On 06/09/2010 08:44 PM, Henry Hertz Hobbit wrote: > But I have found in my reading that approximately 90% of people > using Mac OS-X at home are running their machines from their > admin accounts. This is bad news!
Why? I'm all for educating people about "not logging in as root", but if someone is going to install any sort of software on their machine, it's still going to require privileged access. No way around that. Malware generally comes from installing some sort of software on the machine. Remember the days of Kazaa? Installing software requires admin rights. Admin rights gives the malware full reign of the operating system. Pretending that logging in with your unprivileged user will keep you totally secure from the bad guys is just stupid. The real only advantage of logging in as an unprivileged user is trying to keep yourself from doing something completely stupid on your machine. > WE HAVE TO GET PEOPLE OFF OF MICROSOFT WINDOWS ONTO LINUX AND > MACINTOSH! If somebody wants me to give a run-down on how bad > it is in your monthly meetings let me know and I will oblige. > I usually go through 6-12 Windows malware samples per day. When > I submit then to ClamAV I chuckle when they pre-select Unix/Linux. > WHAT LINUX MALWARE? It is there but I only have two, and only > one is relevant. Of course this is the case. The GNU/Linux desktop only occupies less than 2% of the desktop market [1]. And of those running GNU/Linux as their primary desktop, most of them are hobbyists, and change their operating system more often than they change their underwear. You honestly think GNU/Linux is even remotely any sort of a target for malware writers? What sort of data would they be after? The latest Ubuntu ISO? Torrents of South Park? [1] http://en.wikipedia.org/wiki/Usage_share_of_operating_systems Now, switch the tables. Put GNU/Linux on 90% of the desktop machines. You honestly think GNU/Linux will be any more secure than Windows? Sure, there are built-in firewalls, MAC, ACLs, and so on and so forth, but treating Microsoft like it some sort of dumb giant that doesn't know how to tie its own shoes, while GNU/Linux developers are advanced, slick, professional security diehards, shows a great deal of ignorance on your part. You honestly think Microsoft doesn't have some of the world's leading security experts evaluating their software? Seriously?? I would be willing to bet that with GNU/Linux on 90% of the desktops of the world, we would see the malware writers exposing software security holes, and the upstream developrs constantly chasing them to get those holes patched. In fact, this is the case already. Data center admins struggle constantly with patching their operating systems, and keeping production stable. Now let's just play this song and dance on the desktop. It wouldn't be much different than it is today. Oh, and I would be willing to bet there would be antivirus and antimalware software titles galore to choose from, just like there are today. > The problem is getting worse, not better. You weren't around during the '90s, were you? Microsoft has made massive strides in the areas of security, stability and reliability. It's just that the security scene is constantly evolving. Malware writers have to stay on their toes and be just as sharp as the top security experts in the field. In my opinion, it's gotten a _lot_ better. More people are likely aware of email scams than in the past. More people are likely aware of antivirus and antimalware software. More people are likely aware of phishing scams. More people are likely aware of encrypting personal data. In my opinion, times are much better than they were 20, 15, 10 and even 5 years ago. -- . O . O . O . . O O . . . O . . . O . O O O . O . O O . . O O O O . O . . O O O O . O O O
signature.asc
Description: OpenPGP digital signature
/* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
