Announcement

Collapse
No announcement yet.

Linux Desktop Security Could Be A Whole Lot Better

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #21
    Originally posted by schmidtbag View Post
    Anyone else find it a bit strange that so many security flaws managed to get past so many developers in the first place? This is just 1 guy and he found a lot of problems that really shouldn't have ever been there in the first place. Just imagine how much more he'd find if he were paid. I'm aware linux's relative unpopularity is in itself a form of security, but it doesn't make me feel good knowing that security apparently isn't a priority to a wide range of people in the linux world.
    he is talking about the desktop, so there is security of course not the most important thing, especialy if you are just rewriting the complete X stack over the last years. On the desktop site, as developer you maybe think how do create a desktop or a backend that in the end brings more people to the linux desktop... because a developer that only codes for him self, or a developer that audience shrinks in extreme case is very frustrating, and you will quit that job at some time.


    Again its no networkstack security stuff, and I am not shure if the enterprise linux systems have this bugs, and in many cases you can depend on that the users you gave a useraccount and have access to your intranet, are not attacking you. As example I had a job interview on a university, ok they use ubuntu so worst case it seems, but there only have pre-doctors access you can basicly think that they are not attackers. they have better stuff to do, and even if, if they attack stuff when they logged in with their accounts it is probably easy to find out who did damage stuff.


    So there is maybe a reason for distries like debian and enterprise linuxes, if you have to update all 2 months to a new distri in a production environment you should maybe not hope this distros are multiuser-secure... I mean they should be secure for single-user systems... thats what desktop is primary, at thats the main target for systems like ubuntu.

    And maybe offices where the users are no hackers but "moorhuhn" gamers.


    I heared even from admins that they use systems (windows as clients in this case) that all 24 hours completly format the harddisks of the clients and copy over a windows image. So it seems at least windows is not (much) better in this sphere, it shure has a reason that they do that. not just for fun...
    Last edited by blackiwid; 24 May 2013, 09:55 AM.

    Comment


    • #22
      Originally posted by BO$$ View Post
      Again people, linux is invulnerable. That guy is probably a Microsoft paid evil monster paid to divide and conquer us! But we shall not fall for the faith is strong in us! Linux cannot be broken! Do not listen to this Judas!
      Where *do* trolls come from? Is it a genetic mutation? Or do you need to have trolls for parents?

      Just imagine how many vulnerabilities microscrap has that are hidden and unknown to the general public. These published vulnerabilities can (and will) be *fixed*. Unpublished flaws in binary crap *can't*.

      Good luck with your microscrap.

      Comment


      • #23
        Originally posted by DaVince View Post
        Besides. If he were an MS advocate, wouldn't it be a better strategy to stay quiet about the problems so it takes longer for others to find and fix them?
        Not really. At least, not in the way MS sees it. To corporate closed-source software vendors, it's all about image and PR. That's why microsoft spends so much money on astroturfing and spreading FUD about open source. They keep quiet about their own vulnerabilities, because you see, they don't care about the actual security of either OS (theirs, or Linux), they care about the public impression. Out of sight, out of mind, sadly.

        Comment


        • #24
          Originally posted by dee. View Post
          Not really. At least, not in the way MS sees it. To corporate closed-source software vendors, it's all about image and PR. That's why microsoft spends so much money on astroturfing and spreading FUD about open source. They keep quiet about their own vulnerabilities, because you see, they don't care about the actual security of either OS (theirs, or Linux), they care about the public impression. Out of sight, out of mind, sadly.
          They even sue people to keep their own vulnerabilities out of the public eye. Its frightening dealing with that crap. They'll go after you with the reverse engineering clause of their license, which is why MS vulnerabilities are kept close by those who find them, and exploited by people in places where MS has no legal recourse.... like China. Even if you can win against MS, it isn't worth the fight because they have virtually unlimited resources and WILL bankrupt you in the process.

          What this does, is it creates a totally different hacker culture. The MS side is dark and goes for the attack/damage aspects of hacking, because you can't be public about it. The Linux hacker culture is a bright and sunny place, full of happy nerds who have never been laid, eager to get their *real* name onto the discovery and/or the fix, hoping (unreasonably) that some *girl* will see it, be impressed, and put out.

          This situation couldn't be better for Linux, or worse for wondoze. Linux grows stronger and more secure BECAUSE of the hacker culture, BECAUSE the vulnerabilities are exposed in public!!! wondoze is a stagnant cesspool of vulnerabilities and failure, constantly under attack, and always failing to stand up to the attack.... and then who saves them? Not their coders for sure, the internet saves them, the internet that runs on Linux and can filter out the attacks. All they need to do is sue everybody between them and the source of the attack.

          Comment


          • #25
            Originally posted by blackiwid View Post

            Its a bit like somebody calling linux bad because nvidia makes bad linux drivers. that break and are difficult to install because people cant fix abi problems in the driver except nvidia and stuff like that.
            NVIDIA's drivers are great... The best drivers you can get on Linux for gaming/3D-stuff/rendering. Even Optimus support is comming "soon"... Yes, they are not open-source, but that's not a reason to call them bad. ATI/AMD's blob drivers are bad on Linux (FGLRX). I can't agree more on that.

            Comment


            • #26
              Originally posted by Sverro2 View Post
              NVIDIA's drivers are great... The best drivers you can get on Linux for gaming/3D-stuff/rendering. Even Optimus support is comming "soon"... Yes, they are not open-source, but that's not a reason to call them bad. ATI/AMD's blob drivers are bad on Linux (FGLRX). I can't agree more on that.
              I did not even say that they are bad, I did not the opposite too ^^ I just said it would be like somebody would say linux is bad because there are problems with this drivers, and there are problems with this drivers, you can say you think that they are not that big, but thats just a oppinion... and there are people bitching around why linux is so bad and breaks abi and stuff... so they basicly say linux is bad because linux developlment model isnt good.

              Yesterday I watched a youtube linux vs windows video, where somebody said there are problems with closed source drivers so linux would have not so good driver support than windows or something like that... and the point is if you think that this driver problems with closed source drivers (installation... ) are problems... if you see that that way... you have to blame nvidia not linux.

              If you say thats all wonderful go ahead... but dont blame linux for problems that are caused by closed source drivers.

              Comment


              • #27


                how many patch days or better years would microsoft have needed to fix at least most of so much bugs? Its fast... Xorg has a bit the problem that there are many many lines of code but way less developers as example the kernel has. hopefully that will be better with wayland
                Last edited by blackiwid; 24 May 2013, 03:48 PM.

                Comment


                • #28
                  Originally posted by schmidtbag View Post
                  Anyone else find it a bit strange that so many security flaws managed to get past so many developers in the first place? This is just 1 guy and he found a lot of problems that really shouldn't have ever been there in the first place. Just imagine how much more he'd find if he were paid. I'm aware linux's relative unpopularity is in itself a form of security, but it doesn't make me feel good knowing that security apparently isn't a priority to a wide range of people in the linux world.
                  I'm not surprised - I've been reading Google Chrome security fixes, and they've been finding a ton of issues in their code with AddressSanitizer, plus have been paying out a lot of money for each release on security fixes. And these are top-notch Google coders, working on 1 program.

                  Comment


                  • #29
                    Originally posted by Sverro2 View Post
                    NVIDIA's drivers are great... The best drivers you can get on Linux for gaming/3D-stuff/rendering. Even Optimus support is comming "soon"... Yes, they are not open-source, but that's not a reason to call them bad. ATI/AMD's blob drivers are bad on Linux (FGLRX). I can't agree more on that.

                    wooohoo how i love being drunk - go nv \o/ /o\

                    Comment


                    • #30
                      Originally posted by Vadi View Post
                      I'm not surprised - I've been reading Google Chrome security fixes, and they've been finding a ton of issues in their code with AddressSanitizer, plus have been paying out a lot of money for each release on security fixes. And these are top-notch Google coders, working on 1 program.
                      Does Google actually have any top-notch coders?

                      Comment

                      Working...
                      X