Originally posted by: Seeruk
Originally posted by: drag
Not realy.
I can probably spend some time with nmap and find you some jack-@ss that has a Redhat 7.0 server with all services running on the internet, with no firewall, and no patches, and he probably never got spyware, hacked, or viruses either. Doesn't mean that I think that is secure.
I've been around my fair share of Windows networks too and I pretty sure that I can say that either your full of it with your 319 desktop machines, or you have the network locked down very tight with very limited access to any outside networks or programs, or you have all computer geeks working with you. In any business of any size there is always going to be one foolish person that's going to click on the email attatchment in outlook, or go to a website that has a misdirecting link and install some sort of crap on their computer
Which is sorta the point, no matter the OS it is the use of it that determines the security.
ah see now you can play nice. Don't try to troll so much.
Ultimately the Administrator is more critical, but the OS can help you or hinder you. Wouldn't it be nice to allow users to download and open attatchments in their email? After all it is designed to send attatchments.
That's one of the reasons why the people at my work can't say they are virus-free. The Win9x and W2k clients are pretty locked down, but you have to allow things like zip files through because that's the nature of the business. There isn't a way around it. With new threats it'll take a few hours for the anti-virus vendors to get the updates made and distributed, so once in a blue moon we get burned. The system, if it behaves badly, automaticly gets locked of the network though.
With linux I don't have to be worried about zip files. If I was to "lock down" linux desktops then noexec'ng home directories and /tmp would be enough to prevent people from accidently running programs or scripts.
Also I don't have to worry about what sort of websites I visit either. (not that I purposely go around and look for bad sites or whatnot). Whenever I am using IE on Windows I get the feeling that I am walking on eggshells compared to using my Linux desktop.
Also there are other aspects. Go on a Gnome desktop system and try to make a executable file hidden by a different file type. Like a bash script pretending to be a jpeg or whatnot. Mess around with file extensions and such. Then double click on it and see what happens. (hint: linux has better file type detection systems then Windows file extension methods)
The thing is at the moment that Linux helps you with a tight security definition by making users inherently limited accounts. Give it 12 months on the world's desktops and as soon as users discover they need to be logged on as root in order to access 'Terabytes of FREE porn!!!!' then all that work is undone. Fortunately at work we are in control of such users and as we tell the users... "if they wanna hand over the keys to their lives over the internet they can go do it at home"
That's definately a big part of it.
Also it's designed so that running root is actually less convienient then running under a restricted user account. All programs on linux run without having to have administrators rights and it's always been like that, more or less. Big pushes in developement revolve around eliminating any need for administration access in Linux. We are getting new subsystems and such that are eliminating the last few things that require root right access to run, like cd burning programs.
With Windows it's a big big fight to get everything working in a restricted account often. Windows home edition ships with administrator as the default user also, which is a big part of the problem and obviously a outmoded way of doing things.
With Linux updates are more comprehensive.. for instance I get my firefox browser updated, as well as the default epiphany.. and my office suite gets upgraded and a veriaty of third-party apps get updated along with everything else thru apt-get or yum. It's very rare that I have to reboot the machine an the majority of the time the update runs in the background with no need for input from me. Not only that I get all the latest versions of my applications aviable from my distro also so upgrading can be rewarding. Windows updates are more intrusive and it can interrupt work, so people are more adverse to doing it. Third party apps like firefox won't update along with the core Windows system and select Microsoft applications. The more difficult/intrusive updates are the less likely users are going to do it.
I am sure that Vista will solve many of these problems, especially making restricted accounts easier to use.
Facebook
Twitter