Re: Woohooo! Dell + Linux
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Greg Folkert wrote:
> On Fri, 2007-04-20 at 10:55 +0200, Joe Hart wrote:
>> Johannes Wiedersich wrote:
Uh, I wrote this level, but I'm going to snip anyway, just didn't want
someone else to get the credit for writing the stupid stuff that I do. ;)
[snip]
>> Want a good comparison, take a
>> look at this:
>>
>> http://en.wikipedia.org/wiki/Virus_statistics
>
> Most Linux proof of concept virus reports and "proof" require a huge
> amount of stupidity on the part of the Linux user. The recent "iPod"
> virus proof means Linux can carry the virus but not actually be infected
> with it. It also proves that when making "Windows functionality" as part
> of Linux, it can hurt the users data just as badly as an "rm -rf
> $HOMEDIR" does when the user does it to their homedir.
>
> One of the main reasons Windows is so bad, stupidity on the part of the
> user compounded by bad systems design and authoring.
>
> I see it all the time. Best Buy sees it all the time, selling
> "rebuild/recovery" services or new machines to these people. Circuit
> City sees it all the time, selling "recovery/rebuild" services to these
> people. Dell's support center deals with it all the time, being able to
> actually charge for support once they find that machines are zombied due
> to worms or trojans or viruseseses. 97%+ of all the Windows PC problems
> can be attributed user error of trusting something or somewhere they go
> to, download or open says it does or gives them.
>
> Quite simply, Windows system design and coding allows nearly any user to
> compromise their own system without admin user rights, whether or not
> they know they have done it. But the shiny new game (loaded with tons of
> adware/spyware/keyloggers/activeX things) runs really well, until the
> next reboot when the computer falls down and starts sucking its thumb in
> response to the 8000 zombie processes running.
>
Very correct in your assessment so far.
> Summarizing this, I'd like to think that a Linux user, typically, cannot
> compromise the system they use, unless they take active steps to destroy
> it. On the other hand, Windows users, mostly, have no knowledge they are
> compromising the system they use by downloading and running/installing
> this great new GAME/Warez they got off a website or the "latest Windows
> Security Patch" through an e-mail (directly from Microsoft, don't you
> know.)
But here's where it falters. In order to install packages (for system
wide use) in Linux, one must have root privileges, which means total
access to the system. If the package that said root user installs
contains viral code, malware for a broader term, then it can infect the
system. Therefore, it is imperative that one trust the source of the
packages being installed.
Now, we in Debian can be pretty assured that no such infected packages
exist, but we cannot be positive. Users that go outside of the official
repositories to obtain packages increase their risk, especially dealing
with non-free software.
That is one reason that gpg keys have been introduced into the apt system.
Needless to say, one does need to be careful, even on a Debian system,
but the chances of being the victim of a virus or worm is dramatically
reduced by using *any* operating system not made by Microsoft,
especially well designed ones like Debian, and Linux in general.
What this has to do with Dell I don't really know, but alas, we have
done it again; change the topic in the middle of the thread. Happens
all the time.
Joe
- --
Registerd Linux user #443289 at http://counter.li.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGKSrciXBCVWpc5J4RApsSAJ9vzOMNjp4cNIKjn2YzhUealA6AcwCfRoNl
nyeQIPOS3HtiB/doQSXiKMc=
=Muj/
-----END PGP SIGNATURE-----
Reply to: