Secured windows xp sp3 VS Ubuntu 9.04

Apple has been caught napping, their main crux has been selling to their loyalists under pretense of being the safer alternate, initially they would harp their RISC based CPU as well as the choice of DTP software, all those have been now negated when they switched to Intel CPU. Adobe now makes all their Apple stuff available on Windows. So instead of constantly developing their product in terms of security, they have rather concentrated on marketing their ipod etc. They have also actively threatned previous security researchers in past for exposing apple vulnerabilities but it has all changed now. Hope they are seriously taking heed to all this.

 

there is plently of what you call "clueless noobs" people dont think when they click they just type in name of account and click ok and ok.
as i said people turn off UAC on vista and still use admin accounts all the time. it will be interesting if users get annoyed by Sudo on linux and want to run at root?. i do find it strange you get a sudo prompt to check for updates (debian and ubuntu at least) maybe someone can explain that.

upping rights on xp is a pain in the ass thats why i prefer vista at least for 99percent of the time i can use standard user account and switch to admin account for a short amount of time for a few apps that dont update properly using a standard user account.
no one should have to use thirdparty apps for something the OS should sort out itself.
the reason UAC on vista was so nagging at first was to make devolopers make there apps work under standard user accounts.

 

You shouldn't get that unless you run it manually.
The update notifier, which runs daily, in Ubuntu(Debian?) should do that for you.
You should only need to supply it when installing the updates.
You can also go to the Software Sources and set it to install Security updates automatically.

 

If you really want to go there - try letting those clueness noobs sort out Linux by themselves, and see how far they get.

BTW, I don't remember seeing sudo prompts in Ubuntu when checking for software updates, only when I actually want to install those updates.

 

the updates question has been sorted. i always run it manually so thats why i get a prompt to check for updates.
You wouldnt get a noob to sort out linux themselfs. the adverage Joe hasnt even installed windows from scratch so good luck getting them to install linux from scratch.
once linux is installed and setup all the user needs to know is how to install updates which is so easy.

 

No clueless noob is going to sort anything out, Win or Linux. But give a clueless noob a Linux PC already set up, and he/she will be safer and less apt to get sniped by malware.

 

While I agree with those statements, it's only due to Linux's insignificant market share and lack of interest in targeting it on the part of malware authors. I'll admit I haven't seen sleazy sites offering screensavers, mobile phone ringtones, free games, rogue antimalware etc. targeted at Linux, but that has nothing to do with any of Linux's inherent qualities. If the market situation were reversed, Linux and Microsoft are going to find themselves in each other's security position as well. You'll find those same noobs sudoing everything the way they do in Windows just so they can install that cool animated mouse cursor.

Which gives me an interesting thought: what about Macs? I've zero experience with the Apple, but I've seen some definitely not very knowledgeable people (girls, no less) using them without too much trouble.

 

Now that's comedy!

 

that is not going to happen because of the inherent better security model of linux,and if we starts hypothecating on things like that conversely we can hypothecate that there will be disappearance of the CLI,plethora of proprietary apps, and other things which you consider as the disadvantages of linux dissappearing and essentially linux becoming a clone of windows..

 

Here is where you are wrong. They love to have Linux boxes, this is where they can setup shop. I haven't counted recently but we average about 30 attempts (remote logins over ssh) per day per forward facing server. So I wouldn't say they don't care it is just a different attack vector.

So why not educate the masses? Take a proactive approach. Do everyone a favor.
I am sure once this becomes the norm more safeguards will be put in place.

Oh no not GIRLS!!
That was really sexist btw. I don't know if you are 13 or just like to act like it, but I do think that little quip was over the top.
Some of the smartest outside the box thinkers I know are women. And if it wasn't for women you would not be here!

Thanks Mom!

 

My last post here so I will make it brief. Don't know if it will survive or not.

In the Pwn2Own contest an older Ubuntu 7.10 withstood all attacks by hackers for three continuous days, so in an even playing field, Linux proved itself time and again and yet we have a blatant argumentative baseless illogical assertions repeating itself like a broken record over and over again to the point of nausea.

The fact that Linux is used in overwhelming majority of servers and mainframes goes beyond the gray matter of this person. The flawed logic in this person just can't perceive that hacking the enterprise sever market is a far more profitable scenario for hackers rather than taking an average Joe's credit card number for some spare change from his bank. Unix by design and implementation is superior and unless MS takes that path in the future, it will remain vulnerable.

Goodbye all.

 

Correct. M$ is already taking that path with Vista and Win7, but the question is how many people will take advantage of UAC? Most people turn it off. I even see a lot of knowledgeable Windows users say "I know how to run my PC, I don't need to stinking UAC." Those people are wrong and usually have no clue as to why they're wrong.

 

I suppose people here don't really keep up with developments in the malware field. I'm not talking about ssh remote logins; There're script kiddies who'll mass-portscan you and try SQL injections all day long no matter what OS you use trying to find a vulnerable machine; I once took my firewall off for the heck of it and someone from Taiwan tried 3000 times to hit me with Sasser (!!). What I'm talking about is the professional malware industry that specifically targets Windows users: fake popups designed to look like Windows alerts, exploits written specifically to target old versions of IE, Acrobat, WMP etc, and other tricks.

I'm all for that. Which was also my point: just switching clueless noobs to Linux and thinking everything'll be fine from that point onwards is wrong. The biggest problem for any system exists between the keyboard and the chair, and Linux is no different.

Well, I didn't mean it as a sexist comment (I take it back if it was), it was more of a general observation. ~~snip~~ Like all generalizations there's exceptions, of course. Sorry if I offended anyone.

 

Eice, you know better than this! One of the aspects of Linux that keeps this sort of situation from occurring is the package managers. The user doesn't need to install anything from outside the repos. Secondly, malware authors would have a hard time targeting Linux due to its diversity. What are they going to do? Make a .Deb binary, 3 different .rpms, an Ebuild, and also offer source code too?

As for viruses that spread through e-mail or web browsers and the like, I have already covered why this is extremely difficult to do on Linux.

 

There are also "software repos" for Windows as well: download sites like Download.com, Softpedia and Majorgeeks. They don't force you to do things like sudo aptitude dist-upgrade just to update your office suite or serve software that're months out of date, but it still doesn't matter; noobs don't use them. Besides, it isn't just the lure of free screensavers or some such, there's a million ways to trick noobs into clicking on things.

I have something much simpler in mind: use a script to determine which version of Linux is running, and download the correct trojan. I don't doubt the malware guys can come up with better, if they wanted to. Besides, if Linux were to move mainstream, some sort of unification is necessary instead of the present state of anarchy, and then you just target the most popular distro. Simple.

 

If it's so easy, then prove it. Write one and I'll give you my ip address and you can try to hack me. Guess what? You won't succeed.

 

I actually like this being the best aspect of Linux.
There is no one who forces you to choose anything and the choice is al yours,
but that is how it is currently with Linux.
And I ask you to disprove that Linux is superior security wise, and I haven't seen a valid argument yet.

 

Read what the expert has to say about this. Unlike .bat files, scripts won't execute just by clicking them. You have to use the "sh" command to execute a script and that requires root privileges. IOW, it can't be done.

 

Odd, how did you get off my ignore list? Oh well.

Whoever said anything about embedded scripts in emails? Have you ever seen what trojan spam looks like? Take Waledac for example: you've received a Valentine e-card! Obama assassinated! Or some similar ****. Click here to view, the e-mail says. And of course, once you click on the link, the site you get taken to tells you that you need to download the news article or e-card to view it, and we all know what happens from that point onwards.

 

You must be missing the point. I'm not here to put Linux down. All I'm saying is that in the hands of an experienced user they're equally secure, and in the hands of clueless noobs they're equally vulnerable. That's all, nothing about how it's less secure Windows at all. The ignore feature has been wonderfully effective in removing the pollution from this thread, but judging from the repeated moderator warnings here I realize that there have been quite a few fanboys trying to whip up sentiments and get the last word in about how superior their choice is. Let's just say that I'm not one of them, nor am I interested in that brand of rabble-rousing.

 

Awh gee! What will they think of next? I've never heard of such a thing! Not!!!!

But you can't do that in Linux because Linux won't execute the download. You could even download a binary file. It still won't execute. Even if you are dumb enough to install the malware as a browser plugin, it won't have root privileges. And very few Linux users would be foolish enough to install a plugin that way.

In a nutshell, you are talking nonsense. As usual. Give us one example, just one, of this ever having happened. I can guarantee that if it was possible the M$ fanboys would be plastering the fact all over the front page of every newspaper in the country and it would be headline news on CBS, ABC, NBC, CNN and MSNBC.