[plug] security of linux desktops re mail viri

Anthony Jones ajones at clear.net.nz
Wed Dec 12 14:23:22 WST 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> > You are assuming here that you don't have a choice.  It's easy for a
> > Windoze user to think that you can't choose what applications you run. 
> > There are so many mail clients available for Linux and **most** of them
> > are pretty secure. Lets not forget that 95% of people who use Windows all
> > use the same mail client.  If you find a security flaw in Pine mail
> > reader it is only going to affect a small proportion of Linux users.
>
> Agreed. There's a reason I use mutt :-)
> However, we all know the scary "power of the default" as demonstrated on
> windows. You _can_ choose (ok, sometimes) but how many users _do_?

Linux (at least Debian) doesn't really have the same "power of the default". 
I do agree that most people don't choose. However on Linux you get different 
advice off different people. I use Pine and Kmail for mail clients. I use 
Pine because I've always used pine and it has gpg support. I use Kmail 
because it's simple and it has gpg support.

(I don't recomment using Pine because it's non-free... it's just so good I 
can't quit the habbit)

My girlfriend uses Mozilla because she doesn't use gpg and it gives her 
strong integration with the Mozilla browser.  If there is an email virus 
targeted at her it still probably won't affect me even if it gets my email 
address from her address list.

There just aren't as many bugs in open source (particularly community 
developed) software. (If you've read the Cathedral and the Bazaar then you'll 
understand why I think this is true 
http://tuxedo.org/~esr/writings/cathedral-bazaar/).

There are good and bad Linux distributions of course some have better 
security policies than others.

> Sure. However, email viri in particular can spread like wildfire, and an
> available bugfix / security patch is no good until applied.
> Linux also has the advantage of package management (well, most
> distros do) and now that the rpm based distros are getting auto-update
> features like apt, things are looking up for the systems actually being
> kept up-to-date.

Yes but you can subscribe to the debian security announcement mailing list. 
Is there a Win-doze security announcement mailing list?

> Except that the people installing Red Hat on their desktops will _never_
> run up2date, makdrake users won't use mandrake update, etc. Hell, even
> windows can auto-update but nobody uses it, if they did the outlook
> virus problems would be smaller than they are.

I tried Windows Update feature - it didn't actually do anything useful. I 
think it's just a decoration.

> So in the end we face a similar problem to MS in that regard - how to
> get the users to F**ING APPLY THE PATCHES!!!

You are still better if you don't start with a lemon.

> However, what about home desktops? Anywhere, in fact, without a security
> concious sysadmin? And would _you_ use a system where you had to log-out
> and log-in to change from mail to other work, or perhaps even just had
> to switch to a different X server on another VC?

If course I wouldn't log out. I would use 'sudo' to change to the appropriate 
user and attach this up to the menus so that it was seamless. You're clearly 
thinking like a Win-doze user "Must log out to change user id", "Must be in 
front of the machine to be running things on it", "The people who make my OS 
don't care about security so I won't either".

In fact I don't know why this isn't the default behaviour. Perhaps I should 
suggest that to the Mozilla package maintainers.

> But you don't need to be root to nuke all that user's data. There should
> be backups, of course, but they'll be a day old or so and if its a home
> system you _know_ there won't be any at all.

Of course there are backups - CVS the planet.

> It is much harder for a virus on linux to nuke the system. Nigh
> impossible, in fact, without an exploit of an suid tool (pretty sysadmin
> tools for desktops come to mind) or tricking the user into entering the
> root password, which is easy - if they have it. Which, on a desktop for
> home use, they do.

All you need to do is:

alias su=~/.steal_password_script

And next time they try to 'su' it will snaffle the password and they'd be 
none the wiser. This is another reason why stupid users shouldn't be given 
the root password.

> I'm not talking about _now_. I don't see viri as a problem for linux
> yet.
> But if / when adopted widely, esp. for stand-alone systems without
> dedicated sysadmins, that's what I'm concerned about.

The way I look at it is that running Linux is like installing a lock in your 
front door. Running Windows is like writing a sign "do not enter" on your 
front door. Neither helps if you just leave the door wide open.

Linux does have built in user accounts. This means that if dad doesn't give 
Timmy the root password then Timmy probably won't bugger up dad's machine or 
interfere with dad's work.

Win-doze *in general* does not offer this kind of protection. Of course this 
is not why I don't use Win-doze. I don't use Win-doze because Linux is simply 
much easier to use.

As far as I can tell Win-doze is grappling to compete (technically) with 
Linux and is falling flat on its face because their whole business model is 
not set up to produce software to a high enough standard.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8FvfahwVaoilFPn0RAjw/AJ9ucPNYBdviUUVCl7snicRFHlhATQCcDuUd
FUzIDQB/qcY6lKg4xYFDLEg=
=6W+D
-----END PGP SIGNATURE-----



More information about the plug mailing list