Ubuntu security - spyware, viruses, cache cleaning, etc.

Al Gordon runlevel7 at gmail.com
Thu Nov 17 04:46:11 UTC 2005


On 11/16/05, 'Forum Post <ulist at gs1.ubuntuforums.org> wrote:
> I manage around 60+ XP desktops at work.  I'm the PC support guy.
> Thanks to Windows problems, I have a job:) I've recently switched to
> Breezy at home and I love it.  I constantly have to deal with users
> spyware issues at work.  I can only dream of a world where spyware
> doesn't exist.  Although I'm sure if most people used Linux then
> spyware would be developed to hack their systems but I agree that it
> would be fixed a whole hell of a lot quicker.

Nothing personal, but the "not enough people run Linux to make it
worth trying to hack" thing bugs me.  The way I see it is something
like this (bear with my poor anology, please): Scenario: You live in a
neighborhood where almost everyone rides a bike (Windows), and some
jerk neighbor throws rocks (malware/viruses) at the riders' heads. 
You, on the other hand, drive a tank (Linux/Unix).  He throws rocks at
you all day long, to no effect.  Now, if everyone in the neighborhood
started driving tanks, rocks become ineffective.  The attacker would
need to escalate to real weapons.  Since he's just a malicious jerk
who throws rocks for a hobby, and not a small government, he can't
afford things like landmines and rocket launchers.  (ie. most malware
that knocks out Windows is script kiddie crap.)

Back to the real world: The reason that Linux is perceived as being
more secure is because of the "secure by default" configuration of
most linux distros, not because there are less people trying to attack
it.  It's possible for the user to make the average PC running Linux
less secure than a modern Windows box (2k, XP and up), and a much more
attractive target for someone who wants to control other peoples' PCs.
 Really, it's easy: Install telnet and set the root password to
something stupid, like "password".  While you're at it, do like some
people occasionally claim is a good idea, and run X and all of your
apps as root.  :P

Microsoft is supposedly implementing the Principle of Least Privilege
in their next release of Windows.  Good for them!  The *nix world has
only been doing this for, well, since there's been Unix.  My guess is
that most Windows users who switch to the new OS will find ways to
disable this functionality, much like running Linux as root for daily
tasks.

There *are* serious threats out there for Linux right now.  Subscribe
to a security mailing list or two, and you'll see.  Linux servers
running just about any PHP app are fun to attack, it seems.  :P

Good security practices, regardless of your platform, are what will
help the most.  Well, unless you're still running Win9x, then there's
no hope. ;)

--

  -- AL --




More information about the ubuntu-users mailing list