Comments - Does Linux really want Windows users?

#1 /* 8 months, 20 days ago */

I only chose to reply because articles like this show how little you, and people like you, really know about technology.

Linux is not a silver bullet that can and will solve every computer issue relating to hackers, exploits, and botnets; to name a few. Windows is the primary target of botnet creators simply because it has the largest userbase! A userbase that is less technically inclined than the average *nix userbase. If everyone moved to *nix you could bet there would be far more exploits in that arena to shift the tide.

Mainly because SPAM is a very very profitable business. That profit motive will keep them exploiting people's computers.

Also, remember the majority of malware that runs these botnets on people's computers got there because people INSTALLED them. Not through some random network exploit, but piggybacking on some seemingly legitimate application. Users won't become any smarter on *nix! Why not? Most people simply DO NOT CARE about computers. The majority of users are NOT geeks like us. They won't care about learning how to master a firewall and determining and application's legitimacy. If they want their smiley faces then they want them!

The sooner we start blaming users and not computers for our lapses in security the better off we will all be...

Next time do us all a favor and write an informed article.

http://www.thinkist.net

Quote Site Profile

Frazell Thomas Normal User

#2 — Author comment /* 8 months, 20 days ago */

Just imagine how friendly your inbox would be tomorrow if everybody installed Linux today.

What part of that sentence isn't true? If all the computers in the world were wiped clean, botnets get wiped out - even if only for a temporary amount of time because you're right, spam is big business and people will be writing toolbars, trojans, worms and exploits as fast as possible...

But Linux has a major advantage over Windows here: repositories.

Firstly, the average user is unlikely to go around installing from outside a truly trusted repo. Secondly apps are better protected against exploitation because they might actually get updated, again because all the update-management is handled for them by the distro and its repo. Running these apps as a user and not root might help stop serious damage too.

Yes, users are idiots regardless of platform but the default XP install (what plenty of people are still running) is just dangerous. Linux is by default a much better starting position. Blaming users won't fix anything. You can't go around to every user on the internet and slap them until they know not to install random screensaver and cursor packs.

Quote Site Profile

Oli Numero Uno

#3 /* 8 months, 19 days ago */

The problem with that statement is that the gains would be short lived, if at all.

Like I said, the problem isn't really the OS or security exploits. The problem, at its root, is users!

The majority of Malware installations occur, like I said, piggybacking on some seemingly legitimate program. If people get a pop up telling them they can install some app that will let them see smiles on their screen or have some silly fish screen saver and they want to install it no level of security by the OS will stop it. The user will get that app installed if they want it installed.

The not running as root architecture makes it safer, but not totally secure. The same can be said about the similar setup used in Windows Vista. Let me continue with the example of the user installing some random smiley pack he saw in some random banner ad. All "secure" OSs will let the application install for startup on that users login (not system wide) and the user might get a prompt related to the OS's firewall. The application will be nice enough to give the user pictures of what to click to enable the proper firewall permissions for incoming and outgoing connection while telling the user it will allow them to get updates. The user lacks the technical knowledge to know which is legitimate or what implications the changes being made will have on his system. The user also doesn't know what to check for to see if the application is operating safely.

One only has to look to Windows to see how fast and simple the best intended security measures can be undermined by users and exploit authors. With Windows XP SP2 MS hardened IE preventing ActiveX controls from running pretty much with free reign. As quickly as they did that almost every ActiveX hosting site, including legitimate and non-legitimate ones, started showing users how to do the two clicks to let their control run. None offered additional information to explain to the user when to accept and when not to. They just told the user "want to get _____ working do this". The same has spilled over to Vista with programs explaining to just hit continue for UAC. As well as just hit unblock for the Windows Firewall.

The root of good network security and the solution to our spam, and similar, problems rely heavily on users. The problem is educating those users is, imho, an impossible task. Simply because once they learn how to protect themselves from A those who profit from this stuff will move on to B and users simply don't care enough to think proactively about the connection from A to B and onward.

So, like I said previously, Linux or any other OS isn't the solution to the problem. If the user wants to install a program no OS can stop them from doing that. As well, the majority of these exploits are legitimately installed by the users! Even the majority of Viruses spread by USERS opening files directly.

http://www.thinkist.net

Quote Site Profile

Frazell Thomas Normal User

#4 — Author comment /* 8 months, 19 days ago */

I see that and there's definitely scope for users doing the same under Linux but Linux does make it easier for users to get malware-free software by way of the repos. Yes, you still need to educate users that they should only get software from the repo but as a message, that's a damned sight less blurry than how we teach Windows users about safe software ("Only use software from trusted sources" - how do they know who to trust?)

Many distros make it so much easier to define a trusted software source. With time the front ends will improve to help users find which software they need to eliminate them having to go out into the wild to ask what they need. Through this the user learns one solid way to install and maintain their software -- opposed to the fragmented software distribution model they've suffered with under Windows.

Quote Site Profile

Oli Numero Uno

#5 /* 8 months, 18 days ago */

People are stupid until proven smart - Me

No offence but people in general are stupid. We hardly think about what we are doing or consider the consequences of our actions. The only way to fix spam is through education. Personaly I think its to late for the current generations we'll have to try and teach our children now so they can grow up with less spam etc.

I my self am guilty of being stupid. I rutinly tell my wife to hit next until it says finnish. I then later whine when she installs toolbars (mysearch google yahoo live they are all annoying) and other bundled guarbage.

As for linux its obvious some distros are geared towards "freeing" windows users. Personaly I think Linux should steer clear of windows users. This goes back to my quote people are stupid. The larger the Linux userbase gets the dumber it gets. Soon the smart users will be so outnumber by stupid ones Distros will have to make changes to keep all the retards. That will make linux more like windows and less like linux and the spammers will find ways to get their bots into every linux pc owned by a stupid person.

Nate

Quote Profile

Nate Assistant Admin

#6 /* 7 months, 10 days ago */

I've worked on human factor engineering devision before and Nate is darned right! Users ARE stupid until proven smart. A smarty I've worked with ran CentOS webservers with everything wide open, no firewall, no "yum updates" no suhosin, no suExec etc etc because according to him "LINUX IS SO SECURE I CAN JUST FORGET ABOUT IT". So one day that bloody server began churning out spam mails. After running rkhunter on the box, I found 10+ rookits on the so called "impenetrable" linux box. LMAO!

And btw, I would really LOVE to see the whole world's (95%) PCs migrate over to Linux. Maybe then, will ppl start saying "Windows is secure, virus/malware written for Linux cannot run on it, Im migrating over".

Quote

Lord TCT Anonymous User

#7 /* 7 months, 23 days ago */

Hi Oli,

I'm trying to teach my friends a bit about protecting everybody and themselves from more SPAM... (don't you just love it when they forward a joke or something with your e-mail in TO or CC field, and then somebody else does it again and again...)

So I'd like to know if you could tell me the source of that pie chart showing the percentage and sources of SPAM, please...

Quote Site Profile

Dom Normal User

#8 — Author comment /* 7 months, 23 days ago */

Sure thing, Dom. Take a look at the original article, and you'll see notes about their sources.

And Nate:

As for linux its obvious some distros are geared towards "freeing" windows users. Personaly I think Linux should steer clear of windows users.

You're totally correct in your perception. There are certain distros that are completely geared at emulating the look, feel and process of Windows and I agree that that's not a healthy thing to do.

Certain things (like package managers and repos, for example) are harder to use until you know how and then they're much, much easier; and by removing the "go hunt the web for an installer" process, much more secure. We shouldn't try and adopt the one-click-install that Windows has - it's a clear path to novice users installing all sorts of malicious crap.

Quote Site Profile

Oli Numero Uno

#9 /* 7 months, 23 days ago */

Thanks Oli!

Quote Site Profile

Dom Normal User

#10 /* 6 months, 12 days ago */