The choice of software to run our computers can get awfully depressing. On one hand, there’s Windows XP expensive and woefully insecure, but it works on almost every machine out there. On the other, there’s Mac OS X — far more secure, but also expensive and restricted to Apple’s own computers.Where’s our independence from this pair? For a growing minority of users, it comes in the open-source operating system called Linux. It’s either cheap or free (depending if you buy a packaged distribution or download a version online), it’s secure and it can run on any Windows-ready machine.
And because its code is open for anybody to modify, users, not marketers, can get the final say in this operating system’s evolution.
But Linux doesn’t offer up these rewards easily. At worst, installing it means hours of thumb-wrestling the software into submission, first tweaking it to work with a PC’s hardware and then mastering the inscrutable routines needed to update and manage this code.
Read the rest of the interesting editorial at Washington Post via Y! News.
those zealots piss me off, then lots of typos
“u can’t see in linux only dependancy?? ”
should be
“u can’t see in linux anything but only dependancy?? “
We always see the typical “newbie from Windows” stuff, but why (almost) never can I find a “newbie TO Windows” stuff? Maybe from MacOSX. Or from any other OS in the world. Sure Linux is hard to learn for someone that just wants to make an article. But right now I think I would be in trouble if I wanted to go back to Windows (I don’t even know how to do anything in XP… and I don’t want to know it).
This if like telling “my language is easier than any other because I learned it when I was a kid and I have to learn the rest being an adult”.
The windows zealots whine as people point out advantaqes of linux. As you can see, your “zealots” comment works both ways and there are “zealots” on both side of the fence but for some reason people seem to be blind to the windows ones.
“Best to be thought a fool rather than open your mouth and prove it” seems to be a good quote for some of the posters here.
*More secure. Who are you trying to kid? Windows is just as secure as linux if you patch it up (you have to do so with both OSes, after all). Unless you run services like web/ftp/ssh, in which case you’re begging to get hacked.
Actually there is one big difference between Linux and Windows with regard to security. In windows the applications that provide the services are the only layer between the hacker and the OS.
In Linux (2.6.x+) you can use mandatory access control or even multi level security if you so wish. This means that there is no longer a sysadmin (root) with godlike permissions.
Each process is run in a security domain that according to a security policy is allowed to access resource types. Even the transition between security domain is guarded by the security policy. The policy also specifies what security domains each user is allowed to enter by giving each user one or more security roles. E.g. you could prevent any program but the installer to modify your software, and only if it was invoked by a specific user from the console.
On independent of this you have Posix ACL security.
All in all this means that even if vulnerability in a service running as root is exploited, this doesn’t necessarily mean that all of the system is compromized, only the files that by the policy is specified to be writable or even visible to that service is at risk. For one thing, this makes it very hard for viruses to spread in such a system.
It can also be used to sandbox “dangerous applications” like web browsers so that they have less capabilities if they run like root. E.g. preventing them from attacth sensitive files in e-mails even though the root user have full access to these files if he uses a texteditor or some other authorized application.
The only objection I have to this system is that it was contributed by NSA, so I would guess that they would have some way of breaking it. But as it is open source, and the code most likely is scrutinized by independent security experts in Universities and other centers of knowledge round the world, I would trust this more than a closed system where NSA easily could buy their way in. The risk for such things would be much higher in US software such as Microsoft.
1) At least SuSE (I do not know about the others) does not need a third party partition manager but instead elegantly adds your Windows install to your Grub menu (unless you unfortunately encounter that parted bug 😉 )
2) Complaining that SuSE does not recognize sound cards until reboot but failing to notice that a WinXP install reboots after copying the files, too.
3) Lack of prepackaged rpms: rpmfind, etc. for most distros, for SuSE, packman or guru’s rpm archive offer most things you need as a standard user.
4) Failing to notice the time needed for installing a complete system with office suite, graphics suite and all the other stuff you get with linux. Running SuSE’s installer gets you up and running in under an hour whereas when I recently installed WinXP on a friend’s laptop it took several hours to install everything.
BUT: aside from these inaccuracies the article is right. Linux does in fact even after all the improvements of the past years still requires diving into the shell and doing some rtfm of your own (or Googling the net). For the usual non-geek computer user, this is what makes them stick with Windows. I am convinced though, that Linux will overcome these hurdles soon, too.
My biggest problem with Linux is that its like a box of chocolate, you never know what you are going to get.
Please don’t compare linux to a box of chocolates, which is cheap, thoughtless, perfunctory gift.
In Linux (2.6.x+) you can use mandatory access control or even multi level security if you so wish. This means that there is no longer a sysadmin (root) with godlike permissions.
Bingo. SE linux, adamantix, immunix, etc are on a level that windows cannot compete with re: security. I’d say the only thing surpassing this is something like Trusted Solaris, Trusted HP-UX, Multics, etc. And the proprietary OS are WAY more expensive. I believe Trusted Solaris is a grand or more in various versions. There are simple ways too like chrooting and bsd jails. And please don’t post C2 level rants about NT … Windows, Redhat, SuSE and Solaris are all evaluated by Common Criteria (EAL4, etc) which supercedes the older DOD standards.
As far as the linux kernel exploits, most (if not all) of those are local roots. I’ve pared my toy server down to apache, proftpd, and sendmail. Yeah I should use postfix, but still they’d have to get a zero day for one of my 3 services. Then advance to root. Any dictionary cracking and other games I’d see instantly in my logs. I’ll install tripwire and logwatch and sleep very soundly.
I’m sure both Mandrake and Suse use ntfsresize, so they can resize ntfs partitions during install.
There’s shareware too like BootItNG. If you play with OS like Solaris and XP, I’m sure you can cough up $30 for a partitioner. ntfsresize(), fips, Mandy Disc 1, ASP Disc 1 are other options. Resizing ntfs and fat32 is trivial in year 2004.
Manuals and books take time and money to create. We wlll never see hardcopy manuals coming from non-commercial distribution because they lack the writing skills and the money needed to support such an effort.
Um that is just plain wrong. Slackware Essentials is available in paper, so is the freebsd handbook. Both of those are official, not 3rd party. I own the latter and it’s much better than most XP documentation I’ve come across. I forked over $15 for the 3rd edition _Running Linux_ which is very good. Several more linux and unix books are available at my local library should I run out of money.
The only objection I have to this system is that it was contributed by NSA, so I would guess that they would have some way of breaking it. But as it is open source
Very true. I’d worry more about someone rooting debian.org and installing rootkits and changing md5sums of official cd sets. That’s a much bigger risk than an intelligence agency with a budget bigger than most 3rd world countries. If the NSA wants to own you, oh believe me they so can. And this code is being well scrutinized as you note, it’s not some Clipper chip or modified S boxes ala DES/Lucifer. If you remember the S box story, it was found that they probably STRENGTHENED the boxes to an unknown form of attack at the time called differential cryptanalysis. It was only later publically discovered by researchers. I’d say that says LOADS for the integrity of the NSA. They could have backdoored it 6 ways to Sunday, and instead strengthened it (other than the 128 to 56 bit change).
As more defense of the NSA, they have released manuals on hardening windows in the past, supplied with no binary stuff or source code. So it’s absolutely no surprise to me that they got involved with linux through the SE linux project. Remember the NCSC subset of the NSA is devoted to hardening servers, both public and private, across the USA. They would never install a source code backdoor that a clever, well-funded adversary would spot in 10 seconds.
>Dual screens is very usful in software development as >you can have one screen for documentation and one for your >code.
I wasn’t questioning the usefulness of dual heads, I was wondering what you were putting them one a server for.
Um, because he runs Windows. The rest of the known universe uses serial console or ethernet.
the author fails to mention that even with cheap commercial distros, you get installation support for these little problems. Reinstalling Windows yielded similar problems for me (video set to incompatible settings => black screen)
About software availability, He should read the Quick guide, at least for Mandrake. Instead of going to a web repository, dowloading and installing, you go to the software install application, select the packages, and then install. I don’t know about Suse and Fedora Out of the Box though.
We always see the typical “newbie from Windows” stuff, but why (almost) never can I find a “newbie TO Windows” stuff? Maybe from MacOSX. Or from any other OS in the world. Sure Linux is hard to learn for someone that just wants to make an article. But right now I think I would be in trouble if I wanted to go back to Windows (I don’t even know how to do anything in XP… and I don’t want to know it).
There was an article about a Linux user who went to Windows for a week or something like that on Newsforge, somewhat like a year ago, I think. You could see the flames this side of the ocean. If you think Linux “zealots” (I hate that term) are bad, you haven’t seen the Windows ones that posted there.
I had the _exact_ same thing happen to me on my Dell D600 laptop and I most certainly didn’t install under VMware. The problem arose when Mandrake installed and chose a particular method of playing sound that turned out to not work so well with my Dell. Changed a few settings and the squeek stopped. Major pain in the ass though.
Windows is no way easy to install from the perspective of a absolute beginner. I am 100% sure that my parents are not in the position to install Windows on their system. No way! And no way that they are able to install Linux on their system.
But I would be sure that they would be able to install Mac OS X or one of those special Linux versions (Linspire/Lindows, Xandros).
All those reviews claim to have the beginner in their viewpoint, but fail to look at that problem. Just because the author knows Windows does not mean that every one else in the world knows Windows installation as well.
I know so manny people wich are able to use any system, but are not able to install or configure the same system by their own. And this does not only include PC’s. It includes video recorders, mobile phones, etc…
If all computer user would be forced to build their own system by hand and install the operating system on the home made computer, then I would understand that all of them should have much knowledge about computers and operating systems and and and … but as long as you can buy the system from a retailer or from your lokal computer store and have the OS already included on the system, I fail to see the reason that every single person in this world should be in the position to be able to install Linux, *BSD, Windows, etc on their own system.
Most users are just nothing more then USERS! They are not specialists in IT! They can’t code, they can’t install OS, they even can’t code macros in MS Office or OOo, they can’t fix their system if something goes wrong, sometime they fail to install their brand new super duper scanner or printer, etc etc…
And guress what: They don’t need it! They are happy if they can surf the web, write emails, write documents, lissen to music from CD’s, print their data, play they games, etc…
Why is everyone expecting them to be computer specialists? Why? Where is the statement from the computer indudsty claiming that installing an OS and configuring it is easy as 1-2-3? Where?
>>”…if you expect linux distributions to accept any package you must expect windows to accept any windows package you throw at it?”
One more time: The code in the programs in every distribution is the same. What’s different is the code in the packaging schemes and in the installation routine. E.g., emacs may cmoe wrapped up as an rpm, deb, a tgz, etc., but once it has been installed, it’s the same emacs; every distribution gets the same code from the same source.
Why is this so difficult to recognize?
You’re not making much sense. Try learning what an OS is; since you seem to think that every Linux distribution is a different OS, or that different iterations of DOS were different OS’s, you need some new ideas to chew on.
I suppose it is for some people. Of course, I see plenty of people on a daily basis who struggle in Windows. I see plenty of people who can’t drive well. I suppose cars will never catch on. I don’t have a cell phone <gasp>. Every time someone hands me one to use, I fumble with the interface, and it seems each one is different. Somehow, cell phones get used a lot, though.
Yeah, I know what they do. I don’t entirely agree with your shared library argument. In any case, who cares about download size? I get dependency hell and the trade off is smaller packages? Thanks, but no thanks.
I don’t know about the rest, but recently I have installed
RedHat 9. I have been using RedHat 7.3 before. I did not want
to upgrade, since it is not critical with Linux to have latest
version all the time, and I do not upgrade often.
OS instalation from CD’s took me very little time. I spent some
time with new kernel and ATI Radeon driver, bu it was not critical.
Most of the time I spent configuring installed software and tweaking it to meet my demands. It is a development machine,
I had to have a number of services (http, database), programming languages, documentation, tools which are not included with distribution, etc. That’s where I spent most of the time.
And I don’t think it would take any less with any other OS.
DG
Excellent post. Linux zealots don’t have a clue about this. Here’s how people want to install Linux:
1) Put CD in drive of Windows machine;
2) Reboot
3) Install program asks if user wants to “keep and shrink” your Windows installation and dual-boot. User clicks “Yes” or “No”
4) Install program (re)partitions drive; user never sees the word “partition”;
5) Install program detects, install and configures hardware; user is asked to confirm video resolution and printer; soundcard plays nice jingle;
6) (optional) install program shows an image of KDE and an image of Gnome; user selects one
7) install program installs software
8) install program checks for network connection; if it is active and using DHCP, install program configures network and shows results to user; other situations are handled in the “first boot” program
9) install program reboot; install is finished.
Xandros, maybe some others, come very close to this.
Very true. Reviewers, especially in States where Linspire and other Linux based OS are available preinstalled, should take that point of view.
My wife who’s used computers for a very long time can’t change even basic systems settings on Windows. She can’t either program the sitting room DVD recorder I bought her, let alone do the initial configuration. Most people are just not interested in these things, like most people are not interested in knowing of anything technical apart from their 2/3 areas of work or interest.
So down the drain goes the argument of easier or more difficult to install and configure.
Linux is an open door to loads of real applications, really free, and that in itself, is priceless.
Slackware is a commercial distribution; Slackware Essentials is rather outdated.
FreeBSD is not a Linux distribution. The Handbook is essentially a hardcopy of the online manual that has been created over the years by BSD volunteers, especially Greg Lahey. That’s to be commended.
“Running Linux” is a commercial product from O’Reilly. It’s authors didn’t write the book for free and, presumably, are still paid royalties.
You have problems with 3 and 4 along with a few others. How does the install program know how big I want my Linux partition to be, or how small I want windows to be, or what kind of FS I want to use? I am not going to want to be stuck with ext2 or ext3, sorry no way! Oh what about the layout of the linux partition it’s self ? Maybe I want a boot, root, home layout ? Maybe I just want root and home only, etc…. Windows ( ME, XP, or 2000 ) does not even do what you say Linux should do and be like. I want simplicty but I don’t want to be treated like a child and have choices taken away from me.
why can’t people say they compare windows etc to _distributions_ ?
My Gentoo Linux would probably have sounded very differently in this article.
I disagree strongly with this.
Slackware gave me as close to the install you describe, and many months later it is still running without any crash. It also installed Linux in less time than Windows.
I disagree that Linux is an awkward alternative.
It is a better alternative.
So is OS X a great alternative.
We are spoilt for choice.
No one needs be stuck with Windows thank God, it’s only the lazy that stick with windows.
Is that I can’t set a decent sized drive partition so I can share data between Linux and Windows. WindowsXP only allows for NTFS formats and I can’t get more than 2Gb formats with Fat in Linux. Bloody annoying as I want to be able to store my stuff like music so that whatever OS I’m using can access them.
Driving me to drink. Microsoft has a hell of a lot to answer for. Pity I can’t get Reiser to be read/write on Windows XP then I wouldn’t bother.
right said mate. I always get angry when ppl just say Linux common guys its GNU/Linux
Slackware is a commercial distribution; Slackware Essentials is rather outdated.
FreeBSD is not a Linux distribution. The Handbook is essentially a hardcopy of the online manual that has been created over the years by BSD volunteers, especially Greg Lahey. That’s to be commended.
“Running Linux” is a commercial product from O’Reilly. It’s authors didn’t write the book for free and, presumably, are still paid royalties.
Fair enough about FreeBSD, although basic (generic) unix skills are good to have. I’ve learned a lot from the FBSD handbook.
Slack is just barely commercial, basically a support operation. I don’t think Pat even handles the commercial end of the business. And you can buy support for NetBSD or anything from someone, if you can just cough up enough money. I get Slack iso’s for free, updates for free, a CD sub is only $25 per issue, etc. That’s not nearly as commercial as Redhat Adv Server.
You want free documentation? Try the Rute Users Exposition and Tutorial. Available online, print it out, or purchase a copy of it if you wish. I don’t know the license on it, but it’s certainly free as in beer. Any newbie would be pretty competent after reading it. And as it clearly states, it goes more in depth on some subjects than even LPIC or Linux + guides.
Choose VFAT, or do your partitioning with something other than Window’s drive manager. I have 2 FAT32 partitions here, one is 60GB and the other is 80GB. If you use partition magic or something else, you are able to get past the arbitrary limitation of 32GB Windows imposes to force (encourage) you to move to NTFS. NTFS is a better file system than FAT, but its biggest problem is that Windows is the only OS that accesses it fully.
BeOS on the desktop? Interesting.
Slackware sells its distribution via its online store. Dunno about any support contracts, but Slackware is just as commercial as Redhat or SUSE. Less successful, yes, but that’s not the point. Being commerical — selling your product — is an either/or proposition.
Did I say I want free documentation? I’ve purchased losts of Linux books. Those books are available because publishers step in to fill the market space left empty by distributions that can’t afford to produce professional hardcopy documentation.
Mandrake partitioned my drive to allow a 25GB and 20GB VFAT partition, but mandrake’s didn’t. So it depends what partitioning program you use. Mandrake’s partitioning program is very good. The reviewer didn’t give it justice, it is a very powerful tool, and I way prefer to use it over partition magic (which seems to always die in a bloody mess on my system).
btw, I didn’t think this “review” was too bad from a mainstream press and a computer novice. Not sure why everyone is complaining so much. Depending on the hardware you use, you can have very different experiences with a Linux distribution. If all your hardware is supported, and is powerful enough to run a desktop environment like KDE, then you will have quite a good experience, IMO.
Also, what’s with bagging software installation on Linux? With broadband, I’m absolutely loving mandrake. The whole distribution + contrib + updates + plf is available over the net via the package manager. I was compiling KDE from cvs, and need a few -devel packages, and it literally took about 2 seconds of searching, then about 1 minute to download and install everything I needed.
It couldn’t *be* easier. Managed repositories are the way of the future. When ISV’s get on board, they may try to form deals with various distributors to have their warez in the repositories so updates can easily be sent out via the package management system.
Downloading binaries from random sites and running oddball install routines that don’t integrate with your OS very well are *so* yesterday.
“Downloading binaries from random sites and running oddball install routines that don’t integrate with your OS very well are *so* yesterday.”
MSI works fine. It’s just those programs that don’t include an uninstall that anger me. Or they include a broken uninstaller.
I can always pacman -R [package] on my Archbox.
What this guy is telling may be true 3 or 4 years ago. At that time me and my friends would spend ours just to get the gnome desktop interface on our pcs. But today its not true any more. Linux installation on pc is flawless. Today the big problem using linux is its 3rd party installation driver and softwares. You may think that ha!!! even that is not a problem anymore but infact it is!!! 3rd party driver or software will work on one linux distribution but does not holds any guarantee that it will work on others linux distributions. Linux GUI gnome/kde is improving month by month. Security updates to kernel are address faster then Window Updates. With this pace of developement, I think linux will come a complete desktop by year 2007-2008.
Oh, so there was basically only 1 UNIX OS, and only 1 version. Okay.
@ Darius
“Ever heard of the phrase “Don’t take candy from strangers?””
Addressed in my post. Don’t forget to apply this logic to:
1) Any proprietary software.
2) Any distribution’s binaries.
3) Any compiler you use to build source (catch 42).
“Complete, yes. But current for how long though? For example, how many of the major distros are currently shipping with Firefox 0.9.1 ?”
Anyone who wishes stability and having the thing Just Work ™ would not want to run bleeding edge software. They’d prefer one to test the software out and see if it works on their OS, and only then they’d wish to upgrade and use it. In Debian GNU/Linux world this is what Sid and Experimental do for Testing. Not surprisingly, Testing almost never breaks.
IMO Linspire is the easiest to use OS that have ever being produced.
– All the hardware I throw at it is auto-detected. (my laptops all features, my digicam, printer and modem)
– Software installations are a breeze with CNR.
– Awesomly helpful and very active community at linspire.com/forum
No other OS can meet all these points.
I’m a Debian user. I like linux.
That said, his main complaints are legitimate. And it’s not like his whole article is a critique. He also points out what’s good about linux. Keep in mind his audience too. This is not a piece designed for osnews or anything like that.
For it’s audience, it’s a decent piece of journalism.
“Tell me one distro that is fast usable out of box.”
SuSE Linux 9.1 is usable out of the box, with no tweaking to make it work. With an NVidia video card the only additional step is installing the NVidia drivers, which you have to do in Windows as well to get the full capabilities of the card.
>No other OS can meet all these points.
Xandros Linux does, and it does it better than Linspire.
dpi
By Bas (IP: —.mxs.adsl.euronet.nl) – Posted on 2004-07-05 05:50:49
>Complete, yes. But current for how long though? For example,
>how many of the major distros are currently shipping with
>Firefox 0.9.1 ?
What the purpose of that? you can not bring a new distro on the market everytime FireFox upgrades. What Mac/Windows versions ship with FireFox 0.9.1 than or even
Internet Explorer 6 Service Pack 1?
I originally made the point that if you were looking for a package and your Linux distro didn’t provide it, you could either:
a) Ask nicely for someone to package it for you and wait or
b) configure, make, make install and hope that works or
c) Use a package from another distro and hope that works either or
d) (One you added) Go searching in other repositories and hope you can find a package that hasn’t been tampered with (FWIW: I predict that if Linux gains a lot of popularity, this ‘repository hopping’ is going to be one of the main ways in which viruses are able to spread on Linux)
You answered by saying that all Linux distros are relatively complete (which they really aren’t, unless you just need the ‘bread and butter apps’), at which point I said what does it matter if they’re complete if the packages start to become outdated within a matter of days after the distro is released? Including everything but the kitchen sink in the distro is really a bad workaround for not providing users with some sort of universal package management system that works across all distros.
Anyone who wishes stability and having the thing Just Work ™ would not want to run bleeding edge software.
Look, I’m not talking about Mozilla 1.8 alpha here. IMHO, if a package is labeled as ‘stable’, I should be able to have a package to install in my distro of choice .. whatever distro I’m using .. as soon as it is released. You guys say that leaving it up to each individual distro to provide packages is not a problem, but I’mt elling you it IS a problem. It’s been a problem for every distro I’ve tried thus far. I realize that having to sit and wait for a package to be released (or trying to compile one yourself) is seen as normal in the Linux world, but certainly not where I come from.
Re: edo (Linspire = the easiest OS ever.)
– Software installations are a breeze with CNR.
Hmmm … looked in the web browser section. They got Mozilla version 1.5 there, and Firefox isn’t even listed. Next …
>>“Oh, so there was basically only 1 UNIX OS, and only 1 version.”
Do you make it a practive to put words in other peoples’ mouths?
You know as well as I that I did not say that. I didn’t say anything about Unix. We’re talking about Linux. Linux and Unix are two different operating systems. If you think different, I suggest you contact Torvald’s lawyers.
Nor did I say anything about versions.
I said that Linux is a single operating system. It’s packaged, sold and distributed in different guises, but each distribution is pushing the same operating system.
Different archiving schemes and different userspace downloaders and dependency resolvers have nothing to do with the underlying OS. They are just programs. Take them away and it is still the same OS. Would you argue that a Linux distribution is somehow magically transformed into another OS if it doesn’t ship with, say, Gimp and emacs? Why, then, attempt to make the feeble case that different distributions represent different operating systems simply because they include a few different userspace applications?
My experiences with linux are indeed wonky at the best of times. In many ways, what linux promises to the desktop user and what it delivers is very different from a user experience perspective – at least, I find it this way.
Installation: very easy on some distros (like Mandrake), very hard on others (Debian, so I’m told.)
Configuration: manually configuring text files has been augmented by graphical and/or text-based config tools on many of the distros, but these are not always without their own bugs and inconsistencies.
Runs on older hardware: not if you’re intending on using X with the latest GNOME or KDE.
Adding applications: RPM dependency hell. I’ve never tried apt-get. Rolling my own (compiling) from source was surprisingly fun, though.
Reasons to switch from windows: I’d say security is near top the list, as in protection from viruses, etc. (but with tools like VMWare, I might just be nearly as safe in running a virtual windows session under windows). The question is, can you ‘afford’ to be without all the latest and greatest software that’s only in the windows world (or certainly there first), in order to have a more stable, secure system?
Lastly, personal gripes:
*Xfree86 eats up lots of resources. Do I need a networking display protocol on a destop machine, really?
*lack of UML on various linux system components. I’d really like to visually *see* how the pieces of a working system fit together, and possibly promote greater cooperation amongst different distros and app projects.
WTF??? slackware is not commericial ! Suse,red hat is but slackware is not, u want to donate & soppurt patrik fine go purchase , if not just get iso’s from mirrors for free,
and the online books is updated.
get lost
say it enough times and it becomes true….
http://www.computerweekly.com/articles/article.asp?liArticleID=1315…
“Friday 25 June 2004
Security statistics show surprising finds
The Microsoft Windows application is more secure than you think, and Mac OS X is worse than you ever imagined. That is according to statistics published for the first time this week by Danish security firm Secunia.
The statistics, based on a database of security advisories for more than 3,500 products during 2003 and 2004 sheds light on the real security of enterprise applications and operating systems. Each product is broken down into pie charts demonstrating how many, what type and how significant security holes have been in each.
The figures have shown is that OS X’s reputation as a relatively secure operating system is unwarranted, Secunia said.
This year and last year Secunia tallied 36 advisories on security issues with the software, many of them allowing attackers to remotely take over the system – comparable to figures on operating systems such as Windows XP Professional and Red Hat Enterprise Server.
“Secunia is now displaying security statistics that will open many eyes, and for some it might be very disturbing news,” said Secunia chief executive Niels Henrik Rasmussen. “The myth that Mac OS X is secure, for example, has been exposed.”
Its service, easily accessible on its website, allows enterprises to gather exact information on specific products, by collating advisories from a large number of third-party security firms.
Secunia said the service could help companies keep an eye on the overall security of particular software – something that is often lost in the flood of advisories and the attendant hype.
“Seen over a long period of time, the statistics may indicate whether a supplier has improved the quality of their products,” said Secunia chief technology officer Thomas Kristensen.
He said the data could help IT managers get an idea of what kind of vulnerabilities are being found in their products, and prioritise what they respond to.
For example, Windows security holes generally receive a lot of press because of the software’s popularity, but the statistics show that Windows is not the subject of significantly more advisories than other operating systems. Windows XP Professional saw 46 advisories in 2003-2004, with 48% of vulnerabilities allowing remote attacks and 46% enabling system access, Secunia said.
SuSE Linux Enterprise Server (SLES) 8 had 48 advisories in the same period, with 58% of the holes exploitable remotely and 37% enabling system access. Red Hat’s Advanced Server 3 had 50 advisories in the same period – despite the fact that counting only began in November of last year. Sixty-six percent of the vulnerabilities were remotely exploitable, with 25% granting system access.
Mac OS X does not stand out as particularly more secure than the competition, according to Secunia.
Of the 36 advisories issued in 2003-2004, 61% could be exploited across the internet and 32% enabled attackers to take over the system.
The proportion of critical bugs was also comparable with other software – 33% of the OS X vulnerabilities were “highly” or “extremely” critical by Secunia’s reckoning, compared with 30% for XP Professional and 27% for SLES 8 and just 12% for Advanced Server 3. OS X had the highest proportion of “extremely critical” bugs at 19%.
Sun Microsystems’ Solaris 9 saw its share of problems, with 60 advisories in 2003-2004, 20% of which were “highly” or “extremely” critical.
Comparing product security is difficult, and has become a contentious issue recently with vendors using security as a selling point.
A recent Forrester Research study compared Windows and Linux supplier response times on security flaws and was heavily criticised for its conclusion that Linux suppliers took longer to release patches. Linux suppliers attach more weight to more critical flaws, leaving unimportant bugs for later patching, something the study failed to factor in, according to Linux companies.
Suppliers also took issue with the study’s method of ranking “critical” security bugs, which did not agree with the suppliers’ own criteria.
Secunia agreed that straightforward comparisons are not possible, partly because some products receive more scrutiny than others.
Microsoft products are researched more because of their wide use, while open-source products are easier to analyse because researchers have general access to the source code, Kristensen said.
“A product is not necessarily more secure because fewer vulnerabilities are discovered,” he added.”
“http://seclists.org/lists/bugtraq/2004/Jul/0026.html“
just let me know when they fix those stupid activex problems
By Slackware here:
http://store.slackware.com/cgi-bin/store
Guess Pat V. needs to pump up his advertising.
Guess Song hasn’t read the release announcement.
“I originally made the point that if you were looking for a package and your Linux distro didn’t provide it…”
I don’t know why we always hear this argument. Suppose I’m running Windows and realize I can’t use idVd? Bummer. Or better yet, suppose I’m running Windows and discover the application I want or need is out my price range as so many commercial apps are these days? (I realize some of you well-paid IT professionals don’t have to worry about things like that, must be nice)
I might miss out on some apps by using Linux/BSD but I also get alot of things free which I wouldn’t get with Windows or OS X. Little things like an Mp3 ripper. I can get Grip with almost any distro, but with Windows I can either use WMP’s half baked, DRM loaded function, I can download some spyware/freeware, or I can go buy one.
I totally agree with what this guy is saying even though I’m a Linux fan. I’m a professional graphic designer, not a programmer, and I shouldn’t have to know about all sorts of hacks and obscure programs in order to have Linux running on my computer and laptop. Linux should be user-educating; that is, the user should be able to learn all they need to know from the software itself.
“I might miss out on some apps by using Linux/BSD but I also get alot of things free which I wouldn’t get with Windows or OS X. Little things like an Mp3 ripper. I can get Grip with almost any distro, but with Windows I can either use WMP’s half baked, DRM loaded function, I can download some spyware/freeware, or I can go buy one.”
if you bought a windows based pc witha cd burner it almost certainly had your mp3 software included did it not?
or likewise if you added your own cd burner, they in almost all cases come with the needed software. $10 52x lite-on models i see on sale constantly come with the software.
Comparing product security is difficult, and has become a contentious issue recently with vendors using security as a selling point.
That’s the best statement made in the quote above. Without getting into the nitty gritty details, these studies don’t show much. There could be remote root in sendmail, but if i’m using postfix it’s a non-issue. pureftp could have exploit while proftpd be safe for months. the stuff like LSASS (sasser worm used this) and RPC DCOM (blaster used this) is very devasting to unpatched win boxes. I’ve never heard of the bot net / mass rooting problem except with windows. it’s certainly possible to mass root OSX and linux, but not as simple.
OSX Server has had plenty of advisories but i haven’t read through them enough to judge the OS yet. but it’s not as secure as the article implies. anyone watching bugtraq knows this.
the secunia study differentiates remotes (user nobody, etc) from remote roots. thing is, once you compromise a daemon that’s not chrooted, it’s often easy to jump to root anyway. so the figures are a tad misleading when you account for typical blackhat skill level. problem with windows is some of the exploits are instant remote admins, perhaps longhorn or blackcomb (?) will change this.
and cutting edge security distros like Immunix and Adamantix are good bit more “secure” than SuSE Ent. and RHEL.
i think most admins can prevent a lot of this by reading Full Disclosure (for quick reports of new exploits) and Bugtraq (for more official, moderated posts). Easy for me to say, i’m just a hobbyist. you can bet i’d be sending both lists to perl script parsing and dispatching signals to an alphanumeric pager. heck set up an “IDS pager” like Stall did in _Cuckoo’s Egg_.
>>”Oh, so there was basically only 1 UNIX OS, and only 1 version.”
Do you make it a practive to put words in other peoples’ mouths?
His strawman argument actually had a good point. UNIX is several OS: AIX, Tru64, Solaris, Irix, Unicos, etc. You could make the case that AT&T was the only true unix, but that’s a weak case. They are currently a blending of SysV and BSD and probably other stuff. AIX is very different from Solaris, just like linux 2.2 with busybox would be very different from 2.4 hardened gentoo would be very different from zipslack installed on fat32. You can call linux one OS all you like, but you can’t deny distribution differences. Some use more GNU, some more BSD, some busybox, some a modified kernel or glibc, some modified packages, and the list goes on and on. Sorry but the user space between distros is NOT the same.
If you think different, I suggest you contact Torvald’s lawyers.
So you don’t like strawmans and ad hominems used against you, but you can use the same logic eh?
Again, did I say userspace among distribuitions is the same?
Did I say there are no difference among distributions in terms of applications? No.
Linux is the kernel, a key set of libraries, and a core set of tools from GNU. That’s the OS. You can tweak the kernel, se SysV or BSD init scripts, add some drivers take some away, and it is still the same OS. A distribution can add nothing to that or it can add 10,000 packages and it remains the Linux OS.
THe ony way that I’ll accept that different Linux distributions are different operating systems is if you show me one that runs a kernel whose genealogy doesn’t begin with Linus Torvalds.
buncha zealots!
His strawman argument actually had a good point. UNIX is several OS: AIX, Tru64, Solaris, Irix, Unicos, etc. You could make the case that AT&T was the only true unix, but that’s a weak case. They are currently a blending of SysV and BSD and probably other stuff. AIX is very different from Solaris, just like linux 2.2 with busybox would be very different from 2.4 hardened gentoo would be very different from zipslack installed on fat32. You can call linux one OS all you like, but you can’t deny distribution differences. Some use more GNU, some more BSD, some busybox, some a modified kernel or glibc, some modified packages, and the list goes on and on. Sorry but the user space between distros is NOT the same.
How many of them don’t come with awk, sed, grep, perl, [ba]sh and a myriad other “standard” unix tools that provide pretty much all the functionality most viruses/worms/trojans/whatevers need ?
Put simply, the difference between the vast bulk of Linux distros is trivial, from a malicious code point of view. Even the differences between completely different unixes – from the perspective of causing mischief – is not much greater than the differences between various Windows variants.
http://www.maconlinux.org
The right choice = XP!
1. Its not expensive – i paid nothin for it!
2. Its not unsecure – theres security software
3. Linux, BSD – these are still a slow stupid nonworking PROJECTS~!
You made big news today, my friend. You just proved that: the Operating System named “Linux” runs on practically every UNIX! Because, as you might be aware, pthreads, (g)awk, sed, (t)csh, (ba)sh, perl, python, gcc and everything drsmithy named is both part of “the Linux OS” and “UNIX”. Because this identifies the similarity and definition of “the Linux OS”, “the Linux OS” is “UNIX”. Solaris/Linux existed for years.
And, in case you haven’t comprehended my first paragraph, it’s an argument for sanity: Linux already was the definition of a kernel since early 90’s. Now, mysteriously, some people are naming whole OSes, distributions, or even everything FL/OSS simply “Linux”. This is cOnFuSiNg.
The point of stating UNIX is that these are all derived on SysV or BSD, and also have many similarities. I could have named BSD and the BSD deritaves as well. They’re all not 100% similar, yet your ignorance fails to acknowledge that a freakin’ bug in glibc leading to root access remotely WILL (most likely) NOT AFFECT uclibc which is a libc from scratch. Hardly 100% the same, is it?
“IMHO, if a package is labeled as ‘stable’, I should be able to have a package to install in my distro of choice .. whatever distro I’m using .. as soon as it is released. You guys say that leaving it up to each individual distro to provide packages is not a problem, but I’mt elling you it IS a problem. It’s been a problem for every distro I’ve tried thus far. I realize that having to sit and wait for a package to be released (or trying to compile one yourself) is seen as normal in the Linux world, but certainly not where I come from.”
Have you ever heard of the principle “if it ain’t broken, don’t fix it?”
Why would you need Mozilla 1.8 when Mozilla 1.4 works perfectly fine?
When new software is released, the application itself might be extremely stable and easily been build. Therefore, it’s distributed. However, in the meanwhile, it could have made an inconsistency on another application which depends on this. This leads to behaviour not expected by the user, and in a situation with 10.000+ packages such possibilities are more and more likely.
If you are willing to sacrifice this, and leave that possibility open while also wanting bleeding edge software, then in the Debian world Testing or Unstable is a fine choice. However, many people do prefer absolute stability (especially when running a production server), and in the Debian world Woody is preferred for that purpose.
In other words: feel free to use Testing/Unstable, don’t whine though. Research the problem. check APT and Bugzilla if it’s already fixed and if not file a bug report.
You’re not making much sense.
All I’ve said is that each separate Linux distribution is not a separate operating system. Rather, each distributino is a slghtly different packaging of the same OS.
How can different distributions be called different operating systems when they all get their code from the same places? The code in the kernel is the same; the code in the apps is the same; the code in the libraries is the same. They’re all the same.
Yes, some distributions apply patches to the kernel. It’s still the same kernel, though. Distributions typically layer on a packaging scheme and a dependency resolver, but those are peripheral userspace tools that play no role in the underlying structure of an OS.
If people want to assert that different Linux distributions constitute dofferent operating systems, they would help their case if they’d actually produce a consistent argument and some evidence to support it. So far, we’ve seen nothing but inchorent footstomping.
-=Solaris.M.K.A=:
Windows fanboy? I’m using Slackware. Get a clue: It’s OK to say that Linux isn’t perfect. It won’t get better unless people do point to problems. Of course, you’re a zealot, so you see everything in black and white.
“Why would you need Mozilla 1.8 when Mozilla 1.4 works perfectly fine?
When new software is released, the application itself might be extremely stable and easily been build. Therefore, it’s distributed. However, in the meanwhile, it could have made an inconsistency on another application which depends on this. This leads to behaviour not expected by the user, and in a situation with 10.000+ packages such possibilities are more and more likely.”
LOL!! You act like using outdated software (security holes, bugs) is a good thing, just because the filesystem structure is broken among Linux distros. I guess Debian is the only solution for server admins then…please!
OS X has iTunes, which is an excellent MP3 ripper.
“If people want to assert that different Linux distributions constitute dofferent operating systems, they would help their case if they’d actually produce a consistent argument and some evidence to support it. So far, we’ve seen nothing but inchorent footstomping.”
My student pointed at my Slackware box and asked “is it linux?” If I call it linux, I oppose its existence. If I don’t call it linux, I deny the fact.
I cannot tell you what linux is, I can only stomp my foot and suggest that you google up a few Koans. With sufficient BeOS, Tantra, and Ruby coding, you too shall reach OS nirvana.
I use and like BeOS as well…. but lets face it… it doesnt have the abilities of Linux, OSX or Windows…..If it had been developed beyond its last true incarnation Ver 5 it might be a truly great OS… But without a good networking stack it wont cut the mustard in todays OS market. Move to Dano’s network stack and you break printing… thats not gonna work either.
BeOS had alot of potential had it been further developed… but come on guys….. its not in the same class anymore.
In your opinion maybe. You people keep spounting off stuff beos cant do. did you ever stop to think that maybe we dont need some of that or thats why we might dual boot? BeOS does 90% of what I want. the other 10% I do on windows or linux.