Re: OT - Desktop Linux

Thank you both for your replies, pauls2272 and Sports Fan.

Hope you don't mind a few questions. Not trying to be contentious
or anything -- just trying to get a handle on Windows vs. Linux.


Sports Fan wrote:

pauls2272@xxxxxxxxx wrote:

L.A. Purple wrote:

Anyone here using Linux on a desktop or laptop computer?

I've got both windows and linux boxes.

Same here,

What distributions are you both using, and what was it about Linux that
made you both decide to try it out and install it on your computer(s)?


plus I administer several Linux and Solaris servers.

That would seem to qualify one as being quite knowledgeable in Linux.


Keep reading all kinds of pros and cons about Linux being a more
secure OS.

It is only more secure because hackers don't tend to write attacks
against it because the installed base is a tiny fraction of windows.

Correct.
Popularity and wide usage are among the reasons.

Well, there's certainly no denying that Windows has a monopoly on the
desktop operating system, and that Linux is a tiny minority. However,
doesn't system architecture also have some bearing on system security?

For example, some claim that Linux is more secure by design due to its
"modular" architecture, whereas Windows is said to be inherently less
secure due to its "monolithic" design -- in other words, everything in
Windows is all smushed together in a tightly integrated package which
renders the whole system vulnerable if one part becomes compromised.
http://www.theregister.co.uk/security/security_report_windows_vs_linux/

Is there any truth to that?


If you want a really secure OS run Amigados like my brother does (on a
really old Amiga). There isn't a virus/trojan out there written for
Amigados.

Incorrect.
I am an long time Amiga user, and I can assure you that there are loads
of them.

Okay, so no operating system is absolutely perfect or completely secure.

But are there any desktop operating systems out there which enjoy a dis-
tinct advantage in "security" over other desktop operating systems? Or
are all desktop operating systems pretty much the same in that regard?

What about some of the other open source operating systems -- or Macs?
For example, on its website, one operating system called OpenBSD boasts:

"Only one remote hole in the default install, in more than 8 years!"
http://www.openbsd.org/

*IF* that's true, then how can Windows even compare with such a record?


There is no such thing as secure OS.

Okay, got that. But are some inherently more "secure" than others?


When it comes to security, Linux is as bad as Windows, and both are as
"secure" as any OS out there.

Does this refer to desktop operating systems, or only to server operating
systems? (Or is there much, if any, difference?) What are some of the
more common Linux desktop vulnerabilities one should be aware of? Just
the usual virus/adware/spyware/trojan/rootkit type of stuff?


Windows was the worst until Windows 2000 arrived, and started heading in
the right direction, but still needs more work.

But all Windows 9x through Windows XP are still "monolithic," aren't they?


In fact, Rootkits are being installed on Linux servers around the world.

How is that being done? And what defenses are there against such a thing
(aside from disconnecting the computer completely from the "Internets"!)?


At least with Windows, you can remove them and clean the OS easier than
Linux or others.
With Linux, you have to recompile certain parts of the OS from clean
source code, just to trouble shoot reliably after packages like
checkrootkit find some traces that could be a sign of a trojan or a root
kit.
Short of reformatting and reinstalling the OS, you're out of luck with
Linux.

But isn't it common for a Linux OS to be installed on one partition, with
files/settings installed on a separate partition, for just such a purpose?


Instead of migration to an OS that you have less support on, tighten
security of your computer, use a hardware firewall, along with a
software firewall, have a good and up to date
security/anti-virus/anti-spyware package running,

All good advice -- and with the sole exception of a hardware firewall,
all implemented for quite some time now.


and do not go to suspicious porn/hacking/warez sites,

Yes, it's much safer to stick with trusted porn/hacking/warez sites one
is already familiar with. <g>


and use spam filtering.

Hmmm, looks like MailWasher is now available for certain Linux distros.
http://www.firetrust.com/firetrustmailwasherpro_maclinux.html


Any Linux users here willing to share an opinion on Linux?

If you are a skilled computer user then Linux is no big deal and you
will be fine. If you are uncomfortable or don't understand computers
then Linux can be quite difficult. For instance, when I last installed
Linux (a couple years ago), it didn't recognize my network card so I
had to find the linux drivers myself, download them and configure the
card manually thru the shell. This was no big deal (took maybe an hour
to find/download everything from my windows box) but a novice person
would have been stuck.

Note, there are lots of good websites with Linux how-to info on them.

Thanks. Been doing some reading on the subject whenever time permits.


Linux, if you have supported hardware is fantastic for a server OS, and
absolutely fun to use, and not that bad for desktop,

It's certainly a change of pace. Seems there's quite a bit more config-
urability than in Windows -- at least on some of the more popular distros.


but you will sacrifice compatibility, as not everything runs under WINE,
WINEX, CrossOver Office, ...etc.

Thanks for the warning. However, compatibility with Windows programs isn't
a major issue since it's just an old computer which probably won't be used
for much more than e-mail, casual websurfing, or occasional word processing.
And there seem to be plenty of open source apps to handle that sort of thing.


For the curious, I would recommend installing and using it, especially
if you have another computer sitting around, or run VMWare/Virtual PC.

Spare computers are not a problem. Got a few of those.


But for serious, everyday desktop, it has yet to mature enough.

So it would seem -- especially the firewall situation.

The Linux Netfilter/iptables firewall would appear to be nothing more
than a glorified industrial-strength port blocker. Or is that an in-
correct assessment? There don't seem to be any application-based GUI
frontends for the Netfilter/iptables firewall, except for TuxGuardian.

And TuxGuardian doesn't seem to be fully developed, or regularly main-
tained. It's reportedly a bit buggy, and evidently has to be manually
started and stopped for each session. Most inconvenient.

Furthermore, it appears that other GUI frontends for the Netfilter/ip-
tables firewall require one to be "root" in order to make any changes
in configuration, and some require the desktop to be restarted before
any changes take effect -- both of which would seem to forbid any such
changes being made "on-the-fly," as it were. Again, most inconvenient.

If one is already online, and not logged in as "root," how is one sup-
posed to allow a new legitimate application through the firewall on
short notice without first going offline, logging in as "root," mak-
ing the necessary changes, and restarting the desktop (if required)?

Sure, a software firewall isn't the be-all of security; it's only one
layer of defense. But how can a hardware firewall even begin to ad-
dress illegitimate outbound traffic on a port that's already open for
legitimate outbound traffic? Seems that only a software firewall can
address the problem of illegitimate applications attempting to "call
home" on ports necessary to be open for legitimate outbound traffic.

And for Linux, there doesn't seem to be any fully-developed applica-
tion-based firewall solution. Or is there? (ZoneAlarm for Linux?!)

Is there any way to set up the Netfilter/iptables firewall to allow a
web browser through the firewall for websurfing on port 80, while si-
multaneously blocking spyware/trojans from "calling home" on port 80?

What if one is browsing a trusted website, and wants to download some-
thing which requires the browser to communicate on a port which is not
already open in Netfilter/iptables? How does one deal with that quick-
ly without having to go through a whole bunch of hassle logging in as
"root," etc., and fiddle-fucking around with esoteric iptables scripts?

How have you guys configured your Linux firewalls, if I might ask?


Not for the average user, and certainly not for he
novice/beginner/casual user.

Yeah, Linux still seems a bit geeky, alright. If the firewall question
can be resolved satisfactorily, it might be worth a shot.

Thanks again for your replies. It's a fascinating subject.


--
"This team has some deadbeats on it...and the coach is one of them."
~Phil Jackson (3/1/06)
.

Quantcast