Page 3 of 5 FirstFirst 12345 LastLast
Results 21 to 30 of 41

Thread: Linux Desktop Security Could Be A Whole Lot Better

  1. #21
    Join Date
    Jul 2008
    Posts
    844

    Default

    Quote Originally Posted by schmidtbag View Post
    Anyone else find it a bit strange that so many security flaws managed to get past so many developers in the first place? This is just 1 guy and he found a lot of problems that really shouldn't have ever been there in the first place. Just imagine how much more he'd find if he were paid. I'm aware linux's relative unpopularity is in itself a form of security, but it doesn't make me feel good knowing that security apparently isn't a priority to a wide range of people in the linux world.
    he is talking about the desktop, so there is security of course not the most important thing, especialy if you are just rewriting the complete X stack over the last years. On the desktop site, as developer you maybe think how do create a desktop or a backend that in the end brings more people to the linux desktop... because a developer that only codes for him self, or a developer that audience shrinks in extreme case is very frustrating, and you will quit that job at some time.


    Again its no networkstack security stuff, and I am not shure if the enterprise linux systems have this bugs, and in many cases you can depend on that the users you gave a useraccount and have access to your intranet, are not attacking you. As example I had a job interview on a university, ok they use ubuntu so worst case it seems, but there only have pre-doctors access you can basicly think that they are not attackers. they have better stuff to do, and even if, if they attack stuff when they logged in with their accounts it is probably easy to find out who did damage stuff.


    So there is maybe a reason for distries like debian and enterprise linuxes, if you have to update all 2 months to a new distri in a production environment you should maybe not hope this distros are multiuser-secure... I mean they should be secure for single-user systems... thats what desktop is primary, at thats the main target for systems like ubuntu.

    And maybe offices where the users are no hackers but "moorhuhn" gamers.


    I heared even from admins that they use systems (windows as clients in this case) that all 24 hours completly format the harddisks of the clients and copy over a windows image. So it seems at least windows is not (much) better in this sphere, it shure has a reason that they do that. not just for fun...
    Last edited by blackiwid; 05-24-2013 at 09:55 AM.

  2. #22
    Join Date
    Oct 2009
    Posts
    2,117

    Default

    Quote Originally Posted by BO$$ View Post
    Again people, linux is invulnerable. That guy is probably a Microsoft paid evil monster paid to divide and conquer us! But we shall not fall for the faith is strong in us! Linux cannot be broken! Do not listen to this Judas!
    Where *do* trolls come from? Is it a genetic mutation? Or do you need to have trolls for parents?

    Just imagine how many vulnerabilities microscrap has that are hidden and unknown to the general public. These published vulnerabilities can (and will) be *fixed*. Unpublished flaws in binary crap *can't*.

    Good luck with your microscrap.

  3. #23
    Join Date
    Jan 2013
    Posts
    1,458

    Default

    Quote Originally Posted by DaVince View Post
    Besides. If he were an MS advocate, wouldn't it be a better strategy to stay quiet about the problems so it takes longer for others to find and fix them?
    Not really. At least, not in the way MS sees it. To corporate closed-source software vendors, it's all about image and PR. That's why microsoft spends so much money on astroturfing and spreading FUD about open source. They keep quiet about their own vulnerabilities, because you see, they don't care about the actual security of either OS (theirs, or Linux), they care about the public impression. Out of sight, out of mind, sadly.

  4. #24
    Join Date
    Oct 2009
    Posts
    2,117

    Default

    Quote Originally Posted by dee. View Post
    Not really. At least, not in the way MS sees it. To corporate closed-source software vendors, it's all about image and PR. That's why microsoft spends so much money on astroturfing and spreading FUD about open source. They keep quiet about their own vulnerabilities, because you see, they don't care about the actual security of either OS (theirs, or Linux), they care about the public impression. Out of sight, out of mind, sadly.
    They even sue people to keep their own vulnerabilities out of the public eye. Its frightening dealing with that crap. They'll go after you with the reverse engineering clause of their license, which is why MS vulnerabilities are kept close by those who find them, and exploited by people in places where MS has no legal recourse.... like China. Even if you can win against MS, it isn't worth the fight because they have virtually unlimited resources and WILL bankrupt you in the process.

    What this does, is it creates a totally different hacker culture. The MS side is dark and goes for the attack/damage aspects of hacking, because you can't be public about it. The Linux hacker culture is a bright and sunny place, full of happy nerds who have never been laid, eager to get their *real* name onto the discovery and/or the fix, hoping (unreasonably) that some *girl* will see it, be impressed, and put out.

    This situation couldn't be better for Linux, or worse for wondoze. Linux grows stronger and more secure BECAUSE of the hacker culture, BECAUSE the vulnerabilities are exposed in public!!! wondoze is a stagnant cesspool of vulnerabilities and failure, constantly under attack, and always failing to stand up to the attack.... and then who saves them? Not their coders for sure, the internet saves them, the internet that runs on Linux and can filter out the attacks. All they need to do is sue everybody between them and the source of the attack.

  5. #25
    Join Date
    Apr 2012
    Posts
    51

    Default

    Quote Originally Posted by blackiwid View Post

    Its a bit like somebody calling linux bad because nvidia makes bad linux drivers. that break and are difficult to install because people cant fix abi problems in the driver except nvidia and stuff like that.
    NVIDIA's drivers are great... The best drivers you can get on Linux for gaming/3D-stuff/rendering. Even Optimus support is comming "soon"... Yes, they are not open-source, but that's not a reason to call them bad. ATI/AMD's blob drivers are bad on Linux (FGLRX). I can't agree more on that.

  6. #26
    Join Date
    Jul 2008
    Posts
    844

    Default

    Quote Originally Posted by Sverro2 View Post
    NVIDIA's drivers are great... The best drivers you can get on Linux for gaming/3D-stuff/rendering. Even Optimus support is comming "soon"... Yes, they are not open-source, but that's not a reason to call them bad. ATI/AMD's blob drivers are bad on Linux (FGLRX). I can't agree more on that.
    I did not even say that they are bad, I did not the opposite too ^^ I just said it would be like somebody would say linux is bad because there are problems with this drivers, and there are problems with this drivers, you can say you think that they are not that big, but thats just a oppinion... and there are people bitching around why linux is so bad and breaks abi and stuff... so they basicly say linux is bad because linux developlment model isnt good.

    Yesterday I watched a youtube linux vs windows video, where somebody said there are problems with closed source drivers so linux would have not so good driver support than windows or something like that... and the point is if you think that this driver problems with closed source drivers (installation... ) are problems... if you see that that way... you have to blame nvidia not linux.

    If you say thats all wonderful go ahead... but dont blame linux for problems that are caused by closed source drivers.

  7. #27
    Join Date
    Jul 2008
    Posts
    844

    Default

    http://www.x.org/wiki/Development/Se...ory-2013-05-23

    how many patch days or better years would microsoft have needed to fix at least most of so much bugs? Its fast... Xorg has a bit the problem that there are many many lines of code but way less developers as example the kernel has. hopefully that will be better with wayland
    Last edited by blackiwid; 05-24-2013 at 03:48 PM.

  8. #28
    Join Date
    Dec 2007
    Posts
    677

    Default

    Quote Originally Posted by schmidtbag View Post
    Anyone else find it a bit strange that so many security flaws managed to get past so many developers in the first place? This is just 1 guy and he found a lot of problems that really shouldn't have ever been there in the first place. Just imagine how much more he'd find if he were paid. I'm aware linux's relative unpopularity is in itself a form of security, but it doesn't make me feel good knowing that security apparently isn't a priority to a wide range of people in the linux world.
    I'm not surprised - I've been reading Google Chrome security fixes, and they've been finding a ton of issues in their code with AddressSanitizer, plus have been paying out a lot of money for each release on security fixes. And these are top-notch Google coders, working on 1 program.

  9. #29
    Join Date
    Jul 2008
    Posts
    359

    Default

    Quote Originally Posted by Sverro2 View Post
    NVIDIA's drivers are great... The best drivers you can get on Linux for gaming/3D-stuff/rendering. Even Optimus support is comming "soon"... Yes, they are not open-source, but that's not a reason to call them bad. ATI/AMD's blob drivers are bad on Linux (FGLRX). I can't agree more on that.

    wooohoo how i love being drunk - go nv \o/ /o\

  10. #30
    Join Date
    May 2011
    Posts
    1,514

    Default

    Quote Originally Posted by Vadi View Post
    I'm not surprised - I've been reading Google Chrome security fixes, and they've been finding a ton of issues in their code with AddressSanitizer, plus have been paying out a lot of money for each release on security fixes. And these are top-notch Google coders, working on 1 program.
    Does Google actually have any top-notch coders?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •