PDA

View Full Version : anyone get tired of hearing about this?



chuchII
4th June 2010, 06:50 PM
so just read through this article on the myth of comp security (on MS systems)
http://gizmodo.com/5554384/the-myth-of-computer-security

the author claims linux is safe right now because it's not being targeted...
I feel somewhat insulted that people somehow think linux is safe because so few use it.

it seems to me that (in addition to other factors) the open source model is what makes things so secure. kinda like, everybody's watching the cookie jar. with this kind of development any security holes get filled nearly as soon as they're discovered.
and the larger the community, the more eyes (hopefully) there are looking for that stuff. thus "hackers" won't be able to exploit much at all.

am I in my own little fantasy world here?

stevea
4th June 2010, 07:24 PM
Sadly there is some truth to it. ALinux, BSD, MacOS have a much smaller "profile" so they are the target of attack less frequently. There are/have_been successful exploits against Linux and the other *nix brethren.

Your comment shows a peculiar and unacceptable attitude toward security - yes it's important to fix security breeches immediately once they are found - but a milligram of prevention is worth a megaton of expedient cure. You DO NOT get security by plugging holes faster !

So on the prevention front - yes open source means more eyes surveying the critical code for holes, but it also means that more complex analysis of the pieces can be used by evildoers. The "more eyes" undoubtedly helps, but it far from perfect. Perhaps 18 months ago a clever page management error that had been latent in the kernel for over a year was exposed. It allowed any executable to become root. - so there are a whole range of 2.6 kernels that you really shouldn't run.

So the upshot is that Open source code has bugs, tho' arguably many fewer then say Win. The bugs are there for all to see - so there is a competition between good/bad-guys finding each one.

===

The realistic vectors on a home/soho arrangement are foreign (hard to define) information accessing your system. The external Network attack issues are fairly well known, and aside from the NSA spoofing your system are pretty well preventable by firewall and TLS. No one except a braindead Windoze system designed would ever think that executing code on some random hotplug device is sensible security policy - OTOH Linux desktop tools allow you to do that (yet oddly prevent root login). Probably the induced voluntary download is the greatest threat. You surf to some web-image page and the image data exploits some hole in the rendered causing a security breech (or javascript or ...). Or you download some innocuous looking sourceforge package and compile it - only to find it contains a virus. SELinux helps a lot once the damage is done, but that's not so much prevention as damage mitigation. There is talk of creating browsers that execute in a restricted walled environment - and probably it's a good approach.

No - we all have security issues. *nix is hit by fewer attacks and is likely more robust and "more secure", but we're more than a few tweaks short of complete security.

DrewP
5th June 2010, 12:16 AM
Inspection of the security logs on internet-facing servers show quite enough failed login attempts on port 22 to convince me that there is PLENTY of effort expended on attacking linux.

droidhacker
16th June 2010, 04:53 PM
There are plenty of attacks on linux machines. Particularly since the majority of servers exposed to the internet ARE linux machines.

The problem is that most of these idiotic articles focus on desktop systems. There are different security rules for desktop systems than for servers. And though malware can be written and run by moron desktop users, the SCOPE OF DAMAGE is much lower for linux desktops than for MS desktops. The fundamental difference being that the whole multi-user thing is just smoke and mirrors on MS, where it is a fundamental law of existence on linux. MS = every user is root, regardless of the so-called "permissions". And no, the "are you sure" button doesn't protect anything -- malware can click that button just as easily as a live user can. Probably easier since it doesn't take mousing around.

I always liked the "cancel" button that W95 had. Username:.... Password:.... [OK] [Cancel] -- press cancel and you're root. They eventually took away that cancel button, but that's it. Still all smoke and mirrors.

The important thing to note on Linux is that IF a user is subject to an ID-10t failure and gets a nasty bunch of malware, the sysadmin can do an easy "killall -u infectedusername; echo "12jhg08923hf98h293bnfb29083b" | passwd --stdin infectedusername; chmod 000 /home/infectedusername" -- there -- the ID-10t is properly contained.

dmyersturnbull
16th June 2010, 05:13 PM
Honestly, I think the OP read between the lines. The article said:


But at the rate Apple and Linux are climbing in popularity, their time will come. If they become prevalent enough, they will become targets, and they will be attacked.

And he's completely correct. Attacks will climb. Droidhacker and DrewP made a good point, though; attacks against servers are already prevalent.
Linux is more secure, but I think it's because of how it was designed much less than because more users see the source code. Good, secure software is designed bottom-up rather than top-down. The Windows developers cut corners because their employers demanded that their work be completed on-time. Certain components (such as the kernel) have more power than than they should. In contrast, the open source model facilitates bottom-up software. When a release is pushed back, the consequences are less severe (e.g. the developers aren't fired). More importantly, the nature of Linux distros being collections of software components written by different groups prevents cutting of corners.