On 21/05/05 20:46 +0530, Rony Bill wrote:
sherlock@vsnl.com wrote:
Windose users are actually abetting criminals indirectly. And Installers particularly those on this list are doing so directly by installing the stuff after being fully aware of the problems. And the banks and financial institutions all running windose. We are lucky cause the value of the rupee is 1/47 of the dollar so for the same effort the criminal earns 47 times more targeting US and Eur.
As I happen to still use windows and advise customers to buy Win XP to get regular updates and updates for the updates, I am splitting my reply in parts.
First, Linux is not 100% compatible with top results, to all the common hardware that goes into a new system, including internal modems, dot matrix printers, scanners, cell phones etc.
Name non crappy hardware that does not work with Linux. I can think of higher end digital cameras, but Linux simply does not have applications yet which can work to the quality that the photographers using them want.
Second, many internet based services including service providers and websites are optimised for Windows and Internet Explorer.
Which is _totally_ irrelevant. In fact, users need to complain about such things.
Third, security issues need knowledge and understanding of the internet and its problems. A windows user with the proper knowledge of the same is as safe and secure as a linux user. My personal experience is that
Do you have any idea of how hard it is to gain that depth of knowledge in Windows?
there are much more graphical softwares and utilities for windows that help the user to not only be more secure but even keep track of the net
Graphical interfaces are a minor feature in security. Really :).
activity without too much indepth knowledge of the OS, as would be required in Linux and one drawback of linux is that many security softwares work in root mode only, therefore they require the user to
Uhm, how do you call that a drawback? An administrative account is needed to change security policies and permissions. This is a good thing. If you are in the habit of working as a non root user, then any attacker who can compromise your account does not have the ability to damage your system.
know the root password. Maybe I am not aware of doing the same in user mode without root password. Even kppp does not work in user mode without gksu --> root passwd.
kppp brings up a logical interface, ppp0. This requires root privileges. For that, I would setup sudo.
Fourth, I know a Windows user who has accidently used his OS ('98) without any antivirus loaded for more than a week and he has been doing online trading on a cable internet. When the av was loaded, no viruses were found. I know another '98 user whose machine is an old Pentium 233 and his antivirus had expired a few years ago. He uses his system everyday to make calls to his children in the US. He had no viruses. Net security depends a lot on what sites the user surfs and what security levels are set in his browser. A good firewall and live anti-spyware does a great job in windows for unwanted attacks. The 'HOSTS' file also plays a crucial role in blocking known bad sites.
I would rather not use Internet Explorer. There are too many exploits out there. Securing a Windows system is really hard. Far, far harder than securing a Unix system. O'Reilly has a book named 'Securing Windows NT/2000 servers for the Internet'. I recommend that you read it, and also the NSA guidelines for securing Win32.
Citing a couple of anecdotes in favour of Windows users not being affected does not help :). I would just point out that the CBL, which primarily lists compromised systems lists over a million addresses, almost all of which are Windows systems (IIRC, about 4 Linux systems running Pagini's anti-spam killer software with callbacks enabled were listed). If you want hard numbers, I could ask the people running the cbl for information.
Some questions:
Why are viruses and trojans not created for linux? When linux overtakes windows in client machines, will there be a possibility of viruses and trojans being created for linux too?
It is possible to create viruses and trojans for any operating system. However, compromising Linux systems the way Windows default installations can be compromised is a lot harder. The biggest security risk that applies to Unix system is bad passwords. This does not figure anywhere in the Windows top 10 risks (See sans.org).
If a linux user surfs the net without a firewall and with java scripting active in his browser, will his system be prone to hacking attempts and key logging/password grabbing?
Unless you are running a very old version of your browser, no.
Lets look at the issue in a practical way rather than randomly curse all windows users/installers. The OS is selected by the user. The installer has to follow market forces.
Actually, in most cases, the user follows the recommendations of the hardware vendor. Hardware vendors recommend Windows because that is what they know to install, and you have a decent chance of getting hardware working with Windows.
On the other hand, if they were to tell people that winmodems are bad (software modems are bad, regardless of OS support) and just buying better hardware will save them more money in the long run, they might find it a lot easier to support Linux.
Devdas Bhagat