Linux Security
David Fletcher
fc at fletchersweb.net
Thu Sep 7 08:54:36 UTC 2006
At 02:39 07/09/2006, you wrote:
>On Wed, 2006-09-06 at 19:49 -0500, Michael Yep wrote:
> > Users should run as restricted users
>
>When I was running Window NT, I did that, and it
>worked great, but when I "upgraded" to XP I found
>it was totally impossible to do anything and eventually
>gave up trying and just made my "normal" user
>an administrator.
I've got the same problem here (at work). Unfortunately like many
others I have to use XP. Also unfortunately I need to use old
software, which probably pre-dates windows 98. It works OK most of
the time, but won't work at all in the "normal" user mode so I have
to permanently work as an administrator.
The important difference is, I think, that until XP (in my experience
which excludes NT) windows has always been totally insecure (which
isn't saying that XP is totally secure) whilst Unix/Linux has always
been secure by default. So applications for windows have
traditionally been written to run in an insecure environment and
generations of computer users don't have the first clue about
security. Which as we've seen in recent years is a recipe for disaster.
So, if we the Linux community can manage to persuade computer users
to switch from windows to Linux we've then got a problem with people
who don't understand security. If they've always run windows in
supervisor mode then they'll just run Linux as root user because they
don't know or understand the reasons why that is A BAD THING.
It all boils down to education. If a Linux user can manage to turn a
windows user away from the Dark Side then that's very good. But with
that power comes responsibility - the responsibility to educate new
users to run the operating system correctly and safely.
Would it be a good idea for FC to incorporate a "nag screen" that
pops up with a security lecture if the system is logged in as root
for longer than, say, 20 minutes at a time? Or is used to run desktop
applications such as Open Office or The GIMP?
Dave F
More information about the fedora-list
mailing list