Secured windows xp sp3 VS Ubuntu 9.04

The very aspect that makes Win easy to use also makes it ductile to getting infected.

 

Privilege elevation in XP is a pain. You have to switch users and log back in. With Linux you just type in the root password. But again, as I said, Windows doesn't have a SUID or GUID bit or anything equivalent to that (from what i can tell). Under Linux a program can run with root privileges even when running from a user account. You do not have to switch users to do this.

For instance, on XP I cannot even get my motherboard monitoring software to run with a LUA -- it won't run because the LUA won't allow it low-level access. It throws an error on bootup and exits. The same goes for my VOIP phone. If there was a way (on XP HOME) to adjust individual permissions on individual processes and files, that would be nice. I haven't found a way and I am not excited about installing third party hacks and patches.

Is that XP Pro? I have XP Home here. I have looked and have found no way to adjust access controls outside of the "admin" or "limited user" account roles. The LUA is too restrictive and the admin account is obviously too permissive.

Sorry, but you are the one uninformed. Nothing I have said is "theory" or supposition. It is a fact. The XP DAC model is nowhere near as powerful as Unix/Linux/OSX. XP has no MAC built into the kernel. Linux has two. XP has no kernel level firewall (not going to count the "Windows firewall" because it is utterly useless). Linux has an industry standard firewall built into the kernel. XP doesn't have package repositories. Every Linux distro does. Windows security updates are administered once a month. Linux distros administer them usually within hours after a patch is written. Windows XP has some pretty major security vulns that were never fixed because M$ said it would require too much modification to the kernel. I am not aware of any known critical security vulns that are unpatched in Linux (this is especially true of kernel vulns).

You can read the link I posted for a thorough repudiation of your "Linux has no market-share and that's why there's no malware" argument. Please, read it and then post your rebuttal here. There isn't much of a way to argue with the author's premise or his facts. Many have tried and they fail.

 

Till now not a single program has had issues running under user account in Linux, in Win, for basic burning, hardware monitoring, you need to give it priviledges. This is not the case with Linux, only when installing do I need to do SUDO or for making system folder or file changes, every program thats installed runs without SUDO here. Keep spreading FUD.

I guess being a sheep and accepting the LORD which in this case is M$ seems to be the only viable option, offer an alternative and all sorts of creepy crawlers come out of the rock.

 

I'm not sure what's the problem. Is right-clicking on the program and choosing "Run As" not working for you? Either that, you can create a shortcut that tells runas to run a specified program as administrator.

Failing that, install SuRun. XP's user account management isn't ideal compared to Vista/Linux, but it's perfectly possible to get Vista- and Linux-style privilege elevation prompts as XP. It just depends on whether you want to do it or not.

Available on both versions of XP; however, on XP Home (which I use as well), you need to login to the hidden default Administrator account to access those options. XP Pro supposedly allows you to set those options from any admin account.

What you have said about Linux security functions may be facts. That malware propagation in Linux doesn't depend on market share, however, is nothing but a fancy fairy tale.

I haven't seen anything in there that hasn't been debunked before. Properly used, any modern OS today is pretty much invulnerable to malware, and that includes Windows. But when every idiot in the world is using your software, then it becomes a different story altogether. The author himself admits that "you can be hit at all only by being really dumb" - this (stupid users) is what Microsoft has had to deal with for more than a decade, and something that Apple and Mozilla are finding out the hard way after building their reputation for security by bashing Microsoft.

 

Eice,

I don't like getting into religious wars over OS's when there are many more important things to get mad about in the world.

So, let's just agree that all OS's can improve in the security dept. and, yes, M$ has improved a lot with Vista and Win 7 (by essentially copying the Unix model). But I am a Linux fanboy, so this should come as no surprise that I prefer Linux.

 

You can lock down XP six ways from Sunday, then give it to a teenager to use for a week and it will be infected. Give that same teenager a Linux only computer and there will be no problems.

 

No harm done; and as for calling yourself a fanboy, let's just say I've seen much worse idiots.

 

Eice, I won't bother with a point by point response to your above reply to mine, seems mostly like a waste of time to me to be arguing about all this. I'll just say "to each his own" and add that Linux and Ubuntu for example, can be set up and configured with just as much ease as Win nowadays. I have done it with both countless times. It's ok to prefer one over the other, most of us do, but let's not say one is easier than the other, as I think you'd get arguments all week on that. I still do think Linux is inherently more secure than Win for most purposes. I think the OPs original statement in post 1 was this: "Hi everyone. I'm curious as to whether a properly secured win xp sp3 system would be still worse off then ubuntu's newest and finest." And my answer to that would have to be "Yes".

 

Any day an out of box Linux installation is way more securer than any Windows instlallation, 2008, 2003 and 7 included, no second arguments about that, MS goon idiot rants notwithstanding.

 

The exact point I made at the beginning of this thread.

Despite the strenuous assertions of its proponents, the "Linux is safer" claim so far as been rather vague when it's perfectly possible to secure an XP machine to a very high degree. Linux is an attractive alternative with its own benefits, but if one looks solely from the security POV, whatever technical advantages Linux may offer on paper simply isn't worth the time spent relearning everything else.

 

I'll agree that configuring Linux into a basic, usable state is easy. The thing is that, in my experience, Linux almost always tends to throw up errors and quirks here and there. About a month ago I had to bring another one of my friend's sister's Toshiba laptop back home over the weekend for repairs; just for fun I tried to load Ubuntu on it, which refused to so much as boot, throwing up a "softreset failed, device not ready" error. And fixing those problems, using voodoo commands at the Terminal and inserting gibberish into various config files, is NOT easy.

I really, really wish I could have those dream experiences that people here keep talking about, but so far it hasn't happened. I tried Ubuntu once on my mother's Compaq laptop when she visited, Ubuntu Intrepid refused to detect the wireless card. And on my own end, while Ubuntu generally works, ironing out the miscellaneous problems was neither fun nor easy. Are the majority of Linux installs really trouble-free? I wouldn't know, but so far my limited experience indicates otherwise.

But if you don't care about stuff like no sound from your speakers, or lousy video FPS from proprietary GPU drivers (it's either that or no 3D acceleration at all), or ACPI not working, or shitty font rendering for foreign scripts, then yes, Linux is easy to use.

 

So in other words, follow other sheep, no need to find out an alternative albeit superior choice, that too free. The very design on Windows prevents itself from being watertight even when all the necessary security measures have been taken. Every year there is a onslaught of malware that wreaks havoc in Win world sending everyone in paranoia and scurrying for layers of security apps. Conflicker was a prime example. Linux is not for everyone but then that don't mean one should be dissuaded from giving it a try just because the other didn't have the dexterity to install it.

Of course there is an alternate paid costly choice of a OS with holes more than a good swiss, BSOD, unstable, drivers causing greif and best of all, slow down after month of use and then re-install. Then after install, you have to defragment it regularly, keep a track on the virus updates, check out new HIPS, maybe get a nice BSOD once in a while, all fair game.

 

Well..... lemme put it this way. All things considered, I think the person who runs a Linux box has less chance of ever getting bitten by malware than the person running any flavor of Win. That's how I see it.

I personally like both. I happen to run Win now, but there are advantages to both, and no reason why one has to insist that either is superior to the other. We all run what we like for a variety of reasons, not just security.

 

I agree, if only for the fact that Linux malware is more or less non-existent. But the thing is, it's just easier to learn to avoid malware in Windows than going to Linux. Besides, you'll need to brush up on basic security practices even if you do switch, it's not like Linux is going to afford you the luxury of running amok and downloading software from questionable sources without a care in the world (or maybe it might for the time being, but it's not something I'm willing to try).

Again, I agree. I was just discussing the issue from a security standpoint.

 

I can tell you right now that if you step outside the Windows world and ACTUALLY document all the steps you need to take with setting up a windows box you will be surprised at how long it takes(installing specific drivers etc.).

Your issue is that you are USED to setting up Windows boxes and not Linux boxes. I can tell you that installing Ubuntu/OpenSuse/Fedora on my Thinkpad is simple(plus the other 100 or so I do at work sure some old dells suck but hey they are ancient), I have to set some preferences and connect to a wireless network, LOOK OUT!
My Gig network controller works, wifi works and oh yeah I don't have to press F6 to load a SATA driver from a floppy disk on installation or install 2 different programs to get Windows to work with ACPI correctly. No installing hotfixes for OSD hotkey combos and if I flip the wireless off switch on my notebook Ubuntu/OpenSuse/Fedora know what happened and will not try to keep using a dead connection.

Most Wireless cards, if you research, are not opensource. They violate the openness of Linux's very core, hence the lack of inclusion in most distro's. Broadcom is a PERFECT example(although the BSD guys made some serious headway in this respect)

So with what you are saying, you install Windows 'as is' from the install cd (don't mind that SATA AHCI driver btw) you have no issues doing anything at all, everything is configured and setup for you. As in your graphics/sound/internet etc.

EDIT:
Also if you are not willing to learn then stick to Windows and supply Bill and the good folks @ MS with your money, hell someone does he sure as hell is not getting mine.(This is general and not at any one windows user )

 

I doubt I'll be, because I do agree - it takes longer. Vista (and especially XP) recognize less hardware OOTB than most Linux distros I've tried. On my Compaq Presario I need 3 extra drivers if installing Vista, for Linux all I need is the proprietary ATI driver, and in PCLinuxOS's case a copy of XP drivers for my wireless for ndiswrapper.

But that wasn't my point. In Windows things are (slightly) more tedious, but they're easy, and troubleshooting (in most cases) is a snap. In Linux if things go wrong you're basically resigned to invest hours, if not days or weeks, Googling for a solution, and in the end all that time might very well end up wasted because there's simply no solution. Number of steps is not proportional to difficulty. In Windows it's click click click finish, in Linux it's sudo a script file, run some commands at the Terminal, and finally edit a config file to put in the proper screen resolution. Want to update your drivers? Repeat those steps in reverse before installing the new version, while Windows just automatically overwrites the old drivers and settings for you. In Windows if things go wrong there's half a dozen wizards at your disposal, and Windows Update for a wide range of drivers and automatic fixes. In Linux... have fun Googling, trying solutions, rinse and repeat when they don't work, and sometimes end up having to Google from another machine because whatever indecipherable voodoo you saved into xorg.conf just FUBARed your computer upon reboot.

 

Peter,

I fully understand your software constraints and my posts was not directed at you, but the superior choice was in reference to security and in that aspect, Linux rules, like it or not.

 

The advantage of these config files is that Linux has no registry to clean out, and no registry to slow down the computer over time. XP for me has just about always required a fresh reinstall after a few months, while I've never seen a Linux box need reinstalling due to performance issues. I'm not sure what MS was thinking when they invented the registry. It is one of the worst ideas to ever come out of Redmond.

And another positive, for me, is there is no need to defrag the disk. The ext family of file systems do not fragment to the extent the outdated NTFS does. And what fragmentation does occur, the file system automatically corrects itself without user intervention.

 

Just click this link and ask Bruno in the ATL forum. 99 out of 100 he'll give you the answer. The only time I've ever run into "no solution" is when a distro first comes out and all of the bugs haven't been sorted out. That's why I don't run new distros on production machines. I first test them in a Vbox session, then on a test machine. Only after a period of time watching the community forums for the pertinent problems to be solved, will I put it to real work.

 

does anyone know if the package management system with debian based distros such as ubuntu contain any update rollback features?
for example in fedora awhile back after the network manager update and a reboot (wanted to use other OS in dualboot) wireless no longer worked. the only rolllback solution was to download all the older network manager packages from somewhere and then find out the sytax for the commandline to force the rollback. very unfriendly.
if i had that problem with windows I would simply go to device manager and rollback driver and it would work again.

one of the genrally greatpoints about linux is that once its setup you can get all updates from one place the package manager. the user doesnt have to worry about updating every software manually and pretty much all hardware is included in the linux kernal unless the company provide a restricted license for example broadcom.

I could setup debian Lenny and set the updates to stable and i could give it to a friend and they could have an OS that just works.

 

Hey Eice,
See my post below about linux and rollback and hopfully someone can answer it for me.

As for Xorg.conf every release less and less configaration is needed.
if you follow a decent guide it will tell you the command on how to backup your current Xorg.conf file.
if X fails to start after you alter the file all you do is delete Xorg.conf using one of the tty's using Ctrl,alt and an F key

then you simply restore the old Xorg.conf file and try again until it works.
I do wish it would automatically backup the config file and restore it if the new file doesnt work. would be a good idea.

As long as you use the sources for your distro you should only have to do it once. after that all the updates will come via package manager and sort itself out.

Once major companies such as dell and HP start shipping more and more machines with linux all the configation will be done for the user. they may not be able to install some drivers but im sure they can cxreate a script that does it for the user and all the user does is double click on it and provide the root password.

It may take a little more time to setup than windows does but once its setup all the updates are got from one place (package manager) and you have a reliable system that canwork without any crashes for years.