Debian User Forums

[Eck]

Well, the paranoid can install the McAfee SiteAdvisor browser plugin even on Linux, I think. The Mozilla folks constantly update Firefox (Iceweasel on Debian) for security, and Debian maintainers are always busy dropping the latest versions of upstream software into Debian Unstable. Debian Testing users get the updated product when it's been tested ready (and sometimes from the Debian Security repo) and Debian Stable users get the updates when the Debian Security repo gets them in there.

Not sure how OpenOffice does it but I believe it uses a system other than macros.

Stuff can be embedded in files that won't have an effect when used on Linux but then when shared with a Windows user CAN infect the Windows computer. That's why folks using Linux sometimes install a Linux anti-virus software (Debian has them available too) to scan stuff they're going to transfer to a Windows machine.

Heh, some folks who dual-boot and are browsers of porn sites will boot into Linux to do that so they can safely drool without worries about their computers.

I mean, it's pretty darned safe in the world of Linux as the vast majority of parasites out there only have effect on Windows. Even running some of that stuff using Wine, executing away, has no effect. You start the exe file and nothing happens because it doesn't have anything to hook onto and run. Even if your fake Wine Windows folder has what it needs to run, you can then simply delete that fake drive and run winecfg or wineprefixcreate to start over fresh.

How come the investigation? Just to learn, or are you considering this stuff before trying out Debian?

[BioTube]

Most browser hijacks that download are PEs. If you use an ELF browser, it just ain't gonna do nothing.

[khelben1979]

How come the investigation? Just to learn, or are you considering this stuff before trying out Debian?

No, I myself has been running Debian since -99. I think it's a good system and the user friendliness has improved dramatically, especially with the new graphical installer which was part of the Etch release, really nice!

[Eck]

Cool. I was just wondering since posts that suggest comparisons between Linux and Windows often fire up flame wars. (My favorite is better and you're an expletive vs. No, you're the expletive and my favorite rocks and yours is expletive!) Heh heh.

Not that everyone who uses Windows has security problems. Used it for years and never had a problem, not that the baddies didn't try. I just had those background scanners going and it was always taken care of pretty quickly.

So now, with Vista, Microsoft attempts to move most operations into a user space along with warnings, requests for administrator rights when needed. But still, I, having a Vista partition, know that nearly all of my older stuff I run on Vista has been installed as administrator and I've set their compatibility tab to run the programs as administrator (otherwise they don't perform correctly). So just how much more secure is that than the previous Windows? Not much. Anything that has administrative rights can still be hijacked if a baddy attaches itself to it.

On the other hand, Linux, doesn't matter the distro in most cases, starts off with a whole different way of operating. Nothing has administrative rights unless the occasional need is there and you run a command with root (su) privileges. Software for Linux is designed to run within the user parameters. It's all just inherently more secure.

So, Debian vs. Vista security? Debian's the obvious winner.

[BioTube]

I wonder if Microsoft will ever see that the fact that the Windows kernel is a dead end and steal BSD too.

[s3a]

The fact that you need to enter an administrative password to make system changes (you'd have to enter your password to allow a virus to ruin your computer) along with the fact that Linux isn't as targeted in the malware zone not to mention that you CAN take the same extensive precautions a Windows user would take (antivirus etc), Debian is MUCH MORE SECURE.

By the way, if a hacker wanted to hurt as much people as he/she can, he/she would target Windows. But if Linux was the most used OS, it still would be too secure to break into, unless the user is an idiot and types their password to allow execution of a virus.

[digthemdeep]

I think you should also consider the application models commonly used in each. Windows is a hotbed of fundamentally insecure technologies like ActiveX. Debian Etch has followed a server-oriented development path wherein the security philosophy encompasses the OS and the GNU application suite.

Windows security depends critically on user competence. Every new user tries shareware once, and then it's over. GNU has about everything most users could ever want, including all the little helpers like weather and hardware applets, no need for shareware. If I picked an OS for my mother it would be Linux.

Articles that discuss Windows vs Linux security always focus on server models, but Windows desktops are totally different animals. On the other hand Debian Etch is easily both a server and a desktop. If you want server-level security on a desktop, Etch is it.

[kruk]

if i were asked to create a linux virus, i could make it run in user mode, without huge rights, and monitor passord typing. In gnome or kde, this is done oftenly, even to correct date ou time... Once this harmless virus has root password, it can even operate without logging. At this moment, security performance between linux/debian and MS*.* are equal.

The main entrance in windows is the user behavior, as much as in linux... I bet the behaviour of guys from this forum makes linux by far the safest system. But this is not a rule.

By the way, I use iptables a lot, and i miss an application/module control of net access, something like Zonealarm does in windows...

[sir fer]

No, I myself has been running Debian since -99. I think it's a good system and the user friendliness has improved dramatically, especially with the new graphical installer which was part of the Etch release, really nice!

Gotta agree there...I'm loving Etch at the moment and am really looking forward to Lenny from what I've seen of testing and beta2 releases...Debian FTW ;o)

[julian67]

if i were asked to create a linux virus, i could make it run in user mode, without huge rights, and monitor passord typing.

Care to explain how you propose to capture keystrokes without root rights?

You might be able to capture clipboard contents but anything typed after su or gksu isn't available that way.

If you want to capture a root password you're going to need root access in user space or be doing something nasty in kernel space (i.e you've loaded your own keyboard driver) or be hijacking syscalls.....any of which means you must already have gained root access. To hijack application syscalls you need to be able to read /dev/kmem and /dev/mem....which can't be read by anyone except root. To completely subvert syscalls by writing your own you again need to be able to read /dev/mem and /dev/kmem....which require root access.

I don't think you can do it unless you've rooted the computer anyway.

[mauser1891]

Hello Folks,

This laptop HP/Compaq C551NR, started with Vi$taHE. But as the year progressed. The partitions shifted more, and more to Debian.
Now Vi$taHE only exists on the install dvd. And Debian is the only resident os on the hd.
The most predomniate wallpaper on my desktop states...
"Its All About The Freedom"
And thats all I need to say.

[ka3]

Let me just say this. An operating system shouldn't need 1GB of RAM just to function . . . when you add in the security programs that make Vista even come close to comparing with Debian, you're up to over 1GB for the base system *alone*. Debian, I hardly use more than 1GB, ever.

As for security . . . well, I'd trust Debian more readily than Vista. Simply because I have more faith in open source developers than Microsoft developers. Why?

The whole designing and coding system that Microsoft uses is bogus. Every team assigned to a part of the operating system or program only gets to see that part, so no one can assemble the entire source. How does that help? Almost all bugs are found by peer review (well, major bugs anyhow . . .); therefore that level of limitation is retarded. Maybe it worked a long time ago . . . but it ain't workin' now.

With open-source software, I don't have to worry. Any major security loopholes or problems will be found pretty quickly. "Many eyes make bugs shallow". I've got more faith in the Mozilla team than the I.E. team to make a secure web browser. More faith in the Linux kernel developers than Microsoft's developers.

Linux is a multiuser system from the ground up. Period. Windows has undergone so many revisions that it's not worth it. I trust a command-line system with a GUI more than a GUI system with a command-line.

My two cents.

[@ndreX!]

Debian Etch is the most secure Debian variant, and the (slightly) less secure Ubuntu won a recent three way contest between Mac, Vista, and Ubuntu in a security contest (Mac and Vista were broken into, Ubuntu wasn't).

Can somebody tell him that UBUNTU it's based on DEBIAN.
Thanks.

[jtodd]

Debian Etch is the most secure Debian variant, and the (slightly) less secure Ubuntu won a recent three way contest between Mac, Vista, and Ubuntu in a security contest (Mac and Vista were broken into, Ubuntu wasn't).

Can somebody tell him that UBUNTU it's based on DEBIAN.
Thanks.

He knows.