>> it is safer than downloading random EXEs from the Internet.

>How does that follow?

>I mean, it's correct on the technicality that nobody (or almost nobody) writes malware for Linux compared to
>Windows, but that doesn't make it safer by design.

Malware in a repository does not survive as long as malware in a random EXE on the internet. However, this is a benefit of open source repositories, not Linux.

using Ubuntu I do have to use the CLI to perform certain tasks. Often they are tasks I like the CLI for better, but I recognize that isn't the case for normal users.

I have to agree that there's a need to be specific here. Is it something a normal user needs to do? I sometimes install Linux for normal users. Once I finish configuring, I am assuming they won't ever need the terminal. If that's wrong, please let me know.

Copying protected files in nautilus was a good example. I think it should give me a way to override the error. Currently I go to the terminal when that happens.

"Odd. I believe I haven't seen my Ubuntu beep, well, ever..."

Really?? All I have to do is connect or disconnect the power supply on my laptop. When the terminal is open I get it all the time for command completion. This thread has reminded me that I'd really rather have it off than muting the speakers all the time.

"An independent thinker cannot back MS?"

Someone who currently backs MS 100% of the time regardless of the issue is not an independent thinker. Simple really. Stop pretending you're independent.

"If you claim that Word and Excel did not run as standard users, you are now exposing yourself as a liar."

Oh right! If it didn't happen to you then it didn't happen. You won't want to read this link:

Office 2007 Unusable in Limited User Account

I had this problem, but it was better than the crash that I use to get, which only happened as a limited user. So, you don't know what you're talking about. It's a fact that you don't want to be a standard user on Windows XP. Do you like getting updates to those required anti-virus programs? Then you may want to be an administrator.

Prediction: You will now go on to deny that Windows XP and every prior version had a problem with this, or you'll say that it doesn't matter now that everything has been fixed in Vista. It's enough to make anyone wonder why Windows 7 is coming so soon, when Vista was so perfect.

That's just the point: What discoveries?! The patent looks like it takes existing LAN and DSP technology and adds, "but do it wirelessly." This is shades of patents that added "but do it on the internet". Where a specific infringement is not obvious, I wonder if the vague and all-encompassing idea of using a wireless LAN in an office or home setting would allow them to attack any home wireless technology, regardless of whether or not it had anything to do with their invention.

I was looking forward to the legal battle, but I guess CSIRO gave them a price they couldn't pass up. Maybe now we'll never find out what they "discovered".

Here is homer's standard operating procedure:

1. Someone says anything negative about Microsoft where you can read it.
2. You say: It's a myth that Microsoft does that. They have no choice. It's not their fault. Groupthink! Groupthink!
3. Someone says, but what about x, y, and z?
4. Deny.
5. Deny.
6. Deny.
7. Claim to know more, but don't actually present a counter argument.

It must never get old for you.

"how dare anyone defend MS on slashdot?"

No, how dare you do nothing but defend MS on slashdot, then call yourself and independent thinker. About the third time that you dug in your heels on something obvious, and not very important, I started to wonder what was up with you. Now we know.

I don't care about DRM. It really was on the list of things you posted recently. Again, I was being factual, and you completely misread the plain meaning of it.

"Now you need to fall back on plain english."

In case you missed it, all of my post were in English. Even when we used different terms, my follow up explained how I was using them. At which point you can continue to argue about what's an admin, or you can actually say something about why you prefer admins on Windows. You chose the former.

Speaking of English comprehension, if I say that being able to run without root privileges is new to Windows, that doesn't mean I didn't know XP has standard users. If I say that those standard users were unusable, it might mean that I think not being able to use ordinary applications, including Microsoft applications like Word and Excel, made the standard user unusable. And if I post a link to a Microsoft executive admitting that they coded like this prior to Vista, then you really should be able to comprehend that.

Wow, I'm genuinely surprised you got the following right:

1. We already know from theory, that unixes are much less susceptible to viruses.
2. Architecturally Linux and OS X are less susceptible to viruses.
3. Vista's security model still has its problems.

Those all go to support the main point:

The claim that Linux would have as many viruses as Windows if Linux were as popular as Windows is false.

Here's one I have realized after talking to you:

Nobody who has ever made that claim has ever said anything to support it. It's a hit and run line for Linux bashers.

1. You claim standard users are new to windows

I probably used standard users before you. My claim was that Windows didn't have usable standard users, like Linux does. In fact, this was considered a new goal by Microsoft itself in 2006, which I cited. Thanks for the numbering. That makes this lie #1.

2. You claim admins on windows are like root on linux (i.e. you are unaware of local system's role)

If you think that Windows administrators are not like root, then you are truly clueless. Remember when I asked when you were going to make your next uninformed assumption? It didn't take long. Yes, I know what the system account does. Have fun running as local system. D'oh!

3. Your insistence on calling sudo a security warning

It is a warning, in the plain English reading of the word. Choosing not to understand again? How strange... or maybe not.

4. You were unaware of whitelisting and authenticode checks from UAC.

Says who?! Whitelisting does not invalidate my argument. If you're using whitelisting to suppress unwanted UAC *warnings*, then you just don't get it.

Now let me try your tactic: You don't know what Integrity Levels are?? Clearly security is not your thing. You didn't even know what Integrity Levels were until I told you, etc., etc., lie, lie

5. You cited SELinux without actually knowing what it is (since it is unrelated to your claim, you would not cite it if you knew anything about it)

I have used SELinux since FC4, genius. And PolicyKit is on my Ubuntu 8.04 (running in default config, though). This is "unrelated" to Linux security?? Hey, didn't you claim to be running Ubuntu? You said, "I'm typing this from Ubuntu now!" I guess you like to claim things that aren't true. Why is that?

WAIT. WHAT'S THIS I FOUND???

I can't believe I didn't check before now, but since the linux-friendly Linux bashing didn't add up I looked at your posting history. You're a total Microsoft homer!

Whether you really type on Ubuntu as you claim, or not, it is an indisputable fact you can only be bothered to post when Microsoft needs to be defended, whether it be Xbox, Windows 7, or the Corporation itself. You couldn't be more passionate about them if you worked there yourself. You did take a couple of breaks from it in recent postings to promote DRM and to dump on Apple, but other than that it's pure Microsoft looooove.

Hey, don't fight it. Some of us never find love like that in our entire lifetimes. ;-)

you better know what you're talking about.

Either you suck at reading comprehension or you don't know what *you're* talking about. I consider a user with sudo access to be an admin user, because they can administer the machine. Is that so damn hard? Rather than simply getting the point you have to tell us what an admin user is and is not. FYI, admin in Linux != administrator on Windows XP. The Windows XP administrator is more like root in Linux. You knew this, of course, but if I don't spell it out for you, you will pretend I don't understand.

So getting back to the point: A user without sudo is actually usable, but a standard Windows user is not. Your counter example of a 1000 data entry monkeys all using the same application(s) does not impress me. You go on to say the mode is not important because grandma's don't use it? Which is it? We're talking security. It's a security advantage to be able to run in that mode more often? Yes, so it counts. Microsoft itself will admit this point, but you won't. Fine!

Yes, sudo is a security warning. It warns you that your action will require elevated privilege, with the security risk that entails. You're bitching about terms again, probably because you don't really care. It's not a Slashdot myth that UAC is often invoked unnecessarily - that's another weasel debating tactic - labeling that which you disagree with. I've seen security prompted for deleting files I created, and for apps that had no business getting elevated access. I can browse without sudo in Linux, the MS solution is less secure.

"It's the reason to not think of UAC as a security boundary."

AND it's the reason that it's a very bad idea to invoke it for everything under the sun, like Vista does! Then there are the processes themselves. Which elevated apps are more likely to have those holes you speak of? Survey says... Windows. To recap, I run fewer processes with sudo, and those processes are more secure. Deny it if you want. Did you know that sudo can be allowed only for those executables you trust. Oh, what am I saying? I'm sure none of this counts. So Window is the same as Linux after all, in your mind. Congrats.

BTW, we haven't even touched on PolicyKit and SELinux. MS had a hard enough time bolting UAC onto it's architecture. How will they go forward with their "state of the art" UAC and still champion ease of use and backward compatibility? Hint: They probably won't.

I liked the article I quoted, I just think that Convenience beat Security in order to get UAC working. Still it's a step in the right direction and miles better than XP. I hope that external security is similarly improved. Only time will tell.

"Think for a second that one single linux distro has 95% of the market."

Do we have to assume that Linux loses it's diversity as it grows in popularity? Why? I guess if it doesn't fit with your world view, we'll have to throw it out.

Oooh, threat model. I've never heard of that before. Ok, I'll concede the point... wait, what point? You haven't made one. Are you claiming that people aren't choosing Linux for it's security. Based on what?

"Anecdotal evidence does not count."

Count whatever you want. My first reply was to two people contributing their Windows anecdotes. I can add mine too... unless you don't like it, of course. Just let me know.

So you know, I am not gating access to my network with XP. Those machines are for testing security in a lab, but not OS security. Do you object that I don't fork out more to MS when it's not necessary? What will your next uninformed assumption be?

"I make my living as a dev on windows."

Color me not surprised, you independent thinker you.

"The word finally is never used in security."

Reading comprehesion, again. Windows security has sucked since DOS. You're trying to say that it has finally improved to decency. That "finally" doesn't mean it won't improve further. It means it's "at last", and "just now" reaching parity. Well that assertion is unproven, and requires some time to validate. History would have you be more skeptical, but feel free to champion Vista early and feel special.

Try to notice that I was the one telling you not to use the "swiss cheese vs. vault" argument. It's easy to meet an arbitrarily small standard, or to show that your less favored OS is not perfect. Now you're saying that no security is perfect, as if it's a revelation? Wake up! That was already a given.

I'm sure you disagree with or are still misinterpreting everything I've said, so I'm willing to leave that all behind. I'll just take one parting shot at the assertion that I took exception to: Linux is only more secure because it's less of a target. Since that's untestable, I'm sure you'll go spouting that to anyone who says something bad about Windows - even if it's just their true anecdote. I've given you some counterpoints, but since you deny even the ones that are demonstrably valid, there's no reason to carry on the sham that you are an independent thinker. That's an agenda.

No word play. Another attempt to characterize the response, rather than simply address it, like using the word groupthink.

1. Wrong. Linux has real non-privileged users. A user with sudo is and admin user. So, root, admin, normal user. I'll forgive your lack of familiarity, because you're probably not a security professional. ;-)

You think it's OK to conflate confirmation of actions with security warnings? You're fine with requesting privilege elevation so often that users learn they have to click "allow" to get any work done.

2. Wrong. I have tried to use a non-admin account on Windows many times over the years. It's unusable. This is news to you?? I guess you missed this quote from Jim Allchin at Microsoft (http://windowsteamblog.com/blogs/windowsvista/archive/2007/01/23/security-features-vs-convenience.aspx), "most software developers (including at Microsoft) developed their software assuming that the user would be an administrator." If you don't need to run any software, a Windows standard user should be just fine for you!

Here's the clincher, "If an administrator performs multiple tasks on the same desktop, then malware may potentially be able to inject or interfere with an elevated process from a non-elevated process." He goes on to explain why they made security compromises in Vista, but all you really need is the title, "Security Features vs. Convenience".

3. Not a monolithic user environment, I meant to say. The mix of packages installed even on the same distro has a healthy variation. Basically it's the same argument as diversity, which you tried to make equivalent to adoption rates. Just concede the point and move on.

4. Companies who are entirely web-based think that Linux is a safe OS. They don't think that Linux is only safe because hackers don't care. They know that hackers have attacked their OS, and that Linux is pretty secure. Again, just concede the point.

My compromised RADIUS servers were on XP and 2003 with current updates, so I know you won't defend those, even the very latest versions. You want to say that Windows has finally caught up to everyone else, after 15 years, with Vista. Your problem is that you want to do this by saying that Linux and OS X have weak security too. I strongly disagree, but even if you win that argument, you lose. You're on a train to nowhere.

You're a Windows fan, and I'm not - that won't change today, but I hope you'll consider how Windows has earned its reputation as an insecure OS. That is the reason for the complaints, not groupthink. Vista's security model still has its problems, so don't take it personally that someone doesn't take your word for it that things have finally changed. I told you that if I find Windows 7 security to better (i.e. intelligent and effective), I will give it credit. I can tell you right now, if it needs 3rd party applications to ensure OS integrity - and Microsoft says that Vista does - then I won't call it secure.

Corrections:

His grandma not being able to run Linux was an arbitrary excuse to not discuss Linux security. You can speculate on why he didn't go there, but it's not because normal people won't be able to run it for several years! (very funny)

Miller: "I'd say that Macs are less secure." By the way, I'm an expert on Mac security and I work for a security firm that I'm going to promote in this interview. (sorry, that's not an unbiased source)

You'd like to paint my claim as "Windows is swiss cheese and Macs/Linux are vaults", but I'll say it again, since you liked it so much: Architecturally Linux and OS X are less susceptible to viruses. Having real non-privileged users is better than the default admin+UAC of Vista. Applications on Linux have always been expected to run without root privilege (not all do), whereas the concept is still new to Windows, thus the UAC requests for almost anything. Not being as monolithic also helps. Distro diversity also makes viruses less successful (not a Mac advantage).

This groupthink insult is pretty easy throw around, isn't it?

45% of web servers run Apache, and most of those run Linux - including the web's biggest sites. Millions of internet accessible machines. Not worth writing a virus? I can only assume this lie helps you put up with Windows.

"over someone who could accurately represent us"

The justice department's position is not an elected representative. He's not supposed to represent us. Lawyers are mercenaries. They'll change their beliefs for whomever signs the paycheck. He'll do what he's told. Your problem is with the person running the show. Obama took record amounts of money to win, that probably means a lot of favors to pay back, and not to you and me.

Charlie Miller Interview

You mean the one that starts with, "I'll leave Linux out of the equation..."? His point is that OS X would be more vulnerable to malware, if it existed? You do realize that both this year's and last year's exploits were flaws in the Safari browser, right? I don't think he means what you think he means when he says a Mac is easy to break. Oh by the way, this is someone who is promoting his expertise in compromising platforms, so he does have an incentive to overstate the need for his services.

I'm telling you, the notion that Windows is swiss cheese and Macs/Linux are vaults is a complete fallacy.

You're really going out on a limb there. Nevermind that that isn't my point. Architecturally Linux and OS X are less susceptible to viruses. So, if you want to explain away the last ten years of internet facing Windows systems getting exploited even when they're not browsing or running any web services that's your business.

Sadly, that simply isn't true. The script-kiddies...

Let's end it here then. Script-kiddies are not the problem. I think the best thing about having switched to Linux is not needing to buy an anti-virus solution, which then needs to be maintained and which bogs down performance even when it's running properly. If Windows 7 doesn't need that, then great - it's about time.

And there's also not needing to manually remove a virus when it gets you before the update is disseminated (again, conficker). Real story, real hours of lost productivity, real money being spent on an A/V licenses. This only happens on Windows, so bring on the excuses - that's all they are.

http://windowsteamblog.com/blogs/windowsvista/archive/2006/11/10/windows-vista-defense-in-depth.aspx

I've heard this argument before. If there are 25 million each on Mac and Linux (I don't know the real numbers), then that is enough to be targeted. You aren't aware of it, but there are people who write a virus just for the challenge. Look at all the attention that Maynard and Ellch got for their claim to be able to compromise a Mac (which never materialized.) You'd be a rock star at the next Black Hat conference. If they could, they would.

This claim that nobody wants to write a virus for Mac and Linux is becoming laughable.

Are you suggesting that the lack of exploits (in the wild or otherwise) on Linux/Non-Windows-OS-of-your-choice indicates a lack of security holes?

Well, it doesn't indicate the opposite! I'd say there is enough installed base of Linux and Mac OS users to confirm what we already know from theory, that unixes are much less susceptible to viruses. However my main point was that we've suffered so long from the buggy and insecure Windows offerings that a perpetual subscription to an anti-virus program is considered normal. How come I never see this in the TCO calculations that MS/Gartner likes to spew out? I've lost way too much time to Windows malware to accept empty claims of Windows security. I sincerely hope, and I'll give them credit, if Windows 7 is finally better.

Conficker? Exploited a defect in a network service that was enabled by default, whereupon it disabled the anti-virus and blocked OS updates. If we're even discussing third-party virus scanners that have to be installed after you've installed and updated your OS, then it's *not* as secure.

Thanks for confirming the point.