Bill Gates is to hacking as Sid Vicious was to the Sex Pistols
Wednesday, November 7, 2007
for those of you linux newbies, i’m copying over some comments i made on Lifehacker.com for the benefit of you guys.
(sorry for the messy formatting. maybe i’ll clean it up some other time. VERY text-heavy, but has a LOT of good info in it.)
_______________________________________________
“How about security, firewall and antivirus? I don’t know anything about how that works on Linux, other than that it’s said to be a safer, more stable system etc.”
(someone replied)
Security wise, Linux is more secure (debatable) because there are not a bunch of people targeting the system (debatable, too). Either way, your security needs are covered via system updates, where you only need to keep an eye for security updates. Thats it. The firewall (a must in most environments) can be installed for free via a simple update, and so is the anti virus (Kaspersky makes one, but haven’t tried it yet).
(my reply) :
security: like (above) said, it’s secure out-of-the-box. when a security hole is found, it’s fixed ASAP- no matter what the possible threat level (a model M$ could learn from; they “prioritize” their threats. takes on average about a week for a very serious security hole to be addressed whereas more minor exploits may never be addressed).
another reason it’s more secure is not necessarily because it’s less targeted but rather the inherent design of the system- it runs in “layers” (the windowing/graphics system is separate from the system kernel” whereas in windows, it’s all intergrown together (in other words, a security exploit present in the windowing/graphics system can potentially provide a route for a hacker to set up a rootkit).
also, aside from layering, linux has right from the beginning been focused on multi-user security/functionality. it’s been designed ground-up with this in mind. multi-user protocol hasn’t really been implemented in windows since NT, and it does a shady job at best implementing (such as the default user running with administrator rights? uh. what?).
firewall: there isn’t exactly a “firewall” as you’re probably familiar with it. rather, the system default is unless specified, a port is not active. you just need to edit a config file to allow/disallow custom ports to listen in (but usually you can also configure this in the service’s configuration itself. like MANY things in linux, there’s multiple ways to do things)
antivirus: there are AV scanners for linux (and IDS as well). clamav and avg free come to mind. however, these are usually not needed at all- it’s a myth that there’s no such thing as a linux virus. i think seven or so have been developed. however, as i mentioned above in reference to multi-user and layering, the virii can’t propogate and infect the rest of the computer and thus, won’t propogate and thus, you don’t contract them. in order to successfully infect a linux machine, you’d have to know WHERE to get a specific virus, and execute it from the commandline (which is something most users aren’t comfortable with anyways). so ironically, the MORE you know about linux, the easier it is to infect a linux install. not the other way around, as with windows.
________________________________________________
“The more I look at this, the more I think that the gOS is for low-income users who cannot afford anything else, and would already be shopping at WalMart. But the article suggests that this would work for a basic machine for grandparents and kids. I agree with you that this would not work. Facebook and Google are already slow on a normal system. This idea is strictly for low-income families and this article stinks of marketing propaganda.”
(my response)
facebook and google are slow on which system? linux and windows handle threading differently. 512mb is PLENTY enough RAM for surfing the ‘net, no matter what site, because the enlightenment window manager (the thing that uses up the most RAM) still uses much less RAM than WinXP windowing (i have a workstation that only has 128 and it still works just fine). or even Aqua windowing on Mac, i’d venture. there’s also the swap partition which, although slower transfer than RAM, still helps a good deal with caching of internet sites, caching libraries, etc. in this way, you can browse the internet quite comfortably on a system with only 64mb of RAM with damnsmall Linux. don’t expect miracles, but as far as checking e-mail and news sites and just generally surfing the web, it’s enough.
don’t expect to run Half-Life 2 with the res and detail turned all the way up on this baby, but if you run an internet cafe, this is the perfect machine.
you can shove 4gb RAM in a box and it still won’t make your internet faster. the box itself just needs to be fast enough to HANDLE the browsing. and this hardware certainly does. not many people still use dial-up but those that do are, i’m sure, aware that their internet is going to be slow and will simply be patient. broadband is NOT that expensive, and i say that as a full-time student.
and don’t accuse an article of propaganda in this case without having a deep understanding of technology across the board; it’s like calling the kettle black. would you trust a schizophrenic derelict on a streetcorner at midnight to give you cancer prevention advice? i wouldn’t. in the same vein, you need to really understand the way both OS (as well as network protocol, etc.) work before criticizing and making assumptions. if you are interested in learning more, i’ll be glad to point you towards excellent educational resources.
not trying to be a jerk or anything, i just want to make sure you have your facts straight. linux suffers enough FUD, mudslinging, and propaganda from Micro$oft; we don’t need any more.
__________________________________________________
(in reference to software management)
when you install software in windows (and yeah, macs), you download an installer/binary from the project’s website (or torrent it, or run it from CD, whatever). you then run that file which usually installs the software (sometimes it’s a standalone binary or “executable”).
with linux, you have something called “repositories”- these are servers or clusters of servers hosting software (both binaries AND source code, usually)- it is also possible to put repositories on CD/DVD/local server (although HIGHLY not recommended due to slower access to updates, decreased security, etc.).
when you want to install something, you use an interface (called a “packaging tool”) either with or without a GUI front end (in ubuntu and DEB-based distros, aptitude/apt-get is the frontend to repository access and synaptic is one of the GUI frontends to aptitude). usually in repositories, there are THOUSANDS upon thousands of software, libraries (“dll files” for you windows users), etc. ALL which have been rigorously tested and tested again for security holes, memory leaks, etc. and then tested again, and so on so forth (and depending on which branch you choose- for example, stable vs. testing- you can have certain tradeoffs. more recent cutting-edge releases at the expense of stability, and vice versa).
(there are, of course, exceptions- sometimes a smalltime project isn’t in repositories yet, or refuse to be included in repositories, etc. in this case, they usually have a pre-compiled binary you can run, an “installer”(which utilizes the distro’s packaging tool), or the source code (and compiling from source is about as hard as unzipping a file as long as the makefile’s configured correctly- and it usually is. if it isn’t, there’s ample documentation on compiling on the project’s site).
what it all comes down to, in comparison for windows users, is this:
imagine your control panel listing not only what you DO have installed but what software you COULD install (as well as a checkbox and “apply” button to install it). no more going to google to find the software company’s webpage to download the installer to only find out you’re missing a certain library- SO! off to google again to download the dll you’re missing, etc.
the advantages to this method are numerous- free software at one command/one select of a checkbox, a list you can scroll through/search through for software you need to accomplish a certain feat/goal (repositories are indexed, cross-referenced, etc.), AUTOMATIC UPDATING WITH ONE CLICK/COMMAND (both windows and mac lacks in this area), increased security (when you install from a repo, you KNOW the software is what it says it is and not some malevolent backdoor/trojan. that is why virii propogation has not occurred in linux- even though it is possible to write virii for linux that do VERY limited damage (due to the multi-user internals), it doesn’t propagate because the only people who would GET virii are the ones who wouldn’t be installing from source (aka “grandma and grandpa” users).
__________________________________________________
“I can’t imagine that a Linux PC is ready for the unwashed masses.
Can anyone imagine walking your parents through how to untar and ungzip an application and install it? For that matter what if they have to “make”? LOL!
Computers are getting harder to use for people like this, not easier. What is truly needed for people like my parents is a computer that provides IN YOUR FACE step-by-step instructions for EVERYTHING and a dead simple interface with 3 or 4 giant icons to mash like – EMAIL, INTERNET, PHOTOS, DOCUMENTS, etc.
Oh, and a built in – always on – vnc server so I can fix everything remotely when they inevitable screw it all up. 
“
(my response)
a couple things i have problems with regarding your assessment.
-you’re making assumptions that they’ll need to install from source- if a distro’s repos are set up properly, they won’t (unless they’re hardcore geeks and do coding, penetration testing, database administration, reverse engineering, hardware reconfiguration… my parents don’t do any of these. do yours? if it’s THAT hard for them, you can always SSH in. or give them a bash script to run.
-which is harder? “Administration > System > Synaptic, select Firefox, select Apply” (ubuntu users, correct me if i’m wrong. doing it from memory) or “url:www.getfirefox.com, click Download, save installer (or run… but that takes forever) run installer, etc.” i’d prefer the former. i think linux is MUCH more newbie-friendly.
-as for “step-by-step documentation for EVERYTHING”… it does not and will never exist. on ANY os. gnome and ubuntu have help documentation, just as windows does. openoffice has help documentation just as m$office does. however, and here’s the problem, PROBLEMS WILL ARISE INEVITABLY. they will any OS, no matter what. the normal user, NO MATTER WHAT OPERATING SYSTEM, will have no clue what to do. this is where the service industry comes in- you pay for support. you can always find it free online, too.
-as for your always-on built-in VNC server, i have a couple problems with that.
1. vnc is a proven insecure protocol. nomachine or VNC over SSH tunneling would be better.
2. most distros have VNC installed out of the box, already. the service (the thing that lets people connect), however, usually isn’t turned on by default. this is a security precaution, done intentionally, and is a trivial matter to turn on. same reason when you install windows, it doesn’t have Remote Desktop turned on by default. security hazard.
3. if your parents (as in your model) have a NAT router (as they should), vnc WON’T work out of the box unless you’re on their subnet. you’d still need to set up port forwarding. there are ways around this such as NAT repeaters, but that’s a different subject.
