Secured windows xp sp3 VS Ubuntu 9.04

Discussion in 'all things UNIX' started by ssecure, May 29, 2009.

Thread Status:
Not open for further replies.
  1. dan_maran

    dan_maran Registered Member

    Joined:
    Aug 30, 2004
    Posts:
    1,053
    Location:
    98031
    :)

    I must have missed the boat on troubleshooting in Windows being a snap?!

    If you have ever tried to figure out what a Fatal Error or BSOD is caused by in windows, do you not have to Google your way to an answer? Or is there a Wizard that asks you what, of the thousands of pieces of non-free non-open pieces of software, is installed and which one to remove such that the conflict can be resolved? I think not, but maybe one day.

    They are the same in the respect that one must put forth some sort of effort in this process or bring it to a shop/friend/coworker. Or as a last resort call MS, eek!

    I have to semi agree on the non-working items, but the problems (and solutions) I have run into are not something the everyday user has had issues with, so far as I know. UNLESS, (the BIG issue), it is a hardware compatibility issue and this is not really the fault of Linux but the company(ies) who make the code/hardware in a non-open way.
     
  2. Eice

    Eice Registered Member

    Joined:
    Jan 22, 2009
    Posts:
    1,413
    I won't claim to speak for others, but on my end I've never had BSODs from hardware drivers as long as I stick to the ones provided by my manufacturer or Windows Update. For software drivers, one simple rule applies: do not install too many driver-level programs that do the same thing (hook the same API). Multiple antiviruses, firewalls, etc are a no go. If you ever get a BSOD, Windows will offer to restore the last known working configuration for you upon reboot as well.

    TBH, Googling for BSOD errors is kind of pointless unless you know how to read memory dumps and/or understand some basic assembly. The thing to do is to usually reverse the last change you made (in Safe Mode if necesssary), which solves the problem almost all the time. Personally, the last time I saw one was 4 years ago when the hard drive on my Asus laptop failed. Most reputable programs are too well-written to cause BSODs nowadays.

    Well, at least there's someone to ask. I could just drop by the comp labs and ask any one of the techies in there, and they'd fall over themselves trying to prove how geeky they are. I don't know anyone in real life I can get Linux support from, though.
     
  3. Arup

    Arup Guest

    Folks........by this time the saner ones among us, thats the actual linux users must have realized the insane direction this and other Unix related threads head to due to one over zealot person living in his self made world of MS delusion. Any mention of Linux, open source, Ubuntu has this said person in warps and its like a personal crusade against open source in general. This said person claims to have used Linux which I highly doubt but yet he has conjectures and theories against Linux and open source in general. So far he has managed to pollute majority of Unix threads with his tirade against fictional cooked up issues which defy even the wildest fragment of imagination. I guess this man is a devout MS fan and he does a token Linux install and then decides to condemn it making up issues which are totally out of bounds. So far this person has attacked Linux, Open Office and heaven knows what other open source offerings around and that clearly shows where is bias lies. Its OK to be biased and fanboi but not at the expense of spreading FUD and thereby preventing others from discovering the alternatives.

    In the end, one must understand the futility of this situation and take necessary measures against it, in this case, countering FUD would be the best policy. If this person is allowed to keep spreading his line of diatribe against open source in general, then new users or those interested in Linux coming to this forum would be totally discouraged to even give it a try.
     
    Last edited by a moderator: May 31, 2009
  4. clansman77

    clansman77 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    234
    Location:
    kochi,kerala,india
    i manage some pcs at my workplace myself running windows.i have got about some 10-15 bsods a year and system wont boot.the offer for restoring the last known good configuration has never worked a single time.the same is with system restore.i always had to use an imaging software/reinstall...
    any restore capability microsoft offers is shitty at best in my opinion..
     
  5. clansman77

    clansman77 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    234
    Location:
    kochi,kerala,india
    i believe xpsp3 secured properly would still be worse off than ubuntu's newest and finest updated regarding the security aspect..i can bet my money on that..:thumb:
     
  6. Arup

    Arup Guest

    Absolutely right, I found system restore useless in case of infection and other issues, always preferred imaging or re-install. I have system restore turned off.
     
  7. ssecure

    ssecure Registered Member

    Joined:
    May 29, 2009
    Posts:
    23
    Ok in theory thats true, because of its design and lack of linux malware. But in practice for the average home user, how big of a difference are we talking about here if any?

    You have firewall, av, you scan for malware one in a while...you use firefox with noscript. Maybe keep windows up to date.

    But seriously with a proper security pack like eset 4 or free combination of firewall, av etc...where is the weak point? Firewall protects you from outside, av scans if you download smth stupid, noscrpit stops most web threats....

    Sure I like to keep safe and keep looking for ways to make things even safer...I just dont see where's the big vunrability in xp sp3 if you have decent protection....

    Sure linux maybe safer by design but on a scale of 1 to 100, how safer are you really? If we're talking about 1-5 or some number thats only valid for academic discussion then you could say its negligable.

    Regarding that hacking contest where after 3 days linux was the only one standing, does anyone know how the windows machine was secured? Was it only by crap windows firewall with no 3rd party security packs? I think it was vista, did they run it under the default lua?

    Thanks, again this isnt a thread to diss linux, I use both. Just provoking a discussion from a serurity point of view.
     
  8. clansman77

    clansman77 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    234
    Location:
    kochi,kerala,india
    i dont know on a scale of 1 to 100 where linux or windows stands.i will point out some thing about this with an example.i am an administrator for about 10 desktops running windows xp sp3 with antivirus windows firewall,SRP preventing any execution of programs or other files,and a custom program for managing the accounts and restrictions,and returnil free version. the users get to use the pcs on a limited account only.recently out of curiosity i disabled returnil in one of the pcs for some time.within 2 weeks my desktop crashed and i had to restore an earlier image..i am seriously considering to convert all of them to ubuntu boxes..that way i dont need to worry about maintenance.

    i consider myself an expert user in windows environment and an average user in linux environment.the time and effort needed to install and secure an xp machine is much more than the time and effort to install and secure an ubuntu box for me..

    you have asked about the average home user.for an average home user i defenitely think windows is out of question regarding security especially if that includes online banking.i believe the time you need to learn how to secure a windows xp installation solid and secure with hips and all that blah,blah is greater than the time you need to setup a linux box..the average home user i see hardly knows that their antivirus need updated defenitions.most of them are hearing the word firewall for the first time when i mention it to them.imagine telling about SRP's to them...:D
     
  9. ssecure

    ssecure Registered Member

    Joined:
    May 29, 2009
    Posts:
    23
    Guess worded it badly there lol... You're right when I first started using windows my security was awfull...Guess what I meant by "average user" was if those ppl used proper even just basic security how many of them would even get infected? Like on a % basis or smth...Definetely bad wording on my part.

    So instead of the average win user lets go with smone like me who knows a little bit about security and has few apps running.

    On another note, what would you suggest if one has to run admin account most of the time because certain applications dont work in LUA?
     
  10. Eice

    Eice Registered Member

    Joined:
    Jan 22, 2009
    Posts:
    1,413
    I don't get it. What's wrong with elevating privileges with runas? Either right-click, or create a shortcut to specifically run a program as admin.

    Failing that: SuRun. A good tutorial can be found here: http://www.dedoimedo.com/computers/surun.html
     
  11. ssecure

    ssecure Registered Member

    Joined:
    May 29, 2009
    Posts:
    23
    There's nothing wrong with it lol....i didnt know of the program, looks very good. Is it trustworthy?
     
  12. demonon

    demonon Guest

    I suggest you use Drop My Rights. It is a simple program that enables you to run any desired program in a LUA environment.
    Also Online Armor is able to run programs in a LUA, so is Sandboxie.
     
  13. Arup

    Arup Guest

    http://us.cnn.com/2009/TECH/ptech/01/16/virus.downadup/index.html

    He said his company had reverse-engineered its program, which they suspected of originating in Ukraine, and is using the call-back mechanism to monitor an exponential infection rate, despite Microsoft's issuing of a patch to fix the bug.

    http://gizmodo.com/5034839/windows-vista-pwned-by-web-exploit-that-cant-be-stopped

    Presenters at Black Hat revealed that most, if not all, of Windows Vista's security features can be taken out with a single browser exploit, using Java and .NET to execute malicious code. What really makes this a killer, is that it is based around Vista's fundamental architecture, not a specific security flaw, and can be executed with any browser vulnerability. As researcher Dino Dai Zovi told SearchSecurity, "that's completely game over."

    http://www.theregister.co.uk/2008/03/19/pwn2own_contest_returns/

    This year's Pwn2Own competition will place three brand-new, fully patched laptops side by side: a Fujitsu U810 running Vista Ultimate, a Vaio VGN-TZ37Cn running Ubuntu 7.10 and a MacBook Air running Leopard. The first person to remotely run code on each one gets to take the machine home, and is can be entered into the running for an award potentially worth $20,000 from TippingPoint, whose Zero Day Initiative pays bounties to researchers for responsibly disclosing vulnerabilities.

    All systems were fully patched, in case of Ubuntu older Gusty was used instead of Hardy or Intrepid which would have provided even more security.
    http://www.theregister.co.uk/2008/03/29/ubuntu_left_standing/

    CanSecWest A laptop running a fully patched version of Microsoft's Vista operating system was the second and final machine to fall in a hacking contest that pitted the security of Windows, OS X and Ubuntu Linux. With both a Windows and Mac machine felled, only the Linux box remained standing following the three-day competition.


    I guess this discussion should now be officially over. Hands down, Linux wins period as expected.
     
    Last edited by a moderator: May 31, 2009
  14. Eice

    Eice Registered Member

    Joined:
    Jan 22, 2009
    Posts:
    1,413
    I've had no issues with it myself, and a number of techies I know use it as well. So yes.
     
  15. dan_maran

    dan_maran Registered Member

    Joined:
    Aug 30, 2004
    Posts:
    1,053
    Location:
    98031
    @Clansman77 - We went from roughly 100 Winders boxes to 3, the rest we use Ubuntu and LTSP(<-have a look if you are seriously considering switching more than one box) any questions feel free to hit me up.

    All in all security for the "Average user" doesn't compare and I think that has been proven in this thread over and over again.
     
  16. clansman77

    clansman77 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    234
    Location:
    kochi,kerala,india
    thanks likuidkewl for the suggestions,i am planning to first convert one box and then decide upon others depending upon user response..
     
  17. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    479
    Lots of the posts seem to be stating that linux is more secure by design than windows. I think most people agree with that.

    I believe the OP was questioning whether windows could be secured well enough to make it comparable with linux. I think the answer to that is yes and I gave an example of how to achieve that early on in the thread.

    If anyone searches for posts by Rmus, you will find that in some, he explains how windows machines get infected and gives methods to stop those infections. If I recall correctly, all of the examples given by Rmus ultimately end with infections requiring the download and execution of a .exe file. If you stop the execution of the downloaded file (there are lots of different software capable of this, including SRP which is built into XP pro) the infection is thwarted.

    So, linux is safer than windows but if windows can be secured against infections why does it really matter that linux is safer by design. They have both achieved the goal.
     
    Last edited: May 31, 2009
  18. Arup

    Arup Guest

    The point here is that in Windows its a constant vigil, one slip and you are infected. So if a novice user handles your PC, he or she lets one slip by and you are done for. In case of Linux, thats simply not the case.
     
  19. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    18,278
    Location:
    New England
    More posts have been removed. I said this above:

    Discuss the technology or the products involved, but stop all the "you're trolling" - "no, you are trolling" comments.

    And, this includes comments on trolling content or about other members posting here.

    Stop it or find another forum to frequent. I've had it with this crap.
     
  20. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    479
    I'm sorry Arup but I don't agree.

    I've explained how to secure a machine, which actually is resistant to novice users (SRP using only a whitelist of allowed executables and Deep Freeze). You then come up with a hypothetical scenario to prove that the machine isn't secure.

    We can all dream up ever more fantastically clever hypothetical situations for windows or linux.

    Linux is more resistant to infection than windows, by design. I have no argument with that. Linux is safe even without third party security software. I have no argument with that.

    Can windows be made secure? Yes it can. Can we think of a thousand hypothetical ways to get around that security? Yes we can. That doesn't mean that it's not secure.
     
  21. Eice

    Eice Registered Member

    Joined:
    Jan 22, 2009
    Posts:
    1,413
    "By design"?

    I think that's one of the biggest red herrings in this whole discussion. The end goal in security is to prevent malicious code from silently running, and the fact is, it's ridiculously easy to achieve that both in Windows and Linux.

    What does "more secure by design" mean, really? Since you can easily have zero malware running on your Windows system, does that mean that you can get a negative number of malware running on Linux? Or does Linux pre-emptively counterhack the hackers trying to get you? How do you get more secure than zero malicious code running? I'd really love to hear the answer to this question.

    Assuming same precautions taken in both Windows and Linux (restricted rights account, run software only from trusted repos, stay patched, optionally run a firewall as well), you get the exact same results, and I've yet to see any of Linux's theoretical advantages make any effect in practice.
     
  22. Arup

    Arup Guest

    So far the Linux system couldnt' be hacked in the pwn2own tests whereas both Win and Mac succumbed. Linux doesn't allow executables, dll hooking etc. and thats why its very design prevents infections. I feel we are going in circles here, no matter the amount of facts presented, its just simply ignored and like a broken record, it just repeats redundantly.

    First hack a Linux sytem or show an instance where it has been and then make conjectures.
     
  23. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,065
    By default the main account in windows is administrator and is big risk. anything you run also has admin rights. vista helped solve that issue but since people find UAC annoying they are just as unsafe as they are with windows xp running as administrator.

    with linux the default account is standard user and on alot of distros you eiether cannot login as root or its harder to. you can edit config files or use tty's and start X as root but most people wont know how and the main point is it isnt needed.

    there is still software which doesnt run under standard user accounts on windows which means users use administrator accounts eiether for one application or simply use an admin account because thats the only account when it came from the company they purchased it from.
    users will just create the accounts they need and use the default options which is admin.

    there are other reasons why linux is more secure but in a new user to linux so i dont know much about it.
     
  24. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,065
    Hey Arup,

    I hope Apple finaly relise that OSX isnt unhackable and tighten it.
    Its the more unsecure BSD based OS.
     
  25. Eice

    Eice Registered Member

    Joined:
    Jan 22, 2009
    Posts:
    1,413
    XP is now eight years old and on its way out, and even then it takes 30 seconds or less to create a limited account, AND there are tools like DropMyRights, SuRun and OA Run Safer around.

    I don't know, but I think it'd be more useful to limit the scope to semi-knowledgeable users who at least know how to choose correctly on basic decisions, like whether to run as admin or not. When you introduce clueless noobs into the equation, it just kind of makes discussions about the technology itself meaningless.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.