSs have potential security holes. The problem
with Windows is that you don't necessarily need to understand the
arcane underbelly of the OS in order to exploit it. Most of the virii
which have struck Windows haven't used some obscure exploit, but simply
took advantage of Windows 'features' that were never envisioned to be
used that way. There aren't 'script kiddies' hacking Linux boxen; the
barrier of entry to being able to do that is much, much higher.
Windows also makes it hard to do anything interesting, like install
anything, without being an Admin. Yes, I know all about "runas", but
that's not something that most typical users are even aware of. They
only know that if they aren't listed as an admin, the computer won't
let them do stuff, so they log in as an admin. Then when they get
exploited, the virus runs with full admin privileges.
I like the way OS X works. My account is an admin account, but anytime
I want to do anything as an admin, such as install an app in a common
system location, I get prompted to enter my password. Why is this cool?
Because if some trojan horse app finds its way onto my system, unless
it knows my password, it can't infect anything except my local user
folder.
___/
/
__/
/
____/
Ed Leafe
http://leafe.com/
http://dabodev.com/
©2004 Ed Leafe |
