Re: Does Linux have viruses?
On Sat, 2004-12-04 at 00:52, Conrad Newton wrote:
> >From Ben Higginbottom on Friday, 2004-12-03 at 23:29:37 +0000:
> > Someone with root access to a box logged direcly
> > into it as root, and then used evolution to read their
> > emails and was infected.
> > In other words, the user screwed up.
>
> Root access is dangerous of course, but normally I would not
> blame the user for reading their e-mail!
Normally, on Linux, we DO blame the user for reading their
e-mail _as root_! Running X as root is considered questionable.
Maybe distros should do as Skolelinux does on the thin clients:
Probihit graphical root login. They you have to use "su" or
"sudo". I think sudo could me more used.
The way Linux distros always make the user create a user account
and a root account (Ubuntu Linux foregoes the root account, and
promotes sudo, BTW) is essential. The fact that it does not
provide a very easy way to make the normal user a member of an
"admin" group is also essential. That is something a user would
do, if he was offered a convenient way to do it. Instead, he is
forced to use sudo or su once in a while.
For now, this makes Linux fairly secure. Not because it
really is, but because the competition is so much worse.
I don't think this will be quite enough. Linux will gain
features that make more and more things happen "under the
hood", without user interaction. And a larger and larger
portion of the user base will be completely oblivious as to
what really goes on.
Security Enhanced Linux could lock things down so that
e.g. your mail client could not do all the dangerous stuff
you yourself are allowed to do. The problem with that is
configuration, documentation, user interface and support:
The tools are arcane, not that widely used and most Unix
people still only know how to deal with the old permission
matrix (d)|rwx|rwx|rwx. Slick and powerful KDE and GNOME
GUIs exposing all the power of SE Linux is a must; without
it SE Linux will not become the baseline.
--
Herman Robak
Reply to: