Aardvark

[Bruce Simpson]

This column is archived at: http://aardvark.co.nz/daily/2009/0122.shtml

The Conficker worm has already infected around 10 million PCs and is now spreading at the rate of a million new infections per day.

Despite the best efforts of Microsoft and anti-virus vendors, this worm still seems to be sneaking through cracks in the integrity the Windows operating system and preparing to do something that might be rather nasty.

But there's one way to defeat this (and all the other Windows worms) which most people seem to be totally overlooking.

Forget anti-virus, forget an endless stream of weekly updates -- why not switch your surfing PC to Linux?

Okay, I know that most of Aardvark's regular readers will have learned nothing from today's column but what about your friends, colleagues and family? Might they benefit from a quick browse of today's column and a switch from Windows to Linux on the machine they use to surf the web?

Is it time to say "Windows is great for gaming and other stuff but Linux is a *must* for websurfing"?

Oh, and you Apple users -- how dare you sit there so smugly with a big smile on your face (damn you!)

Has Ubuntu (or anyone) done a "websurfer" distro that could be used solely by those who want to browse the web with safety?

[Eythian]

[Bruce Simpson]

[Eythian]

[techy]

COme on, some simple protection and sfae surfing habits and you don't have a problem.
I have never had malware on my WIndows PCs.

[Bruce Simpson]

[Hiro Protagonist]

Bruce sez: It won't replace Windows for every-day computer use (yet)

Why the hell not?

I haven't touched a Windows box in years. At work, [large multinational company], everything is done on Linux. At home, likewise I use nothing but Linux.

People who say "Linux isn't ready" are blowing smoke.

[thrashcardiom]

[Bruce Simpson]

It's tempting to agree with this -- but you should never over-estimate the abilities of the average computer user.

The'll do just fine until the "friendly" layer of the Linux GUI shell being used is breached by some message from the inner core asking them things in geek-speak.

Or... they are hit with the concepts of permissions, root passwords, etc.

Remember, to be truly safe, you can't run your Linix distro as root so some measure of understanding relating to file, directory and user permissions has to be introduced somewhere.

There's also the "where do I go for help" issue when something goes wrong (as it sometimes does).

If you ring the Xtra helpdesk and tell them you're running anything other than Windows they'll probably say "I'm sorry, I don't have a flowchart for that, please call again" and hang up.

[mitupo]

In my opinion, this article is pretty misguided.

"Instead, they can browse serenely, not having to worry whether the next website they visit might deliver an evil payload to their hard-disk that could wipe out all those priceless digital photos and valuable documents."

You seriously think there is no malware for MacOS or Linux? Implying to the average ignorant PC user that they can simply switch OS and they no longer have to worry about security is bordering on reckless. Every computer needs to be secured with a firewall even if they don't necessarily need AV software (and I'm not convinced that will ever be the case for the average home user).

"Windows is a fine operating system that makes it easy to use your PC - but it's the sheer popularity of the product that invites so much unwanted intention from those hell-bent on stealing your money or data."

So you want everyone to use Linux or OSX, which then makes them more popular, which then makes them a target for malware authors? Seems like some backwards logic to me. Security through obscurity is for people who don't know how to secure something properly.

"Microsoft regularly issues security fixes and patches designed to seal up gaping holes in its software and although this helps protect users, the hackers are always a step-ahead."

Again, this is a popularity and numbers thing. Sure, OSS results in flaws getting fixed way faster (and I think it is a far superior development model in general), but the flaws still exist. I've had a Linux box hacked because I forgot to patch it. Installing Linux or getting a Mac doesn't make you exempt from normal security practise.

"I strongly suggest that people start hauling out those old PCs and installing an OSS operating system such as Linux, along with the FireFox browser. "

Most average PC users that I know couldn't even reinstall Windows, let alone download an ISO image, burn it, then install Linux. Most of them wouldn't even know what an ISO is. Or want to know for that matter. Until this kind of thing is sold, and more importantly supported, from the shop floor, this is unlikely to ever take off, no matter good an idea it is.

Windows is a good, solid, easy to use OS that is perfect for the average home user. Its a bit bloated and in my opinion, isn't technically as good as either OSX or a lot of Linux distros, but it does what they want it to do, which is run their software. At the end of the day, most people don't care about their OS. They care about their iTunes, MS Word, Photoshop, or World of Warcraft.

If well maintained, Windows will give years of good service. Yes it has security holes (like every OS), but the biggest one in most cases sits between the chair and keyboard. Most PC users need education, not a new OS.

Mike.

[Bruce Simpson]

[mitupo]

Thats very true (unfortunately), but all of those things those same people will do in Linux or OSX. They will have less problems, but I bet they will still have problems.

[smeenz]

Bruce, I'm surprised by today's article. Every OS is vulnerable to exploit, and to suggest that windows is the only target out there is naive at best, and dangerous at worst as it leads to complacency.

There are certainly viruses (viri ?), malware, worms, and trojans out there for MacOSX and linux, and although those two operating systems are generally harder to hit from install, they're certainly not impervious to attack.

[rossnixon]

Linux Mint is a better version of Ubuntu for those that just want to be up and running faster. It has various multimedia add-ons that aren't installed by default in Ubuntu. But if you have the extra money, Apple OS X will be the easier choice for the average user.

[Snufkin]

[Newsjunkie]

Bruce you advocate increasing the supply of Lunux users. Hackers simply view this as a demand for Conficker worm Linux version.

[Wodger]

I'm not sure about this article either. I feel that Ubuntu isn't really ready for the "average-user" market yet.

Edit - I put myself in the "above-average" box .. Not much, but a little bit

I moved to Ubutnu just under a year ago when I got hit with malware (I was not running virus protection, so it was a risk I knew I was taking) which made my computer unusable.

While I haven't got or made the time to learn the finer points of administering linux I have had to learn a great deal to fix various problems that I've encountered along the way.

The initial install was a piece of cake, but if Google weren't around I'd never have coped with things like:
- video card drivers (thank goodness for EnvyNG) and configuration problems that came with this which required fixing in a terminal window before I could use the GUI after a problem arose relating to video drivers

- installing software so I could use youtube (activex or an activex control or flash? I forget now but it was no way near as simple as it is in Windows)

- letting the system update itself with a new kernel which rendered vmware server unusable - that was easy enough to fix considering I'd got as far as installing vmware server, but still required the terminal.

It also wants to do a hard drive check every time I start it up (rare becuase i usually just leave it on) which it fails and brings me to linux terminal sadness every time. I now always cancel the disk check and the system runs just fine. I realise this is probably unwise, it's a risk I'm taking on for myself, but it's also just something else I have to learn if I ever get the time.

Then there is the hardware and performance. I have a P4 2.4Ghz machine with 1GB of RAM and a 128MB PCI graphics card that is supported by the latest Nvidia drivers. From the first install (before I loaded up the extras) it was far more sluggish that Windows ever was.

Considering the above I decided never to set up Ubutnu for friends (for now) because it would just be a headache I would regret, while Windows is a bit easier them to understand, including the instruction to buy antivirus software, and easier for me to quickly support if they ran into trouble.

I'm sticking with it because I prefer the lower risk I (think I) have with linux and I can support it well enough for myself. I also don't have the time or any compelling reason to revert to Windows. Those are pretty much the only reasons though.

Edit - Someone once said to me if I don't have virus protection how can I know that I don't have viruses?? I would have no idea how to determine if my computer isn't being used to send spam emails left, right and center.

[Ian O]

[LesF]

The scum out there building the botnets will target Windows while it is the O/S used by the majority. If a significant number of 'average users' start using Linux for their desktop O/S, I'm sure there will be a lot of brainpower directed towards getting trojans and bots into that platform as well.

It comes down to what the trojan is trying to do; if you managed to get something installed as executable within the user's environment, without root level execution, it may still be able to do things that the user can do, e.g. bother other people via email. Getting root access will be harder, if the user is paying attention to security, or has a patient and attentive relative keeping their system up to scratch.

Oh, and I recommend Mepis* Linux, for a really easy installation of an internet/email ready desktop system. The relatives I have set up with this are running happily and make a minimal number of support calls to me, compared to those running a certain commercial O/S.

* www.mepis.org - a really nice distro, based on Debian, also uses a lot of Ubuntu built apps

[Eythian]

[Jman]

I've been using Linux for many years, but as an avid gamer I still hang on to my Vista PC running the latest Nvidia drivers and newest version of DirectX. If software and hardware companies got more serious about their products working as well on Linux as it does on Windows that could cause Micro$oft some serious trouble.

[mitupo]

"Sorry, but I agree with almost nothing you said"

Fair enough

"Right now, the average user is very safe using Linux on the internet, and very unsafe using Windows. "

Agreed, but saying to the average user, who is the target of this article, 'change your OS and you'll be secure' will give them a false sense of security. My comment was largely targetted at MacOS as it has a larger user base and gets attacked more.

Regarding ubuntu at DSE, I wasn't aware of that. I stand corrected, although I would be surprised if you could get the same level of support. Not talking about forum boards (which would be completely useless if the issue you happened to have was your internet connection....), but someone who you can talk to over the phone or get round to fix i.e. the sort of support most average users would want/need (again, a numbers game and not Linux's fault).

"You can't educate people. You need to convince them to do things the right way."

First you need to educate them on what the right way is. If someone came to you and said their clutch in their Mazda was stuffed, you wouldn't say 'buy a Toyota' (well, you might), you'd tell them to fix it and then not ride their clutch so that it wears out.

My 'Security through obscurity' comment was probably a bit harsh, but I still stand by the sentiment. I agree that using a less common OS is better for lowering the possibility of attack, but that doesn't mean you won't get attacked, and if you're unpatched and/or have no firewall, you're still asking for trouble. Obscurity is a layer of defense, but in my opinion it's a thin one. I'd rather have a good door with solid locks than hiding said door round the back of the house.

"No, but the patches are much less intrusive, too. It's very rare to need to reboot after updating Ubuntu, and it certainly doesn't nag you every 5 minutes to do so. This means people are more likely to apply them. Also, it patches every program installed on your computer. "

True, but I don't see it as a big deal to shut my computer down when I go to bed and have it install updates at the same time. Linux distros will patch everything that has been installed through it's repositories, but what about apps that aren't i.e. downloaded deb/rpm file and manual install? (I'm seriously asking here, all my updates are done using apt-get upgrade)

"it is actively dangerous"

That's a bit harsh, but thats just my opinion.

[Eythian]

[mitupo]

I'm sure we could debate this for a loooong time, so I'll make this my last post

No, but it is legitimate to say "change your OS, and you'll be a lot more secure. Don't do [silly thing A] or [silly thing B], but you don't have to worry about much else."

You could also say 'Don't do [silly thing A] or [silly thing B]' to a Windows user and most of their problems would go away (when combined with 'install your updates')

What do you do if you can't get your network running in windows?

Call Geeks on Wheels

I meant that the OS needs to be designed in such a way that it encourages them to do the right thing.

Totally agree, but in my opinion the 'Install updates and shutdown' option is pretty good. The default is to install updates at 3am every night too if I remember correctly.

You tell them how to drive it properly, but a few days later 'comet cursor for clutches' has bolted itself onto the bottom of the car, and it's all over again.

We're giving this analogy a thrashing but you'd expect whoever fixed your clutch to also remove comet cursor if you had it, and tell you how to avoid if you didn't. There is a point where a Windows box is just too full of crap and needs a rebuild, but if you give a clean machine to someone who has been taught not to do stupid things on the net and keep things up to date, then the machine usually stays fairly clean. Most of my friends and family never have any issues after a few pointers.

But then you're spending more time on the internet with it unpatched.

You're also unpatched when the patches are downloading. It's unavoidable and a few extra hours generally won't make much difference if you're firewall is on and you are otherwise up to date. You also don't want your machine installing updates and taking up processor time if for example you're editing your holiday snaps or playing a game. That would annoy a lot of people and they'd end up turning the updates off.

No, they can't update those. This isn't as big of a problem as you might think, as there is so much stuff that is included in the repositories that it's rare for people to install extra things, and even rarer for that to be something that is likely to be working with untrusted data.

It's only rare because the big applications aren't available on Linux, e.g. MS Word, iTunes, Photoshop, the majority of games etc. Most of my apps that aren't covered by Microsoft Update (which now updates some other companies software too e.g. Flash) check for updates themselves when they start anyway. It's not a biggy.

In the same vein, but a little more conspiratorial, it seems to me to be a bit conflict-of-interest-y that the same company tasked with securing the OS also sells security products for that OS (and, worse, lowers the security of the network as a whole by buying companies producing cross-platform security products, and shutting down all but the Windows version.)

Yeah thats the kind of stuff I hate about MS, and the reason I tried using Linux as my desktop for a long time. In the end though I gave up because I spent more time making my apps work than using them. Obviously things are different now but I haven't seen anything in the Linux desktop that would make me put up with the lack of application compatibility i.e. no iTunes, Adobe Lightroom etc. Yes I know there are alternatives, but in my opinion they are very average in comparison to the established app.

I used to bag on anything MS, but I now have an appreciation for what they do well i.e. make easy to use products that integrate well. I usually don't agree with the way they make their software (lack of modularity and general bloat), but for the average person, I think they make very good products. The Linux guys almost always have the better technology, but they don't integrate it into a complete solution for the desktop user as good as MS and Apple, largely due to a lack of support from hardware and software vendors.

My next desktop machine is going to be a Mac so I can run all three OSs using VMWare Fusion

[Eythian]

[edwin]

Wes sums it up quite nicely:

http://nz.youtube.com/watch?v=d85p7JZXNy8

[mitupo]

Eythian I did pretty much the same thing. Spent far too much of my work day in this debate

Think I might take your suggestion and try out some new Linux distros. It's been about 18 months since my last play.

[slijmbal]

[Ian O]

[quote="slijmbal"][quote="Ian O"]

[Peter]