Actually, I've not found ONE program that I can't run from my user home, configged and installed as *me* rather than root or via sudo.
I was referring to the standard practice of using package management systems to install software. This almost allways requires root. yes, I've downloaded, configed and installed programs in my own folder in BSD, but only becuase the application was not in the FreeBSD ports system. I'v also downloaded an run programs from my userspace for Windows too - though as you know, these are not nearly as common.
and THAT is mostly because I neglected to config my CD drive
Config your CD drive as root, right?
To the Windows end, why in HELL would CDex ask me for my admin password for installation, particularly when it's going to a user Documents folder? Bad coding made to work for an awkward system configuration is the sole reason I can figure.
Good question. I've used CDEx. Last time I did, I jsut unzipped it and ran it. CDEx might require low level driver access which means the proper permissions must be set for regular users, or it must be run as admin. Or maybe CDEX installs a driver?
...but anyone who runs programs that NEED to be run as root should be shot.
Have you ever burned a CD in linux?
If not, have you ever executed any of the following programs in linux?
/bin/su
/bin/ping
/bin/mount
/bin/umount
/var/qmail/bin/qmail-queue
/usr/bin/chfn
/usr/bin/chsh
/usr/bin/crontab
/usr/bin/chage
/usr/bin/expiry
/usr/bin/sperl5.6.1
/usr/bin/newgrp
/usr/bin/passwd
/usr/bin/gpasswd
/usr/bin/procmail
/usr/bin/suidperl
/usr/lib/misc/pt_chown
/usr/sbin/unix_chkpwd
/usr/sbin/traceroute
/usr/sbin/pwdb_chkpwd
That is a list of the files in Gentoo (and most other linux distros) that have the suid bit set on them by default becasue they won't work as non-root users otherwise."
There's not a single valid reason that I can think of for that behaviour on any system, barring bad coding practices.
I agree, but on any OS, there are certain apps that need elevated privileges, regardless of how well they are programmed, because the design of the OS requires it.
What is it with you and false premises? The *only* time that I can see that logic functioning *anywhere* in history is with Windows.
In order for a premise to be false it must be proven so first. But, feel free to call mine flawed if you like. Semantics nazism aside, you must have missed all of the viruses that affected the Mac when they had a relevant markethsare. The biggest collection of flawed premises I see is when people claim linux would be malware free if it had a large desktop following.
That's like saying that if Chevys ever become as popular as Jaguars, they'll break down every bit as often.
And I bet you there were 500 times more Chevys that broke down last year than Jaguars. That of course means nothing, but the statistics could be twisted to indicate that it does. On the same note, the fact that 500 times more Windows machines were infected or hacked last year than linux machines it doesn't neccesarily mean Windows is flawed. The numbers, use and users between the two platforms are completely different, and therefore straight simple stats comparisons mean very little.
Now, don't get me wrong; I'm not saying you won't encounter minor annoyances (sometimes major, but more oftentimes minor) and quirks from time to time - you will. The point is that you're trying to argue that the future distribution of a product will affect its current security, and that - my friend - is bad logic.
IMO, my logic is quite sound, and I will explain why. Lets just pretend that Linux's poularity exploded on the desktop and it gained, oh...50% desktop marketshare. I'm not saying you or anyone else here has said these things, but these are all arguments I've heard multiple times by linux zealots on the net.
Flawed premise: Linux users are security concious, therefore if it became popular on the desktop malware wouldn't be prevelent.
The reality is, most computer users are completely ignorant of how their computer works, and don't have any inclination to learn. hell, with the current rash of n00bular linux distros the same could even be said of many linux users now. Look at how succesful the Sober worm has been on Windows. There have been, what, 500 variants of Sober over the last year or so? The Sober worm relies entirely on user interaction to propogate. The user must open up a zip file and execute the file inside to get it to work. If that's not a damning portrait of the state of overall security awareness, then I don't know what is. So what current feature of linux is going to stop Joe User from opening up that gzip archive he got in the email with Ark and runnning the script, or installing the rpm inside? What feature of linux is going to stop Joe blow from installing that firefox extension that "cracks.ru" says he needs to download the latest keygen for Quake V
? What feature in linux is going to stop Joe Blow from installing that trojaned loki installer of Quake V that he just downloaded from KTorrent?
Flawed premise: Because linux is open source, more eyes get ot look at the code and flaws are discovered faster.
Besides not having seen a shred of proof of this, I can give many reasons why this doesn't make much sense. First of all flaws are usually discovered by accident, or by simply feeding an application garbage and getting lucky, not by browsing source code. Flaws have gone unoticed in Open source operating systems for years. What's the excuse for that? Yes, it's possible to find flaws by looking at the code, but what percentage of the population actually has the ability, let alone the will to even bother trying to find flaws in source code? Besides that leads to another false premise - that the people who find all of these extra flaws would not use them maliciously.
Flawed premise: Vulnerabilities in Linux are fixed faster than Vulnerabilities in Widnows, therefore linux users will be less exposed.
Getting fixes out fast is great, but unfortunetely people tend to not install them. And it seems, the more ignorant users and apathetic admins you have, the more boxes you will find that go unpatched. My Awstats weblogs for toadlife.net show that 15% of firefox users still run verison 1.04 or less, which is vulnerable to multiple remote code execution vulnerabilites.Imagine if firefox had a 90% browser marketshare. OS and App Vulns aside, stupid users are the biggest vulnerability and the patch for that is nowhere in sight.
False premise: Linux users will be protected from worms and trojans because they don't run their machines as root.
The only thing running as a non-root users will protect you from is complete system compromise. Trojans don't need your root password to do the things that modern trojans do, like connect to IRC servers and send email, or grab personal data. Not that running with least privilege is bad - it's great, but it's certainly no panacea.
Flawed Premise: Files in unix are not executbale by default so users won't be hit by mail viruses.
If the file is zipped, the executable bit has already been set for you.
(
read:The Sober Virus)
Having said all that, I'm quite pleased to see you comfortable with your current platform, and at a level of expertise where you can make it perform to your expectations. You have achieved a level of mastery that few have bothered and will bother to reach. :cool:
Well my current platform is both Windows and Unix, so I'm not sure what you are getting at with that. My competence in Widnows is out of neccesity -
it's my job. Any competence I have in UNIX is purely out of my liking for it, as it's not required (but has become very usefull) at my job.
