Originally posted by Pawlerson
View Post
Announcement
Collapse
No announcement yet.
Gentoo Developer: Is The Linux Desktop Less Secure Than Windows 10?
Collapse
X
-
Originally posted by Ronshere View PostScary stuff, I'm switching back to Win 10 now!
Seriously, though, Those are pretty serious exploits and it's good they are being addressed.
Comment
-
Originally posted by juno View PostAnd wtf are you talking about? Ask the developer of program x why he wants root access. It's your own fault and noone else's if you grant it to any app. It's not in the scope of the kernel to decide what's better for you.
You have all the freedom to restrict anything you want. Or - if you believe it or not - don't run untrusted code.
The whole concept of requiring root to install shit is a dumbfuck idea stemming from the dumbfuckest idea of all that you just said "the user knows enough to decide".
This might have been true in the 80s, but nowadays this is rarely true even for linux veterans, how in the hell you know how that a specific program won't harm you (apart from getting it from the distro's repositories and hope that its maintainer actually ran some tests and bad shit slipped in unnoticed)?
- Likes 2
Comment
-
Originally posted by Danny3 View PostI could never believe that Linux desktop is secure or more secure than Windows.
The major thing that protects Linux desktop is it's marketshare.
The only software that I think is secure is Virtualbox (not the program itself but the OS and programs that runs inside it).
I trust Virtualbox because I can run whatever I want inside a virtual machine and I'm not afraid that it will affect my host OS.
I don't understand why no Linux distribution gives me the power to control the program I run on it
Every time a program asks for my root password I fear that it will break my system completely, maybe it wants to format all my hard drives and I lose all my personal files.
Why the fuck the OS doesn't say why the program requires root access is beyond me.
First why are user apps accessing what should be system resources or spaces.
Second It might not be possible to explicitly detail every directory about to be touched but apps that do have to latch on to these resources should be able to tell the system what they are about to do. Either that or have the system do a dry run to make sure nothing gets trampled.
This is one thing that Apple did well with Mac OS and even the Homebrew guys to great care with their package management system. You can pretty much update anything at anytime and have no worries that something will corrupt the system. I routinely run HomeBrew, Mac OS and even Eclipse updates at the same time.
Yes, yes, everyone says to install only open source programs, but I don't need only open source programs.
There's no protection for proprietary programs.
I don't understand why Linux doesn't tell why the fuck a program wants my root access?
When it comes to privacy, I can't control which programs are allowed access devices like Webcam and mike, DVD drive, pendrive, etc...
Everything is allowed by default.
How is that secure
I don't agree with everyone of your points but Linux really needs to rethink how the system is structured and how use apps are installed.
Comment
-
Originally posted by orome View Post
not really. device access goes through polkit rules. you can change polkit rules.
most distros configure them to allow access for everything that seat user does (the user logged in locally).
that's also the point of the article. distros run dangerous crap by default.
Comment
-
Originally posted by starshipeleven View PostYeah right. Why more modern systems like say Android or iOS let me install applications without requiring root access? And that even if they are in the most hostile environment for a digital device without any sign of antivirus software they didn't suffer hilarious malware-related issues like Windows is well-known for?
The whole concept of requiring root to install shit is a dumbfuck idea stemming from the dumbfuckest idea of all that you just said "the user knows enough to decide".
This might have been true in the 80s, but nowadays this is rarely true even for linux veterans, how in the hell you know how that a specific program won't harm you (apart from getting it from the distro's repositories and hope that its maintainer actually ran some tests and bad shit slipped in unnoticed)?
Comment
-
Originally posted by Danny3 View PostI don't understand why no Linux distribution gives me the power to control the program I run on it
Every time a program asks for my root password I fear that it will break my system completely, maybe it wants to format all my hard drives and I lose all my personal files.
Why the fuck the OS doesn't say why the program requires root access is beyond me.
Yes, yes, everyone says to install only open source programs, but I don't need only open source programs.
There's no protection for proprietary programs.
I don't understand why Linux doesn't tell why the fuck a program wants my root access?
When it comes to privacy, I can't control which programs are allowed access devices like Webcam and mike, DVD drive, pendrive, etc...
Everything is allowed by default.
How is that secure
Programs usually need root privileges because they need to be installed in places they can't access without root privileges and/or change system settings that again can't be changed without root privileges.
On Linux afaik the program that gets root access isn't the program itself but the package manager though (for most packaged software), and that is reading config files and whatnot. It's less bad than on Windows where you actually give root access to the application itself on install.
The main reason is that re-spinning the whole thing is a PITA. Maybe next-gen package managers like flatpack and Snap will offer better control over that.
Apart from Android and iOS where this isn't happening and stuff is relatively compartimentalized, there is Qubes OS where it's Xen that runs the virtualization, applications run in their own little compartment, so even if they get "root" access they can't do much outside of that.
Unless there are vulnerabilities in the virtualization system. Anyway, it is quite a bit harder to make an exploit that blows through an application, the OS, and Xen all in the same shot. Anyway, Qubes OS is called "reasonably secure" by its creators.Last edited by starshipeleven; 05 February 2017, 08:58 PM.
- Likes 2
Comment
-
Originally posted by starshipeleven View PostThe whole concept of requiring root to install shit is a dumbfuck idea stemming from the dumbfuckest idea of all that you just said "the user knows enough to decide".
If that seems like such a nice idea for you, you can always use an installation daemon and use a graphical frontend to queue packages for installation. Or you could also just install apps in your home dir. Or use appimages, flatpaks, etc. Open your eyes, maybe.
If the Android way seems so nice to you, go ahead and assign a unix user for each app. Restrict the rights, easy. Or just use android-x86. What about chromeos? Should suffice your needs, maybe?
You can also maintain your own distribution. Spread it, if people agree with you, you should have plenty users. But once and for all, don't blame the kernel, which has nothing to do with it. At all.
Originally posted by starshipeleven View PostAnd that even if they are in the most hostile environment for a digital device without any sign of antivirus software they didn't suffer hilarious malware-related issues like Windows is well-known for?
Also, av don't necessarily make the system more secure. Today's products are more likely to cause more problems instead of preventing users from harm.
Originally posted by starshipeleven View PostYeah, most OS around still use the old and broken concept of "the root user knows what he is doing".
Programs usually need root privileges because they need to be installed in places they can't access without root privileges and/or change system settings that again can't be changed without root privileges.Last edited by juno; 05 February 2017, 08:07 PM.
- Likes 2
Comment
-
Originally posted by Griffin View PostGnome got lots of paying enterprise customers. They have a fairly good track record of patching stuff.
KDE is left in the dark. Expect nothing but 100 embarrasing bugs if someone really cared to do a proper review. Baloo should not be used, period.
Saying "more than kde" isn't a good definition.
- Likes 1
Comment
Comment