[Off Topic] Re: Linux security

Michael Richter ttmrichter at gmail.com
Fri May 5 05:42:52 UTC 2006


On 05/05/06, Jim Richardson <warlock at eskimo.com> wrote:
>
> On Fri, 2006-05-05 at 07:09 +0800, Michael T. Richter wrote:
> > On Thu, 2006-04-05 at 21:07 +0200, Alan McKinnon wrote:
> > > If Daniel's family are getting 0wned, then either there is a family
> > > member that isn't following the rules and infecting everyone else or
> > > there is a hole out there that he hasn't taken into account.
> >
> > And I suspect the former.  Whenever I hear people say "but I didn't do
> > anything hazardous" -- and I mean 100% of the time -- a bit of digging
> > finds that they practised unsafe computing.  And it often only takes
> > one moment of inattention.
> >
>
> how does a moment's inattention of a non-root/admin user, totally hose a
> box to the extent of needing a rebuild?


Well, the first thing is that because of laziness, most Windows boxes have
the users set up as adminitrators.  This is true, too, even under
environments where there are supposedly trained staff who should know
better.

My mother?  She's set up as a regular user.  She doesn't even have the
password to the administrator account readily available.  It's available in
an envelope should she find herself needing it -- like, say, when tech
support people walk her through a procedure but she has never used it except
under tightly-controlled circumstances.  My wife, similarly, has a user
account, not an administrator account.  And for the same reasons.  She
practices much more careless computing than I like to see (for starters she
still downloads ActiveX controls from the annoying Chinese websites that put
everything into plug-ins) but she still hasn't been hit by any malware.

There is only user ignorance and administration laziness to blame for a
Windows box that's not locked down.  Are you logging in as an administrator
for day-to-day tasks?  Then you're the reason you're getting hit with
malware.  Do the same thing under UNIX systems (and people do this!) then
make the following typo blunder:

cd /
<enter a string of commands here and, in the process, forget where you are>
rm -fR * .old

What was that about "sane defaults" and "graceful error recovery" that
someone else was blathering on about again?  There's not so much as a "are
you sure you want to kill your system?"-style error message there.  The
"sane default" is to trash your whole file system.  From a moment's
inattention.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20060505/3e0aad38/attachment.html>


More information about the ubuntu-users mailing list