I've been fussing with Debian 9.30 last week and having a lot of fun.
One of the important keys in the installation is that a root password is not assigned. when you do this: you can't log in as root. neither can anyone else.
instead the first user account is added to the sudo users and will acquire the authority to issue sudo commands, e.g. I can use
- Code: Select all
sudo apt install evolution
to install the Evolution e/mail client. I do get prompted for my log-on password in order to use SUDO.
msft/windows has come a long way in adding their "user account control" -- this has a similar effect: you have to "OK" any updates to the software. I don't think that's the main trouble with msft/windows though: I think there are many weaknesses in their "legacy" software. this seems to be conceded in their latest Windows 10s offering -- which is more of a "gated" system: software selections limited to what they have in the pen. like an iPhone.
My guess is: msft will push this HARD. If I remember right their premier package MSFT/Office -- version 2019 -- is going to be available only on Windows 10s systems.
We are definitely getting better at security though. For example, the Debian 9.30 software provides SHA256SUM check data and PGP signatures for the reference pages.
I like to talk about this. IMHO all software needs to be signed. IMHO "Zero Defects" -- is something we do -- not something we get. When Debian provides the SHA256SUM and PGP signature for the reference page -- what I do: is check these, per procedures.
suggested reading
Global Cybercrime Costs Top $600 Billion