Linux and the Smile.D Virus keeps us Smiling

pstreck writes "News Forge is running a humor filled satire on the the recent Smile.D cross platform virus. It's a good read and just another reminder of why that other operating system needs to figure out a new security policy."

Newer Windows *does* have a newer security policy

[Anonymous Coward]

There is a whole privelage system there, unfortunately, it can't be used by many people right now because of some brain dead applications. Quite a few programs won't run as anything other than administrator. Over time, once the apps get replaced, Windows will have a more viable security system, which will hopefully prevent many of these types of problems.

Re:Newer Windows *does* have a newer security poli

[bsartist]

The problem isn't that a few brain dead applications can screw up the security policy. The problem is that a few brain dead applications are written with the assumption that there is no security policy, and thus are prevented from running when one is in effect.

Re:Newer Windows *does* have a newer security poli

[cscx]

You are an idiot. What he meant to say is that some programs for Windows which are meant for general use by all users were written like a "this application must be run as root" UNIX application.

Re:Newer Windows *does* have a newer security poli

[iangoldby]

That's "more advanced" in the sense of "so complicated no one can really be bothered to figure it out and use it as intended". [Ambiguity intentional.]

Re:Newer Windows *does* have a newer security poli

[mark_lybarger]

hold on a second there..

first off, it's the engineers that draw up the blue prints, the developers just carry it out.

second, i can't see how it's the software's problem that the OS has a uneasily understood security model. i'm thinking, either you have privledge, or you don't, end of story.

Re:Newer Windows *does* have a newer security poli

[Tony-A]

i can't see how it's the software's problem that the OS has a uneasily understood security model
It's the software's problem, then it's the user's problem, then it's the company's problem, then it's everybody's problem. Attributing blame to the front end does not stop the effects.

either you have privledge, or you don't, end of story
A bit is on or off, end of story.

Re:Newer Windows *does* have a newer security poli

[RedGuard]

NT has privileges (so users don't need to be
root to do certain operations), access control
lists for all objects, more than 32 groups for a
user, impersonation (so a server can take on the
identity of a connecting user and do operations
on their behalf).

Re:Newer Windows *does* have a newer security poli

[cscx]

Yes, it's just so complicated. Here is an example of a few of the available group policies:

"Access the computer from the network"
"Allow logon through Terminal Services"
"Change the system time"
"Create a pagefile"
"Deny access from the network"
"Deny local logons"
"Deny logon through Terminal Services"
"Force shutdown from a remote system"
"Load/unload device drivers"
"Logon as a service"
"Logon locally"
"Perform disk volume maintenance"
"Shut down the system (locally)"
"Take ownership of files and other objects"

Wow, if those aren't in plain English I don't know who can't figure them out. NT's security model is very complex, yes, but very capable as well. It just so happens that the crack dealer under the Longfellow Bridge is selling MCSE certifications for $5 a pop as well, so MCSE's are a dime a dozen. If you're looking for a good NT admin, you need to look hard. Just the same reason you won't hire that 17 year old who "has 12 years UNIX experience."

Re:Newer Windows *does* have a newer security poli

[cscx]

It means exactly what it says. Here is the explanation from MS TechNet for those with feeble minds:

Another user right that is sometimes modified is the right to access a computer from the network. On some networks, the security policy dictates that administrators must work from the console of the server. Consequently, the Administrators group is removed from the right to access the computer from the network on all servers. Because administrators cannot access the server remotely, potential hackers are forced to gain physical access to the system or compromise security using an ordinary user account.

Kind of how you can't FTP, etc. as root by default on a Linux box. But it's system-wide, and applies to all groups/users the policy is applied to.

Re:Newer Windows *does* have a newer security poli

[cscx]

Not sure what you mean. Run 'gpedit.msc' to load Group Policy; assign it to whatever group/user you want. It denys logon except from the local console. I.e., you can't map a network share to the box/domain in question.

Re:Newer Windows *does* have a newer security poli

[cscx]

It depends. If you have sshd running, it depends what username it's running as when it's running as a service, and if it authenticates against the NT users 'n groups (like MS telentd that comes with Win2k - it even adds some encryption to make it more ssh-like), you take on the security policy of that specific user that you logged in as. If it doesn't you take on the security policy of the sshd's running username.

It all depends on if the daemon you're authenticating against is authenticating you against the SAM database (i.e. your NT username/password). Then the NT security policies apply. IOW, programs that would be covered by this would include network shares, ftp, iis, etc. - they all authenticate against the NT users and groups. (I think they call it 'integrated authentication' now.)

Does that answer your question, or am I still misunderstanding?

No need to be left out

[PD]

- YOUR HAVE NOW RECEIVED THE UNIX VIRUS -

This virus works on the honor system:

If you're running a variant of unix or linux, please forward
this message to everyone you know and delete a bunch of your
files at random.

Damn, I tried it

[joshtimmons]

$ rm -f -r /
rm: /: Permission denied

I can't even get the unix virus! I'm such a luser.

Re:Damn, I tried it

[SN74S181]

You messed up:

$cd ~
$rm -f -r * .*

(and, obviously, your home directory and all it's contents disappear)

And that's the real paradox of Unix security

Your home directory, and all it's contents are quite vulnerable. Obviously they have to be writable or you couldn't use the contents. But many Unix advocates forget that for ordinary people, the home directory contains the only part of the system they can't easily stream back off a CDROM if everything fails.

Believe me, when things heat up after people's home directories start disappearing due to a Linux trojan (and they WILL start showing up as more 'click and make neat things happen' people transition to the Linux desktop), your 'Unix virus' funnies will seem less amusing.

Re:Damn, I tried it

[horza]

Give a luser a big red button and they will press it every time (as evinced by the repeated spread of the same genre of viruses ad infinitum). I remember being fascinated when I first came to Linux many years ago by a script that, when you are bored, you hit it and it would kill a random process on your OS. Trying to explain to a sane person why you would want to do this is extremely difficult. Any readers that watch "Father Ted" will know what I mean when I mention the words 'Dougal' and "Pilot's cabin"...

Phillip.

Re:Damn, I tried it

[rtaylor]

Perhaps, but:

rm -rf ~

The above can be just as fatal if not more to most people.

It's easy to reinstall the system, it's tough to re-create all of those projects you were working on.

Re:Damn, I tried it

[xtremex]

Well, what if I WANTED to delete all my files? A masochistic admin can completely remove the rm command altogether, or make it executable only by root. (That's gives you more to do....sit by the phone and get the 3,000 calls having them ask YOU to delete their porn for them :)

Re:No need to be left out

[dzym]

Here's a question for you:

If they have no computers (and presumably, therefore, no windows, no outlook, no address book) how did they send the e-mail?

Re:No need to be left out

[wik]

And at the age of 16, (some?) Amish are encouraged to try technology, drugs, etc... for a few years and are then given the choice of returning to Amish traditions. Here's an interview on the topic (interview one one who decided NOT to go back) from This American Life a few weeks ago:

http://www.thislife.org/ra/213.ram [thislife.org]

Re:No need to be left out

[Anonymous Coward]

I take offense to that joke, because I am Amish. Wait, hang on a second...

(sound of hand covering the tin can phone, talking in background.)

[Malachi! Pedal harder! I'm trying to read fucking Slashdot. If you stop, I will smite you upside your head.]

OK, I'm back. As I said, Amish jokes aren't funny. Why don't you ever pick on the Mennonites?

Smile.D?

[CBNobi]

Linux and the Smile.D Virus keeps us Smiling

That pun would work better if it was actually called the Smile.D Virus.

Symantec [symantec.com] and ZDNet [com.com] appear to call it Simile.D.

I Agree With This Post

[Inthewire]

Windows needs a new security policy.
Linux needs a clipboard.

The funny thing is, a clipboard seems simple by comparision.
Which will appear first?

Re:I Agree With This Post

[xtremex]

True, Linux does not have a clipboard built into the Kernel. Thank God it doesnt. However, I can STILL cut and paste in Command line mode, and with any dekstop on X I can think of.Solaris has a clipboard, so does AIX.(The commodore 64 didn't have a clipboard, unfortunately)

Re:I Agree With This Post

[shepd]

>Did you know that X != Linux?

Well, if you are getting that abstract, I'm going to say windows is nothing more than win.com, and in that case, it has no clipboard.

A clipboard is useless unless you have something to use it in (explorer or X).

Re:I Agree With This Post

[Arandir]

linux (uncapitalized) is a kernel. Linux (capitalized) is the common name for an operating system that generally comes with XFree86. Some linuces (the plural) don't come with XFree86, but the vast majority of them do.

Please note that I am not claiming that XFree86 is a part of the Linux operating system. It is not. But it is a common adjunct to that operating system. Ditto for the GNU tools. They aren't the operating system either.

Advice To Roblimo From The Bible

[Carnage4Life]

He Who Is Without Sin Should Cast The First Stone [google.com]

I personally felt the article was childish. Windows has a lot of malware that take advantage of gullible users by sending them deceptive emails with enticing attachments. Linux on the other hand typically has more savvy users. However pointing and giggling is what I'd expect from teenage high schoolers flush from teh rush of their first kernel compilation and not a supposed journalist like Roblimo.

PS: Yes, I work for MSFT. Yes, I run both Windows and Linux at home. Yes, I've been hit by a Windows virus once (CodeRed off of a web page) and had my RedHat box r00ted twice before I learned the hard way.

Re:Advice To Roblimo From The Bible

[joel_archer]

Chill. What is so wrong with poking a little humor at Microsoft, Gates, and the millions that run Windows? They may have market share, but do they have a sense of humor?

Re:Advice To Roblimo From The Bible

[reflective recursion]

You have a weird sense of humor if you thought the article was funny in any way. It's very dry and more preaching than humor.

Re:Advice To Roblimo From The Bible

[ConceptJunkie]

It wasn't even preaching... it was more along the lines of, and I quote:

Neener, neener, neener.

And had about as much insight. I'm a Windows user and developer with more experience than 95% of the folks on /. and I'll tell you that Windows succeeds for the masses because it is easier to install and use. Period. I've set up and run Linux a few times, and while it's fun for me (though occasionally frustrating), the idea of any non-savvy person installing and using Linux is laughable. Windows these days pretty much installs and configures itself with you only entering your ISP phone number. For all it's stupidity, monopolistic advantages, and just plain evil on Microsoft's part, I still believe Windows deserves to be successful (to what degree is another matter).

If this is what passes for insightful, or even funny, than the Linux community is never going to get past the childish l337 h4x0R pimply-faced nerd image that I imagine the average person (or at least those few who actually know what Linux is) thinks of Linux users.

I think Linux has a lot going for it and wish it the best of success, and hope it takes Microsoft down a few pegs, but with this attitude, no one (new) will ever take it seriously.

Re:Advice To Roblimo From The Bible

[HiThere]

Easier to use is arguable. If ease of use is the criterion, however, you should use a Mac.

Easier to install?? Windows may be easier to install than Debian, but not than any of the other Linuxes that I've tried in the last year or so. Even Prodigy was easier than windows, though I will admit that the ppp connection was broken. And Prodigy was version 1.0 (I suspect that it should have been called version 0.9.8, but nevermind).

Now I admit that I have consistently refused to agree to the license, and will only install it if someone else agrees to the license instead of me, but Windows has caused me considerable grief at installation time. Occasionally I've even given up and reverted versions. Even Debian has never caused me so many problems. The trouble with Debian is that it doesn't auto-detect hardware very well, and even when you get the basic install finished you still need to configure X Window. None of the other installers make this mistake (and perhaps Debian will also soon be correcting this). Windows, however, intends to coerce you to use the most recent version, and NEVER to go back. (Once I ended up reformatting a hard drive just to revert a version.) If you only intend to do what Windows wants you to do, then perhaps it's easy. Maybe. This, however, has rarely been my experience.

Now it you want ease of installation, you could look at DOS. That was an OS that was easy to install. Of course, there were a few problems with it, but installation was easy.

Re:Advice To Roblimo From The Bible

[cybermage]

...and not a supposed journalist like Roblimo.

This is a common mistake made by site visitors and regulars alike. Here's the reality:

Stories posted to Slashdot come in one of three varieties:

1. Stories submitted by readers and approved by editors
   
2. Stories found by editors
   
3. Stories written by editors
   

Do not expect the Slashdot editors to fact check the first two . Although the Slashdot staff have given themselves the title editor, they do not play the traditional role of editor. Be glad for that: News is biased enough when written by trained journalists/editors. I, for one, am happy to have the links to news items and access to the collective opinions of other readers. Whatever the submitters and editors wrap around the link is just one person's opinion.

Try to think of Slashdot as a club and the editors as activity coordinators. They post/approve stories they believe club members will be interested in. Often, they add their insights to the paragraph linking to the stories, as do the submitters. These insights should always be taken with a grain (or lump) of salt; if the insights were subject to moderation, probably half would score "-1, Troll."

To appreciate the service provided by Slashdot, learn to ignore the words around the links provided. Read the links you find interesting and participate in the associated discussion.

Re:Advice To Roblimo From The Bible

[reflective recursion]

The _article_ is written by Roblimo:

Topic - Humor - - By Robin "Roblimo" Miller

Follow the link to newsforge.

Re:Advice To Roblimo From The Bible

[EvilAlien]

No system is infallible, having had a virus, vulnerability, or other issue does not logically invalidate criticism of recognition of a failure in another system.

Advice from the christian bible from a Microsoft employee? How much significance does religion play in BOTH sides of your reply? Religion is meaningless, come the debate with rationality and data, or stay home.

Any OS that keeps their users stupid should be rediculed. Figure out if this applied to Windows, then ponder if this is true. Linux, by your own description, deserves recognition for encouraging a savvy userbase. Microsoft, on the otherhand, deserves redicule if they do, in fact, encourage a gullible userbase. Of course, this doesn't imply that all users of either OS are savvy or gullible, respectively. I know plenty of cognitively challenged Linux users. There are, of course, plenty of clueful Windows users. Exceptions to the rule?

Computers should empower, not stupify.

When you live in a glass house...

[Fair Use Guy]

Admittedly, Microsoft Windows has a horrendous reputation for security. Because of many poorly-designed applications (such as Office), bloated, insecure web browsers (like IE and Mozilla), and Outlook [Express], Windows has earned and rightly deserves a reputation for being the largest security threat on the internet today.

But that doesn't mean that the Linux security model is perfect - it just means that the Smile.D virus writer was too lazy to actually try to get root on the Linux boxes the virus gets exposed to. Consider the following facts:

• Local root holes are everywhere on a Linux box. Most distributions, especially Red Hat and SuSE, install literally dozens of setuid-root applications. Most of these applications are completely useless to the average person, and serve only to open up holes in system security.
• Setuid root applications are a necessary evil because the UNIX security model is outdated. Need to change the system time? How about binding to a low-numbered port (hello Apache and fingerd)? Or making files immutable? Or mounting a floppy disc? Every single one of these operations requires root privilege, either by the user or by the command a non-root user invokes. The more paths to root there are on the system, the more potential holes exist.
• Remote root holes are everywhere. Ever run wu-ftpd? Or sshd? Or BIND? Or rpc.statd? You probably do, but the average Linux luser doesn't even realize it, and doesn't waste their time playing sysadmin and keeping up with patches constantly. So she will have no idea why her system was 0wned and is being used to run an eggdrop bot on dalnet. At least Microsoft has the sense to ship systems with unnecessary services disabled.

I once saw source code for a worm [coredump.cx] written by several Polish nationals. This worm was able to exploit weaknesses in Linux systems to gain root access and spread. Don't think it can't happen just because the Smile.D author was an idiot - or else you will be rudely awakened when it strikes.

Fair Use of the Day:

OmniPage Professional 386 OCR for Win :s/n: 2804B-D00-999999
Backup Exec 7: :s/n: 04-4382-0006-031770
WebEdit v1.4c for Windows(95) :#/1KEO01E8KAP name/Last Soul
Canine Mail v.80b9 :Name: PREMiERE Code: Ronald McDonald
Inversible AntiVirus (2) :access code: 930437233 s/n: 21623728

/fug

Re:When you live in a glass house...

[xtremex]

Redhat is a "server OS". I never believed RedHat was desktop friendly. There are MANY more desktop Linux systems. But Linux is Linux. Just because my wife runs Lycoris doesnt mean my debian workstation can't effectively communicate with it. Shit, at least 5 programs she uses (acesses from the desktop), are remote X apps.
ssh -n is a BEAUTIFUL command. That alone has caused amazement for many a windows user.

Re:When was the last time you ran Linux?

[Jayde Stargunner]

Actually Windows XP (and now Windows Update is distributing a 9x/2K version of the plugin) auto-updates in its spare time.

Check your facts.

-Jayde

What? People other than Katz can write?

[hymie3]

Ya know, for the longest time, I really thought that they only thing the /. editors could do was post links to other articles (they sure as heck can't be bothered to run ispell). Every once in a while, though, I see something like this. I'm not saying that this was a brilliant piece of journalism or even satire, but at least roblimo can write a real article (where "real article" is being very generously applied to something that only has 23 sentences in it). Why doesn't this happen on /.? It happens on newsforge....
Just wondering.

Re:What? People other than Katz can write?

[reflective recursion]

It used to happen. I remember back when Slashdot was new that readers had articles/essays posted on Slashdot. I think CmdrTaco and Hemos both had a few articles here and there, but I can't remember. /. has just grown too big. Kuro5hin is much better for that though.

Re:What? People other than Katz can write?

[liquidsin]

Yeah, he can write, as in 'he is able to string together words into a cohesive sentence', but roblimo should still pretty much be ashamed of himself. Somehow I fail to see how childish pointing and laughing at the non-linux-using masses is helping the reputation of the opensource movement. If someone in his position, as an editor of a popular tech/geek news site has nothing to offer but that drivel...how the hell is linux going to gain the wide-spread acceptance that we'd all love to see? I remember my own first days with linux, trying to learn, getting so frustrated with the jackasses on irc who were so pompous, who only mocked L0z3rz who came to them for help, and almost giving up until I bought a few books, read some documentation, learned the man system...but I thought to myself that if all the linux folk were such retards then it was no wonder not more people used it...how do you learn when nobody's willing to share what they know? Then to see someone in the position of roblimo with the ability to reach a large readership pull shit like this...it blows my fucking mind. Way to go, dipshit.

Amusing, but wrong

[wadetemp]

1) Any of the Windows viruses/worms that are of the "double click the attachment" variety would work just as well on Linux as they would on Windows, were there more "Windows users" using Linux. They modify/damage user files and replicate themselves though email... who needs root to do that? I think the main reason you don't see as many of these is 1) the ratio of Windows desktops to Linux desktops is very large, and 2) Linux users usually know not to touch attachments like this. So if you're a virus/worm writer, why bother with Linux at all when your code can spread 100 times as fast though the Windows systems?

2) That comment about a Linux virus being easier to clean up is a bunch of crap. I've seen plenty of novice Windows users try to remove viruses from thier system using instructions and fail, and it's not because "there are no hidden files." It's because manual removal of viruses on Windows usually involves using system utilities and commands that most Windows computer users have never used before (regedit, command prompt.) Sure, the instructions are easy to follow for Linux... it's because you're a Linux user, and have to use the equivalents of these Windows utilities in every day tasks anyway.

3) "So it looks like the old dream of Linux eventually overtaking Windows and becoming the world's most popular operating system will never come to pass..." Well, if Linux was to become easier to use for the users who suffer from attachment-clicking syndrome, and who don't have the skills/balls to follow clean-up instructions, suddenly Linux will be alot more popular, will see alot more viruses, and virus scan software will still be business as usual.

Re:Attachments

[__aawsxp7741]

It should be noted that the default Windows mail client almost automatically executes attachments (double click on an insconpicuous icon), while on Linux, you will usually have to save the attachment, then manually execute it. So, no, that variety of viruses wouldn't work just as well.

Re:Attachments

[1010011010]

It should be noted that, under Windows, the OS tries to execute files simply because they are named in a certain way, such as having ".exe", ".bat", ".js", ".vbs", etc. at the end.

Whereas under unix, simply renaming any old file with a ".exe" at the end does not cause the OS to try to load and run it -- "execute" is a specific flag and permission that must be set and granted.

So "just clicking on attachments" will never work under Unix (barring an exceptionally retarded mail client -- and please don't bring up the old, and fixed, Pine buffer overflow; it's not the same thing), and will always work under Windows.

Until MSFT changes this (and how about killing those retarded drive letters while you're at it?), virus, worm, etc. problems will be common on Windows.

Re:Attachments

[wadetemp]

Don't kid yourself... the fact attachments take several clicks to open rather than one doesn't make this type of virus less potent.

The body of the email can always provide instructions on how to run the file. *IF* Linux becomes more popular on the desktop, converted Windows users will probably find them working around restrictions and differences between Linux and Windows to do alot of things.

There's nothing stopping anyone from writing a Linux email client similar to Outlook that allows one click opening of executable attachments. And there's nothing stopping software that's easier to use from becoming the most popular... and then say hello to viruses and worms.

Poor example of humor.

[SlashChick]

I don't even know where to begin. Should I begin by saying that calling people "morons" because these people don't immediately reformat their computer and install Linux is a bit of a stretch? Or should I point out that Lindows [lindows.com] automatically logs users in as root on their Linux boxen? Or should I wonder aloud how Roblimo would like programmers to make money if not by making useful utilities like virus scanners?

This whole article takes the disgusting tone of insulting people who obviously aren't as "smart" as the article's author. I find this elitism disgusting, and frankly, embarrassing to the greater geek community.

How many of us are quick to insult people who don't know the difference between root and another user? How many of us call the repair guy because we don't know how to repair the air conditioner, refrigerator, or our car? Would you like it if your mechanic said, "I can't believe you don't know the difference between 10W30 and 10W40. You're obviously a moron."?

Face it, folks, not everyone wants to be a computer expert. Not everyone wants to get involved in flamewars like vi vs. emacs or Linux vs. Windows. They just want to turn on their computer and have it work. And with any operating system, those same people will have to learn how to maintain it by applying patches (just like you have to maintain your car by taking it in for maintenance every so often.)

The fact that this article is categorized as "humor" doesn't make the elitism any less inherent. We should be educating people about the importance of software maintenance, not bashing them for being "morons" because they don't want to know the technical stuff. To most people, computers are a tool to get a job done, not a religion. Windows makes it easy to do most jobs. Therefore, most people are pretty happy with Windows.

Mod me down if you wish. I have 50 karma and I don't care much about karma ratings anyway. But I think this is important for a lot of geeks to understand -- just becuase we may have more technical knowledge does not give us the right to call people with less technical knowledge "morons" -- humor category or not.

Re:Poor example of humor.

[Some Dumbass...]

The fact that this article is categorized as "humor" doesn't make the elitism any less inherent. We should be educating people about the importance of software maintenance, not bashing them for being "morons" because they don't want to know the technical stuff. To most people, computers are a tool to get a job done, not a religion. Windows makes it easy to do most jobs. Therefore, most people are pretty happy with Windows.

First of all, this particular article was a response to that press release by Symantec. Sometimes sarcasm is a good way to put the overly serious in their place. "NEW LINUX VIRUS!!! LINUX VULNERABLE LIKE WINDOWS!!!!" yeah, right, whatever. Please don't ignore the legitimate aspects of the humor in this article.

Second, I bet that every group of people who are "in the know" about anything have their own bodies of humor. Ever insulted Britney Spears or her fans because you have much better taste in music than that? Yeah, I though so. Even if you didn't, I bet about half the population of the U.S. has :) Likewise, I certainly do call the electrician when my refrigerator breaks, and I bet he has jokes about dumbasses like me ("Here, try turning the knob the other way.") Why should the computer-literate SlashDot crowd be any different? Humor helps build a sense of community among people with similar interests, and in many cases helps relieve stress (ever wonder why there are so many tech support humor sites out there?) So let it be! It's just a joke.

On a related note, I'd also like to point out that the whole "Linux is a religion to most of its users" thing is not only a myth, but it's actually gotten in the way at my job. I've had problems with people refusing to use the Linux machines at work even when there are good reasons to use them, then accusing me of just being a "Linux fanatic" when I push the issue, even when I'm ultimately proven right. I do not doubt that the small vocal minority you see on newsgroups and SlashDot is probably not representative. On SlashDot you see a lot of arguments about controversial topics, which is probably the real reason why so everyone seems so angry. Still, there are plenty of reasonable people in the Linux community. Spend some time reading comp.os.linux.hardware (and not comp.os.linux.advocacy!) and you'll see what I mean. So please, give the "Linux users are fanatical jerks" thing a break already! The stereotype is making it hard on those of us who generally are nice guys :)

Re:Poor example of humor.

[reflective recursion]

I bet that every group of people who are "in the know" about anything have their own bodies of humor. Ever insulted Britney Spears or her fans because you have much better taste in music than that? Yeah, I though so.

That's called elitism, and it actually alienates people. If you want to make a joke about something then you don't talk down at others. There are plenty of other ways to joke about Linux and viruses than to stereotype a group (Windows' users) as having a low IQ. Perhaps the reason people claim Linux is a religion or for fanatics is because they are alienated by crap like this. I've been in whatever this "Linux community" is for a number of years now and I'm feeling increasingly alienated. There is too much negativity towards Microsoft and too much seriousness about Linux for the masses. The fun has been lost between '96 and now, at least for me anyways.

Re:Poor example of humor.

[Some Dumbass...]

That's called elitism, and it actually alienates people. If you want to make a joke about something then you don't talk down at others.

And yet the Britney Spears fans make fun of Christina Aguilera fans ("How can you like her? She sucks!") That so-called "elitist" humor may keep groups of people apart, but it also brings people within groups closer together.

Let's take this a bit further. Here's an idea: Let's ban black comedians! Too many of them tell jokes that only blacks get, often at the expense of whites! This elitism must stop now!

Obviously, I'm being sarcastic. But my point remains. Groups of different people (e.g. Windows and Linux users) are different. There are plenty of Linux users who make fun of Windows users, and vice-versa. There's not "elitism" involved, just regular old inter-group competition. It's natural and normal.

There are plenty of other ways to joke about Linux and viruses than to stereotype a group (Windows' users) as having a low IQ. Perhaps the reason people claim Linux is a religion or for fanatics is because they are alienated by crap like this.

Sure, and there's absolutely nothing like this coming from the Windows or Mac communities, or anywhere else (linuxsucks [linuxsucks.com], *cough*, *cough*.) So why aren't "people" aliented by all the Linux-bashing Windows users? Oh yeah, I forgot, only Linux users are jerks who alienate people, while the linuxsucks people and the like are... ?

I'm not claiming that the article isn't rude, by the way. Although some of it is not (the "cool viruses" bit for example), other parts obviously are (though the article does not accuse Windows users of having low IQs! It says that Simile.D will only infect your Linux box if you have a sub-100 IQ -- please read the story more carefully!)

What I want to know is, why is this article considered to be an example of Linux fanaticism when some Windows users are throwing the same crap back at Linux? Why are "Linux users" in general accused of being fanatics, rather than "some Linux users" or "some Linux, Mac and Windows users"? Why do some people assume that every Linux user is trying to draw people into the emacs vs. vi "war" (like the poster I originally replied to)? I could care less about the emacs/vi thing -- although I have traded some light barbs about this with a co-worker (very tongue-in-cheek), and I'm pretty sure it actually made us better friends.

Anyway, my point is that some people complain about how Linux users stereotype Windows users, while simultaneously arguing the "Linux fanatics" stereotype. The poster I originally replied to, for one. It's really irritating.

Re:Poor example of humor.

[reflective recursion]

I really haven't noticed Windows/Mac users stereotyping Linux users, but maybe I'm reading the wrong sites. The linuxsucks seems to be written by Linux users themselves.. not Windows, etc. users.

The article has a serious tone:

As Windows apologists are fond of pointing out, Linux can't possibly compete with Windows until it can match it feature for feature, and then some. I hold out little hope of Linux ever matching Windows on the virus vulnerability front, so it looks like the old dream of Linux eventually overtaking Windows and becoming the world's most popular operating system will never come to pass.

Note the author uses "Windows _apologists_" and then turns around and trys to claim (with humor) that Windows is superior. It's not entirely satire.

I know beyond a shadow of a doubt that Windows users love viruses, because they spread so many of them.

"I know beyond a shadow of a doubt that [insert country, favorite baseball team, etc.] people love viruses, because they spread so many of them." This just isn't funny at all. The nature of viruses is they travel undetected. You don't knowingly pass viruses (willingly or not). Would you willingly pass viruses, if you could? No, because that would be _stupid_. There is an implied stupidity on the Windows' users going on here. It is not the literal words, but the tone of the author that makes it most elitist.

There's not "elitism" involved, just regular old inter-group competition. It's natural and normal.

Perhaps that is part of the problem. You and others think it is normal behavior.. and it is because you believe it to be. That doesn't mean it _should_ be that way, or that it is normal to other people. I don't find this article amusing in the least bit. If I moved to the Windows/Mac communities, would I constantly be reminded of Linux stereotypes? I seriously doubt it. The impression I get from other OS communities is they are concerned with themselves and aren't worried about what others are doing.

Re:Poor example of humor.

[xtremex]

Screw vi or EMACS! Use pico! (or nano for the GNU-minded)

Re:Poor example of humor.

[horza]

I bet that every group of people who are "in the know" about anything have their own bodies of humor. Ever insulted Britney Spears or her fans because you have much better taste in music than that? Yeah, I though so.

That's called elitism, and it actually alienates people. If you want to make a joke about something then you don't talk down at others.

Sorry but I agree with the original follow-up. You need to lighten up and let people have a little fun. Linux users are more knowledgable about their systems, as you say, and that took each user time and patience. You also say that many users don't want to bother learning about their computer, in which case why begrudge those that do their little reward when that hard work paid dividends?

You call it 'elitism' and 'alienating' as opposed to it being an in-chuckle in the Linux crowd, but you are clearly proved wrong imho by all the comments that follow the news story. In-jokes can help bond communities, but it can also relieve a lot of frustration when you can see people repeatedly running into the same brick wall but cannot persuade them to change. You don't even need to switch to Linux to avoid these viruses, just use a professional email client instead of Outlook (I recommend The Bat!).

Phillip.

Re:Poor example of humor.

[reflective recursion]

Erm. You have posters mixed up I think. I never said the bit about users not wanting to learn their computer or Linux users are more knowledgable. Anyhow...

This article was not funny at all to me. I've been a Linux user for years and this is plain boring and trite. It might have been funny 5 years ago, but today it sounds like a broken record.

Re:Poor example of humor.

[xtremex]

People who are not in a "group" ALWAYS get offended by a groups jokes. Just like I get offended by "jocks" who can't believe my life doesnt revolve around baseball..And then they go on to the "non-jock" jokes. Who cares?

Re:Poor example of humor.

[shepd]

>That's called elitism, and it actually alienates people.

Yup, it does alienate people. That's the point. If you have a group of people who are all at a minimum skill level who are not interested in working alongside people of a lower, or non-existant skill level its a very effective way of keeping them out.

For example, telling these jokes in the server room keeps button pushing morons (yup, I said the word) out. Good thing, too.

As far as it being elitism, you're totally correct. Just as the Cable Guy will get the cable installed extra fast for someone who knows enough not to do certain things that would ruin the cable, he'll take longer (and, due to time constraints) do a poorer job for someone he expects to break it anyways.

Its human nature, and in this case its not a particularly bad thing either. It gives people an incentive to improve upon their skillsets and broaden their horizons.

>There are plenty of other ways to joke about Linux and viruses than to stereotype a group (Windows' users) as having a low IQ.

Sure, but they aren't as effective in ensuring those people you don't want to associate with stay away, are they?

>Perhaps the reason people claim Linux is a religion or for fanatics is because they are alienated by crap like this.

And this a bad thing... why?

If you can't have an open mind to a community then you'll find you'll be eaten alive in it.

Elitism is only wrong when its done maliciously against attributes people cannot, or should not change (such as [but not limited to] race or disability).

An OS is something you can change, and if one has such a thin skin they can't take a jibe or two from someone on the opposite side of the fence on such a light issue perhaps they have some personal issues to deal with first?

>I've been in whatever this "Linux community" is for a number of years now and I'm feeling increasingly alienated. There is too much negativity towards Microsoft and too much seriousness about Linux for the masses.

Well, I would humbly suggest you're just looking in the wrong places. If you want to use windows and Linux equally, why not join in with people making Linux-Windows compatibility software, like Win4Lin, Wine, Codeweavers, Bochs and VmWare?

Re:Poor example of humor.

[_Sprocket_]

First off, I have to admit Rob's piece was pure trollbait. And its a shame. A clever humor piece could have highlighted the non-issue of this Linux-compatible virus and the issues that make Windows such a ripe environment for virus activity. Instead, Rob used the subtlety of a sledgehammer and produced something only a troll could be proud of.

Elitism is only ONE of the faults of this so-called humor piece. But it does offer a chance to hash out this issue.

Would you like it if your mechanic said, "I can't believe you don't know the difference between 10W30 and 10W40. You're obviously a moron."?
...
Face it, folks, not everyone wants to be a computer expert.
...
They just want to turn on their computer and have it work. And with any operating system, those same people will have to learn how to maintain it by applying patches (just like you have to maintain your car by taking it in for maintenance e very so often.)

I'm willing to bet there ARE mechanics who scoff at those who don't know the difference. After all, its a basic bit of maintenance knowledge - hardly arcane knowledge. Heck, its even included in your vehicle operators manual. If you're going to do basic maintenance of your car yourself, you are going to have to tackle the difference in motor oil.

But you don't have to do the maintenance yourself. There are plenty of places that do nothing BUT simple tuneups and oil changes. And judging from the number, it seems to be a fairly popular service. Of course, you DO have to be aware that the maintenance needs to be done.

Computers are similar to motor vehicles. Both are complex systems that, over the years, have become simpler to operate. However, they both occasionally break and need unscheduled maintenance. And they both need regular maintenance. One can gain the knowledge, skills, and tools to maintain these systems oneself. Or one can find a knowledgeable friend or hire a professional.

Unfortunately, these concepts are lost on the average computer user. They are faced with two opposing concepts that cloud this simple idea.

First, our popular culture constantly pushes the concept of "computers are so complex and difficult that only especially gifted individuals will know anything about them." You find it in news headlines that gush "Local Computer Wizkid does [relatively simple malicious hack] Against [national agency] Computers!" National news figures professing computer illiteracy - imagine Ted Koppel lamenting that his son (or grandson) knew more about cars. And then there's an entire industry that promises to make computers "simple".

And that's our opposing concept. The IT industry is full of products that promise to simplify the computing experience (witness the popularity of Microsoft products and AOL). Its a worthy cause. Computer systems have now become fairly easy for daily tasks. But unfortunately the message seems to be that computer systems have gained the characteristics of a toaster or VCR (Twelve O'Clock Flashers [mp3s.com] aside) rather than a motorized vehicle. This impression is entirely false.

Today's automobile is fairly easy to use. However, there is still a rather complex system of traffic rules one has to learn to use one. And the underlying technology of the automobile is more and more complex. One must learn enough to perform basic maintenance or have it performed by another. Even then, these systems will occasionally fail and require an expert to repair. And we even have products from the automobile industry that have serious engineering flaws.

Computer systems are very similar. However, we have the popular misconception of complexity that seems to cause many otherwise intelligent people to disengage their thought process when they get behind a keyboard/mouse. And we have an industry that profits from convincing the public that they don't need to bother to learn the basics of operating a computer to use one.

It is little wonder enthusiasts and professionals become jaded when these two concepts create irate users demanding quick fixes to problems. Especially when some of these problems are their own doing or could have been solved themselves with the most basic knowledge and patience.

Re:Poor example of humor.

[SteelX]

I agree with you totally. I'm a big opensource freak and I consider myself a power user and probably in Roblimo's "smart" category, but I will never, ever force Linux or <insert-other-opensource-software-here> down anybody's throat. I've seen too many geeks pushing Linux-ish stuff down Windows users' throats, like proposing stuff like LaTeX for secretaries (!!!), vi for non-UNIX users, and the like. People will definitely be put off by such behavior.

I respect Windows users and their wishes. Although I won't use it much myself, if others would like to use Windows, I've no problem with that.

Another bad attitude among the open source community is to assume that everyone has enough time for everything. "Normal" users are used to "click, click, click, it's installed".. not "./configure; make.. oh wait, something stuffed, hold on.. vi file.c.. darn, wget http://new-version, etc etc".

And even as a Linux user, I do get "pushed" by other Linux users to use a certain app too. Once I was trying to draw a diagram in a hurry, and because I wasn't familiar with Linux diagramming tools, I used Smartdraw for Windows. A fellow Linux user came by, scoffed at the fact I was using some Windows software, and pushed me to use xfig. Of all things! xfig is so bloody primitive and totally not the right tool for the job. He then recommended Dia which was not up to the job too. I could've produced the same diagram, but it would take probably 2 to 3 times the time I would've taken using Smartdraw. So I can imagine how those Windows users would've felt.

No one wants to hear "Ewww!! You're using Windows?! That piece of junk??" anymore than we want to hear "Eww! You're using Linux?! That piece of junk??" So, please. Respect the wishes of other users. If they wanna use Windows, let them. If they wanna use a Mac, let them. If you like to drive with a manual transmission, you don't want to be forced to drive an auto, right?

Re:Poor example of humor.

[xtremex]

The example of making a non-*NIX user use vi is a bad one. VERY few people are native vi users (especialy on /.).You had to start w/ something. Sure, vi is more arcane then Notepad, but damn is it powerful.When I am forced to use windows, I by default go to Start..Run. md and type vi! Ever type ESC :wq in notepad? I have.Plenty of times.No matter what UNIX system I am at, I can pretty much guarantee that vi will be installed.

Yeah, good read

[SetupWeasel]

Blah blah blah Windows bad.
Blah blah blah Linux good.
Blah blah blah idiots use Windows.

CmdrTaco posted this? I'm so shocked!

This article is not satire, is not it original, nor is it well written.

I wish I could moderate CmdrTaco down for being a troll just once.

SetupWeasel

Longing for more like this!

[Bollie]

Ever since segfault [segfault.org]'s demise, I've been longing for articles like this. Sorry slashdot, but sometimes fake news just don't match up to the real thing.

Howz about some of yous guys start a fake news site (preferably not sponsored by our dear friends from Redmond).

Am I the only one here not laughing?

[boa13]

Here we go again! Let's laugh at people who think "that Bill Gates deserves their money", let's laugh at people who buy anti-viruses, let's laugh at Windows while we're at it, and of course, let's praise our wonderful unbreakable operating system. Ah! This virus fails to infect me, viruses are so uneffective against l33t linux! Nobody can root me, nobody can root me!

Am I the only one not laughing? Am I the only one watching with, not fear, but interest and attention, the great innovations being done in the field of the Linux viruses?

We have a virus that can infect both Linux and Windows binaries. A virus that can try to infect a Linux box from a Windows box. A virus that is extremely hard to detect and destroy on Windows. Sure, it doesn't work well enough, yet. It's, after all, only the third generation virus. But it is nevertheless a great technical achievement, a new milestone release, a step towards havoc.

When these viruses will be able to infect a Linux partition from a Windows partition, or a Windows partition from a Linux partition, each time bypassing the security and anti-virus of the operating system it is infecting - hey, the OS is not even running! - will you laugh that much? Nobody can root you? And what about a virus that has ext2-level access to your root partition? Yes, from Windows? Who is 100% Windows-free? Who never has two OSes on the same machine?

Virus authors are showing are growing interest to Linux, and as more and more viruses are able to spread on Linux, more and more anti-viruses Linux will need. You might not like it, but it seems unavoidable to me. And if you really hate the anti-virus companies, start an open-source project. Now.

Let's come back to this discussion in a couple of years. And we'll see if you were right to laugh. I hope so. I don't believe it.

Re:Am I the only one here not laughing?

[dvNull]

If my dual boot machine infects my Linux box from a windows run script the fault still lies with Windows, not Linux/BSD/Solaris or whatever*nix I am running.

Then again I dont dual boot. I have 2 machines, 1 for windows and 1 for Linux and so far neither have been infected.

dvNuLL

Why Linux doesn't have viruses

[Broccolist]

A great technical achievement? I don't think so. Virus writing does not strike me as being all that hard. IMHO, if a highly skilled programmer with a lot of time gave it a shot, it would be possible to create a virus orders of magnitude more destructive than what we have seen so far. Imagine a monster hybrid virus that combined a Code Red-style buffer overflow exploit with an e-mail attack, and that moreover trashed the victim's hard disk shortly after infection.

Fortunately, this probably will never happen. Not because it's technically impossible, but because all the programmers with that kind of skill are mature and ethical. If you look at the biggest viruses we've had, almost all of them are dysfunctional and poorly written, and obviously the product of an immature kiddie.

Now, my point: IMHO, there's only one thing protecting Windows from highly destructive viruses, and the Unices from any viruses at all. It has nothing to do with the technical merits of the system, or the tech-savviness of its users, neither of which can stop a well-written virus (there will always be a hole somewhere). The key factor is the honor of the programmers.

Different communities aggregate to different OSes, and warez kiddies and hax0rs seem to me to exist almost entirely in the Windows world. The reason Linux doesn't have any viruses is because nobody is trying to write any. Until this changes, I don't expect anti-virus software for Linux to become necessary anytime soon.

Re:Why Linux doesn't have viruses

[_Sprocket_]

Now, my point: IMHO, there's only one thing protecting Windows from highly destructive viruses, and the Unices from any viruses at all. It has nothing to do with the technical merits of the system, or the tech-savviness of its users, neither of which can stop a well-written virus (there will always be a hole somewhere). The key factor is the honor of the programmers.

Considering how widespread some malicious code gets, its surprising that more damage isn't done. This is not because the code is not successful in replication. It is because they tend to contain very benign payloads (with some notable exceptions).

It wouldn't take too much imagination to create a destructive payload that does not interfere with replication of the code. But for the most part, malicious code found in the wild tends to do little to harm the systems they attack or data housed therein. One can only assume that this is intentional. So if the widespread virus does not destroy data or host systems but does manage to become widespread - obviously replication, and not destruction, is the common goal.

Why focus on replication? Perhaps it is the sole goal of an academic exercise. Perhaps it is politically motivated to expose security vulnerabilities within the target platform. There have been writings and comments within sample code that support these two possibilities.

That doesn't mean malicious code is not dangerous. The code for a successful virus simply provides a platform for those with a more destructive intent to include a more destructive payload. Plus, malicious code does tend to impact available resources (bandwidth, drive space, etc).

Different communities aggregate to different OSes, and warez kiddies and hax0rs seem to me to exist almost entirely in the Windows world.

Although much of the available applications available on Linux is available for the cost of time and a download, there is a selection of proprietary applications. These applications can be found within the "Warez Community". Also, there are plenty of examples that show Linux is known within script kiddie / "hax0r" communities and somewhat commonly used.

The reason Linux doesn't have any viruses is because nobody is trying to write any. Until this changes, I don't expect anti-virus software for Linux to become necessary anytime soon.

I would suggest that there are few examples of malicious code that targets Linux because Linux does not present a favorable environment. Windows is full of insecure architectural decisions that provide a rich environment for malicious code. This feeds our two motivations for writing malicious code. It provides an environment where one can write code that will successfully replicate. And the insecure architecture itself is being exploited by those who's political motivation is to expose the vulnerability of that architecture.

Surely, some will decide to apply the same motivations towards Linux. Although those who have a political motivation may not be as many. Linux development methods tend to listen to security criticisms and its open source nature allows those with that kind of interest to focus on providing patches rather than expend the effort to force the issue publicly. Those who find developing malicious code an academic challenge will write such code. And thus, we occasionally see a new "Linux virus".

Re:Am I the only one here not laughing?

[Some Dumbass...]

Let's come back to this discussion in a couple of years. And we'll see if you were right to laugh. I hope so. I don't believe it.

I think that you're entirely right about returning to the discussion in a few years. Yet it's quotes like this that make me wonder why so many people are calling this article FUD. The reality right now is that there are thousands of Windows viruses, and about a dozen Linux ones (none of which spread very well on Linux). Making fun of how Windows users suffer from viruses may be short-sighted, but it's not FUD -- Windows users do suffer from viruses far more than Linux users, and anti-virus software is a necessity on a Windows machine (but not on a Linux one). That's just reality (assuming we're all in the year 2002, anyway). As you said, in a few years Linux may have a virus problem, but that implies that it doesn't right now, which is basically correct.

Re:Am I the only one here not laughing?

[xtremex]

I have been 100% Microsoft free since 1997!I havent dual booted in a LONG time. I just get a cheap box and install a new system and ssh in. I guarantee I'm not the only one. There is nothing I need Windows for.

The word of the day is FUD.

[bons]

FUD [linux.org], aka, Fear, Uncertainty, Doubt.

We've seen a lot of it over the years from Microsoft and other major companies, but the people who once used to rally it no longer carry it on their news sites, but they actually have become a source of FUD as well.

OK. So this was posted as humor. But somehow it didn't read as humor. It read as an article that claims you need to spend money to prevent viruses on Windows while you could run a virus free linux system by just pumping an 80 IQ.

On Windows you're likely to get a virus from one of two places, either installing software or running software that allows scripts in it's data files.

Both of these are easy enough to defend against, however, it's seems like it's not in the best interest of the Linux community to let that be known. A little Fear, a little Uncertainty, a little Doubt is a much better weapon.

And when it's over, the truth is that had this been presented as a factual article on how simple it is to remain Virus Free on a Linux system, it wouldn't have even been read by many, nevermind submitted to Slashdot.

After all, FUD sells. It just doesn't make me proud to belong to the community selling it.

Re:The word of the day is FUD.

[reflective recursion]

Exactly. Not only did Rob misspell the virus name (it's actually Simile--not Smile) but this article is not even satirical. When I think of satire I think of Dave Barry. These writers need to really work on their craft. As an example of how this could have gone:

Linux Catches a Cold

Linux anti-virus companies have been incredibly busy this past week. "Yessir... we have had to decrease our table tennis time by nearly 10 minutes to accomodate our customer's needs this week," says Roger, project manager at Linux Virus-Be-Gone. "We almost had to outsource our development because we were afraid that our main developer would not be out of school, er, free at that time, but in the end he pulled through," Roger added.

"It was a tough one to crack, I'll say that," Chris, main developer at Linux Virus-Be-Gone opined. "For the first ten minutes I didn't have a clue how to operate the virus," claims Chris. "Then I discovered that you had to login as root to start the magic It was all downhill from there."

I'm not a writer, but you get the idea. If it was funny I wouldn't gripe, but this just sounds like Linux bigotry.

Symantec trying to break into the Linux market?

[Petronius]

It wouldn't surprise me if *they* wrote that stupid worm.

Two Things Will Undo Linux Security

[istartedi]

1. The steady transition of Linux from a "geeks only" OS to a corporate mainstay. This will make Linux a more appealing target.

2. The arrogance of those who think that Linux isn't vulnerable.

uhhh.

[Gavitron_zero]

Maybe someday someone will write a virus that can log into your Linux system as root and really mess it up.

Buh??? Why would you need to write a virus to do this, most linux boxes out there have lots of stuff you can exploit to get root yourself.

"Humour filled"?

[seldolivaw]

Have you read this article? It's not funny unless you think "of course, Linux doesn't get viruses" is funny. 'Cause it says that about a million times.

This guy actually writes articles?

[WildBeast]

Since when twelve year old kids write on Newsforge? He says : "and I assume that once they've gotten the idea (from where I do not know) that Bill Gates deserves their money more than they do"

Where does he come from? I paid $300 for my monitor, does it mean that oh I shouldn't pay them, I better keep the money to myself?

As usual, when you can't beat MS, troll away :) Just pathetic.

This article sucked.

[bugg]

This article sucked. This article sucked so much that while I was reading this sucky article I died of suck overdose and my soul tried to go up to heaven but the black hole that is suck sucked by soul back down into my sucking budy to finish reading this sucky article.

CmdrTaco, don't post sucky articles for your sucky friends just because they ask you to. Read the sucky article yourself first. It sucks.

Now do you see how non-constructive criticism feels?

...getting rid of extra karma since 1867.

Interesting quote from the article...

[supremebob]

"How many people do you know who habitually run their Linux systems as root?

In my case, the answer is 'zero.'

So that's the end of that."

Woah, not so fast there, buddy.

Lots of the newer "user friendly" Linux distributions like Mandrake and Lycoris allow Linux newbies to install the operating system without creating a separate user account. Worse yet, some of them allow the root user to have NO password at all! As these Linux distributions get more popular and easier to use, you can expect more and more computer newbies who don't understand computer security to leave their systems logged in with administrative accounts with no passwords to protect them.

One of the main reasons that Windows is venerable to virus attacks is that it's users often aren't as security savvy as *NIX users are. All it would take is a few thousand home users running Linux logged on as root without any passwords or security patches for a Linux virus outbreak to become a reality.

Re:Interesting quote from the article...

[reflective recursion]

And it also ignores one small detail: the most needed stuff is usually kept in the _user's_ directory. If someone killed my /etc, /lib, or /usr directories I would be mad. If someone destroyed my /home/login I would cry. Almost everything of any importance is stored in my $HOME directory. Typically, viruses aren't created to take over machines. They are created to _do damage_. Sure, root would cause much greater damage (possible hardware too), but destroying a user's home directory is Bad Enough. I really can see people creating viruses which live in a user's home directory and have no expectation of gaining root.

Running as Root

[md17]

How many people do you know who habitually run their Linux systems as root?

Overall the article was good. I agree that now with StarOffice, Mozilla, Ximian, the nearly 2 click install from SuSE 8, etc. There really is no good reason to deal with all the Windows BS. Anyways, the one problem I had was that Roblimo was talking about the average Windows user. And I believe that the average Windows user would be a lot more likely to run things as root than learn how to use sudo. How many install instructions say:
Become root, then run: make install
Without people knowing what that means and why it can be bad, their systems are just as easy a target for viruses as Windows computers. Either way, it's an education thing.

Not the OS.. the users

[Random Feature]

The only truth in this article was that people, in general, are ignorant when it comes to computers.

Yes, there are plenty of people who just want to "turn it on" and have it work, but you boot up and DHCP a public addy via a cable modem/xDSL line, you ought to at least be *aware* of the potential for abuse. And that goes for both Linux and Windows. We won't discuss this fact with dial-up users but they don't get it either.

At least my grandmother (85 year old grandmother) has an excuse. As long as she can e-mail and browse she really doesn't want to know anything else, so I'll take care of that for her. But that's a different situation. Most of them time we're talking about people who have at least a limited knowledge of computers and should be able to understand these things. The least the Cable/DSL providers could do is include a picture and a little description of what the hell they're getting into.

I run a switched network at home with a firewall that's solved most of my problems. But my father's hooked straight to a cable modem and until a month ago when I told him he was vulnerable he had no clue.

And that is the real problem. Because users in general (1) don't patch and/or (2) don't even realize they're "on" the Internet.

As far as a few comments here about Linux being too difficult for most users, tell that to my 8 year old daughter. She doesn't have a problem at all running SuSE.

Re:I knew there was a good reason...

[MaxVlast]

You should have done that fifteen minutes after getting the machine configured.

Safety of Linux

[einhverfr]

OK. Linux is not that safe from certain types of viruses (such as the lion worm, etc).

In all fairness, saying that there are Linux viruses is like saying that the Concept virus was a Windows virus. I am not aware of any Linux virus (that attacks the system using vulnerabilities presented by the Linux kernel). Usually other programs are the source of the risk.

The issue of security from viruses is similar to the issue of security from hackers. It is a never-ending battle, and network services are points of attack. Some pieces of software are better than others at controllign the degree of compromise resulting from their failures. That is all.

Re:Linux is still safe, but...

[caca_phony]

Here is your anti-virus program:

Do not run untrusted code.

Do not run any program as root that is not either a part of your original distribution or an install script for a program you know has not been tampered with (check the md5 on the tarball), and whose author you trust.

Never run any mail program that runs code that is mailed to you (good luck finding one for *nix that does that anyway).

Follow this program, and you should remain virus free on any reasonably designed operating system.

Re:Linux is still safe, but...

[caca_phony]

It's just that the overwhelming majority of users run Windows and if you want a virus to spread rapidly, Windows is the platform of choice. Believe me, if everyone read their email with Emacs on Linux, there would be email viruses for that platform, too.

And, if that was the case, I could, as a semi advanced user (hell I use vi and berkely mail, but I've played with enough elisp to do this) make my emacs mail mode invulnerable to the virus after about 10 minutes of coding, and without having to recompile anything. And I seriously doubt your claim. All email viruses rely on "conviently" auto-executed code. There is little if any of that in emacs outside of hooks that only change the mode or state of emacs in some way (ie. turn syntax coloring on if the file ends in .c). Emacs has been around since the '70s, it has survived long periods of time as *the* predominant text editor without any significant viruses that I have heard of. Security can't rely on your code being on fewer computers. Security must be designed into the kernal, the APIs and each and every program used. This has been done to varying degrees of success on every unix and unix clone, and is just now, 30 something years later, being proposed on the Windows platform.

%s/kernal/kernel/g

[caca_phony]

duh...

Re:Is Linux a machination of Satan?

[Disevidence]

Do any of the mods (besides the first mod) have any humour section in their brain? Mod parent Up!

Re:Good god get over yourself and get busy!

[joshtimmons]

A couple points:
1. Most of the hundreds of millions of windows users are windows users because that's what came with their PC. It was bundled with their PCs because of the heavy handed licensing methods that Microsoft applied to the OEMs. That's not the same as saying that the customers prefer windows.

2. It occurs to me that it's very hard for a virus to propagate in an environment where the user (by default) does not have write permission to the directories - and I'm not talking a "read-only" bit that essentially relies on the honor system. In usermode, I can't infect/damage /usr/bin even if I wanted to. In windows, this could be done, but it's not because it would make installing/removing applications (slightly) more difficult. Well folks, a virus is just another program that you just installed; albiet probably accidentally.

3. Saying Linux has made great strides in a short time is misleading and somewhat deprecating. I've been using it since 1992 (10 years). That predates all win32 platforms (including Winnt and Win9x, to say nothing about XP, etc.). It's a minor bone to pick, but it's made great strides over the entire course of its existence. Even in the beginning, it was purposely built to take advantage of "great strides" that predated it.

4. Users don't have to patch code. Linux package management excels. I know debian best, and apt-get keeps my system secure with nary a recompile. Patching? I could if I wanted to, but I'm too busy being productive on my system.

5. I agree about not calling people who don't use linux morons.

6. You don't even have to run linux, as far as I'm concerned. I have to draw a line at telling the people in the community to get busy and fix the bugs and do a little usablity testing. Where have you been? Did you know that all that happens. How else can you explain this feature-rich reliable, and usable system that I'm typing this on? Independent estimates have estimated that there is over 1 billion dollars of time invested in a typical linux system and it is all given away for free. Be grateful, not pissy.

Re:Good god get over yourself and get busy!

[rufusdufus]

Your point 1 implies a deep misunderstanding of market economics. OEMs ship windows because thats what the users demand. The customers do prefer windows. Cold hard fact.

point 2: window has been around since 1984. It is an extension of MSDOS which was from 1980. Anyway, I think most of the real progress in bringing linux to the masses has been done in the past 5 years. My opinion only.

point 6: I run mandrake and windows, mainly for xplatform coding. The UI for KDE3 just isnt there yet, nor GNOME or what-have-you. I rate the usability (for naive users) of Linux below Windows 3.0. And thats pretty sucky. In fact, usability and polish is the main weakness of Linux. Only honest usability testing with naive so-called-morons will get the OS past this hurdle.

Re:Good god get over yourself and get busy!

[johnnyb]

Your point 1 implies a deep misunderstanding of market economics. OEMs ship windows because thats what the users demand. The customers do prefer windows. Cold hard fact.

********

This is complete baloney. Most users have never tried anything else. Microsoft has taken control of the distribution channels, so there is no place for consumers to have a choice. If they go into best buy they get a choice between Windows and Windows. How would they manage to choose Linux in that scenario? Or Mac? They would have to have known about it before hand, AND know where to find it, AND know what it's capabilities are.

That's like saying the Chinese people prefer communism. The fact is the system doesn't give them a choice. Hopefully in the future the grassroots Linux movement will enable more choice and knowledge for users, but that takes time. Don't pretend like it's a choice today because it isn't.

As to your other point, preferences differ, but most people like KDE or GNOME as much or better than Windows, although less than Macintosh. GNOME, I know has gone through such usability testing as you mention. I don't know about KDE. What, specifically, do you find sucky about them?

Re:Good god get over yourself and get busy!

[xtremex]

I had a discussion about this exact same topic with a buddy of mine (Professor of Economics) last week. He is a Linux user (recently), and he says that if there were no advertising, and Linux was installed by default, people would "demand" Linux.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:Good god get over yourself and get busy!

[johnnyb]

Good point, but the fact remains that of all those hundreds of millions of Windows users nearly 100% could switch to Linux, but haven't. That does count for something.

********

No. It doesn't. It would count for something if

a) all those users knew what Linux was.

b) all those users knew the advantages and disadvantages of both systems

c) all those users knew how easy it is to switch

The fact is, 99% of those users don't know any of the above, and thus cannot make that choice. Add into that the amount of disinformation there is on Linux, and the possibility of this user knowing about this valid choice, and that it is valid, drops to near 0.

As for using Linux without editing config files, my wife and I do so every day. Installed and use regularly, and had to do a whole lot less configuration than with Windows. Even changing the video card was handled automatically, and the system detected and installed the appropriate 3D drivers for my new card automatically.

Re:Good god get over yourself and get busy!

[xtremex]

I doubt people who are interested in Linux care about the so-called "attitude" problem of it's users. Most of the attitudes are from college age whipper-snappers on /.

Re:Slashdot favors Linux

[visualight]

Exactly how is my response to the parent "flamebait"?

Point (1), the majority of /. readers/posters are biased toward Linux and Open Source. Is this not true?

If the above is true then is it safe to say that these same people have made up their minds that Linux and Open Source is superior in many ways than Windows and closed source?

Are there not numerous examples of grandmothers and small children (there's an 11 y/o girl in my house that can install Suse w/ no problems. She is of average intellingence) who use linux? If and adult cannot perform a task so simple a child can do it then is there a problem with labeling that person a moron/lame?

The entire purpose of the post is to point out that

1)Slashdot is biased and said bias is based on facts and experience. Whenever someone makes a statement that /. users are biased the reply should be "So?"

2)To counter the assertion that Linux is more difficult to use than Windows. It is not.

Re:Slashdot favors Linux

[xtremex]

I gave my neighbors kids a PC for christmas. I installed Mandrake on it. (mainly so if they need support I can just ssh in and fix it.). They are 8 and 12 yrs old. I have YET to have them tell me something doesnt work or they are confused about something. This is their FIRST computer. The 12 yr old uses WIndows at school sometimes. I hear complaints about the schools computers, but not her own. It may be an isolated incident, however....

Re:Windows isn't less secure

[xtremex]

That is pure bullshit and you know it. ANYBODY can walk up to a Linux console with X and get their email. Lok at KDE and GNOME. And for about 30 years, peopl ehave been getting their mail in UNIX by typing pine.
For those who can't remember the word pine, you can even make a shell script menu:
Welcome to SUnOS.
Type pine for mail
slrn for news
logout to logout
wp for WordPerfect

Agreed.

[wackybrit]

I've been a techie for many years, but have shied away from Linux. Sure, I've used an old version of Slackware as a Web server or as an IP masquerader here and there, but never tried to use it as a workstation.

The other week, I decided to give it a go. I put a Redhat 7.0 (the latest Linux I had in the house at the time) CD in and got on with it. Very very easy setup! Less hassle than Windows, and certainly quicker. Copying files seemed to take longer, but, you've gotta remember that Windows spends at least 20 minutes restarting itself and setting up all sorts of crap after the files are copied.

So, yeah, I'm no Linux zealot, but they've come along in leaps and bounds on the interface front. Although.. I had to edit a few config files to get my network card working, so it's not for a typical user either JUST yet..

Re:Agreed.

[nurightshu]

I had similar problems with RH 7.0 about 3 months ago when I installed it to a Compaq Deskpro EN PIII 1.0GHz with a plain vanilla 3Com 3C905C network card. It took me some time to get eth0 up and running.

So, when 7.3 came out, I decided to give that a shot and see if it would work any better with my NIC. Sure enough, Anaconda found it and auto-configured for DHCP. So the moral of the story? Get 7.3, I guess. I mean, it's not like you have to pay for it.

Of course, I still haven't figured out how to get the Deskpro's on-board audio working, 7.3 or no. Compaq's website wasn't much help, and I couldn't find anything about it on Red Hat Network. Anybody else out there with nudges in the right direction?

Re:Windows isn't less secure

[xtremex]

FreeBSD 4.5....10 Minutes on a Cyrix 166.
After logging in, I can get my mail!

Re:"That other operating system"

[dgym]

Indeed, it hardly operates at all.

I for one would prefer if people would instead refer to it as 'the thing that shall not be named' as the title makes no assumptions, does not encroach on any several thousand year old technologies (I think that before the Romans put glass in them, windows were more of a hole in the wall than the true window experience they are now) and is dark and gloomy enough to reflect all those works forever lost by those forgetting to save every 10 minutes.

As to the virii, I wish Linux was as secure as all that, but as others have pointed out there are a fair number of exploitable suid-root programs with the average large distribution.

I had a read about HURD's security system a few months back and it looks a lot more promising than the traditional UNIX model (something about starting with no permisions and working your way up, rather than starting with all permisions and dropping them for your typical root service). It should be interesting to see if the new ideas work out in the long run, or whether the 30 year old security model will once again show that it got that old for a reason.

Re:Main differnece is philosphy

[reflective recursion]

You would be correct, but only if security was an absolute. It is not.

What does it mean to "be secure?" It is easy to spew common *ix security logic when that is all you know and think about when security is the topic. You have to take a step back to understand the nature of security.

I'm rusty on *ix history, but I'm fairly certain security was never a top priority of the original Unix, until later. If you check up I'm sure you will find that security actually _was_ added to *ix on a as-needed basis.

As an example consider this: until fairly recently (mid to late '90s) denial-of-service was not a threat. *ix admins everywhere had to rush to turn off common "safe" services such as ping, finger, etc. as a result of what they believed was security.

The _biggest_ threat will always come unannounced and from a never suspected "location." What *ix has for security is simply barriers for the patterned attacks. Security has been a buzzword of sorts long before Microsoft--and will continue to be a "buzzword" as long as people foolishly believe that security is an absolute.

Re:Main differnece is philosphy

[reflective recursion]

Still, there was a philosophy going on of openness--the stuff that RMS speaks of. Everyone generally trusted each other and security was not a serious issue at the time. Take a look here [albion.com].

In November 1988, Robert Tappan Morris released the infamous "Internet worm" that corrupted thousands of net-connected machines overnight.

[...]

The worm exposed a Pandora's Box of vulnerabilities in UNIX, including bugs in the venerable sendmail and finger programs. It also exploited the concept of "trusted hosts" in UNIX

[...]

Beyond it's immediate impact on infected systems, the worm called into question the "open lab" approach to UNIX security, which maximizes resource-sharing and trusting cooperation at the expense of formal security controls.

The result of this was the formation of the CERT organization. What I'm getting at is that *ix security methods have evolved very much, just like Windows security methods will. Overall, there is no silver bullet. Just as no one saw the internet worm coming, or the first wave of DoS attacks, no one will see the next serious security issue. Until it's too late. Every security measure taken is always the result of a security breach. Or the _perceived_ security breach, which usually fits a pattern. For example, the advice you gave about not trusting the client is fairly new security "common sense" and is the result of many security breaches via client spoofing and manipulation. Back in '88 I doubt such security axioms existed, as they do today. I myself am a little worried that one day someone will come along and turn everything everyone knows about security upside-down.. and many people will be sitting idly by with their "secure" *ix box thinking they are perfectly safe, but maybe I'm just a tad paranoid.

Re:MS the tool of a lost generation :)

[xtremex]

I agree. I had an argument with an MS lackey the other day. he says "2 CDS to install an OS??!!" I said yes, when you install windows, you have to download everything to get a working system. WHen I install Linux , I have ALL the tools I need.

Re:"that other operating system"

[xtremex]

Hmm...I've been using USB on Linux for around 2 years. I can burn CDS, watch DVDS and browse the web at the same time on Linux. My digital camera is in /mnt/camera.Has been that way for years.