Do you trust Linux?

[Lobster]

My first excursions into Linux Penguin land, I was very suspicious.
Those Linux Lads are all hackers and deviants trying to find out info I wouldn't tell my psychiatrist . . .
They wrote viruses. The were anarchic weirdos. They were dangerous.

That is what I thought.

Gradually I realised that my XP powered computer was running anti-virus and security features that were not even working.
Microsoft had lost the plot.

Gradually I found that Linux was far more secure. Far more fixable if anything went wrong. Penguins were helpful. Mostly they were smarter more computer literate and making their software better, simpler, faster etc.

Eventually I would download and enable (make executable) files from anyone willing to offer a new .pet
Potentially that is risky. Never had a problem.

Are you one of the anarchic weirdos? Can you be trusted?
Do you trust Linux?

[01micko]

In answer to your three questions, yes, maybe, yes. In that order

[ttuuxxx]

1- Are you one of the anarchic weirdos?
2- Can you be trusted?
3- Do you trust Linux?

To answer questions

1 - Never in Linux, Back I'n my Punk/Prep days, early 80's I liked a bit of Anarchy with my style, but who didn't when your a teen.
2 - I can be 100% trusted
3 - I trust linux, Well my releases and official ones 100% then most others 90%+

How about having a number 4 Question ??
Q: Do you trust a talking Lobster????
A:Hmmmmmmm maybe just this
ttuuxxx

[droope]

Noooooooo you are all trying to get meeee!!!



Get out, GET OUT!!!!!

[bugman]

Are you one of the anarchic weirdos?

Can you be trusted?

Do you trust Linux?

yes

no

as far as i can throw an iso

[Slapdash]

Do pardon me for talking out of line, but I voted "no" and am willing to say why. I should add that it's more of a "not any more than I would trust any other system" rather than just a simple "no". I don;t trust Windows and I won't trust Linux. What's man-made can be man-cracked or malfunction or do whatever it might do to prove itself untrustworthy.

@Lobster - I fail to recognize how fawlty or otherwise not working anti-virus software is Microsoft fault. The company has got a lot to answer for, and it probably is the croporate monster giant it is portrait as, but bashing it just for bashing's sake is just... well, exactly that. Unnecessary to say the least. Unless I misunderstood something, which I might have.

Also, one should be aware than on the desktop market Linux has what? 2% share? If the number goes up (and I'm careful not to say "when" - I remeber that at least last three years have been called "The year of the desktop Linux" and little came out of it) so will the number of malevolent users and consequently Linux malware. I have little faith in people's good intentions but I trust in human ingeniuity. People will find more ways of hurting Linux as it grows more popular. I understand verry little when it comes to system's architecture or internet security. But I do know that evil, much like nature, will always find a way.

On a more personal level - in Windows I have a firewall set up, which seems to be working. The good thing about it is that it thinks I'm an idiot. I am. It asks me "do you want to do that?" "would you like me to take care of this?" "how about we close some ports, might be a good idea". It rests in my tray and blinks reasuringly every now and then. In Puppy I have a firewall too, but it doesn't think I'm stupid. Or maybe it does a little too much. It don't blink though It said I should be alright and disappeared. Did I ever mention the blinking thingy? I sort of miss it. Even if I am more secure, I'm so used to being insecure that I can't simply take my security for granted (I wanted to use the wrod "secure" in this sentence once more but it wouldn' fit, so sorry). It is Windows' fault alright, but I am already marred. QED - that's why I can't get myself to trust an OS.

Sure is a lengthy post

[puppyluvr]

Hello,

Well my releases and official ones 100% then most others 90%+

Gotta love the "self promotion" in that!!!! (we love ya Ttuuxxx)

"not any more than I would trust any other system"

I`ll rephrase that one ...
................

more than I would trust any other system

...
..............Yes, but with valid reasons.......................
But I never trust any "system" completely...

@Lobster - I fail to recognize how fawlty or otherwise not working anti-virus software is Microsoft fault.

Because M$ efforts to protect its "market share" and to prevent you from finding out how YOUR computer works, ie..backgrounding everything, is what allows viruses such easy access....

.. Linux malware.

Not likely, as Linux exposes ALL processes, so a "virus" has nowhere to hide...

..Even if I am more secure, I'm so used to being insecure that I can't simply take my security for granted

LOL, That is what M$ wanted...

As for the 3 questions::::
!. I`m their Poster Child..
2. Yes, if you deserve it...
3. Its all I run, and Ive no complaints, so YES....

[hillside]

1- Are you one of the anarchic weirdos?
The answer seems to depend on who's asking the question.

2- Can you be trusted?
Of course I can be trusted. Hey, come here, ya wanna look at this ISO? I can give it to ya cheap; real cheap.

3- Do you trust Linux?
Mostly. But I don't trust zoos. Animals can escape and cause all kinds of trouble, and this Linux thing is getting awfully zoo-like. We've got puppies, penguins, lobsters, and even a bugman, whatever that is. I'm kinda startin to freak out.

[Slapdash]

Hello,

@Lobster - I fail to recognize how fawlty or otherwise not working anti-virus software is Microsoft fault.

Because M$ efforts to protect its "market share" and to prevent you from finding out how YOUR computer works, ie..backgrounding everything, is what allows viruses such easy access....

I do not care how the machine works. I am not an engineer. I don't care how it works under Linux either. As long as it works and I get my stuff done. Which I do, Windows or Linux. If things are hidden in Windows on purpose, they are egually hidden from me in Linux (because I still find it to be obscure and alien, even though apparently it is quite transparent "deep inside").

Digression: I misspelled "faulty". Damn you Basil!

..Even if I am more secure, I'm so used to being insecure that I can't simply take my security for granted

LOL, That is what M$ wanted...

It may be so, but I don't see how it serves them in my case, since both the antivirus software and the firewall are free (in the sense of zero cost).
I admit that the general sense of computer security paranoia is a result of Microsoft's vulnerable system being so popular. But the feeling gets transferred to Linux. And it's difficult to shake it off for an unwilling to learn noob like myself

[puppyluvr]

Hello,

It may be so, but I don't see how it serves them in my case, since both the antivirus software and the firewall are free (in the sense of zero cost).

In your case it doesnt, because you are in the rare minority who arent brainwashed into the " Free cant work" and "You get what you pay (us) for" school of thought..

I said:

..............Yes, but with valid reasons.......................

If my Linux "crashes", ( Always my fault, I like to tinker..LOL), all my data is still there, and easily recoverable..

If Windoze "crashes" BSOD,` ect.. all my data is still there, and is also easily recoverable..WITH LINUX...
Without a Linux disc...Well...

Data recovery is big business...but usually all you really need is a Puppy CD and a USB stick...Or Puppy on a USB stick..

Maybe a better question would be:
Do you trust Microsoft???
Do you believe their desire is to create a good OS, or to get rich??
I trust Linus / Barry / WhoDo / Ttuuxxx / Myself / ect....
No one here is getting rich off of someone elses needs or fears..
Cant say the same for Red-Hat ect...

Eventually I would download and enable (make executable) files from anyone willing to offer a new .pet
Potentially that is risky. Never had a problem.

Bad Lobster.. LOL
Actually, if anyone created malicious software for Puppy, they would be easy to Identify, and deal with..

Lastly, I have many computers for which Windows drivers are unavailable, RAM is unobtainable, or for a multitude of reasons
Windoze is an unacceptable answer...
For those times, I trust Linux better than the Dumpster...
Many people are currently surfing / working / playing on machines, that without Linux, would be in the trash..
I know, because I rescue them, put Linux on them, and make someone who otherwise could not afford a computer, very happy...
They trust Linux. But hey, If it lets you down, you can always ask for your money back..
I trust that M$ wont do the same...LOL

[Pizzasgood]

Not likely, as Linux exposes ALL processes, so a "virus" has nowhere to hide...

That's what they want you to think. Just run ps and make sure all is normal, right? How do you know you can (still) trust ps though? If they can get in and insert malicious code, perhaps they have modified the core utilities too, to hide their presence.

In other distros that would be somewhat less of a thread, because if you aren't using root it's harder for them to get root access to mess with core things like ps.

Another thing is trojans. Maybe ps is fine. You run it and it lists normal stuff like bash, rxvt, and seamonkey. Except, maybe all of them have trojan code in them that steals keystrokes (bash and rxvt would be looking for attempts to log into things like ssh, or use su). Obviously, compiling your own binaries from "trusted" sourcecode is a decent solution for avoiding them in the first place, but they could still be replaced with frauds later on down the road.

One way to make sure the core utilities are correct is to keep a list of md5sums of all of them, and periodically check to see if they've changed. Of course, that assumes that the list is safe from hackers, and that the md5sum program is safe. Best to store the list on a read-only CD, and also have a read-only liveCD distro handy to use for checking it (you could automate it to boot, check that all is well, and display the result, to make things a bit easier).

That also assumes that "they" don't have a way to anticipate when you will make such a scan, because then they could shut down their malware and replace the originals before you initiate the scan, then use the same hole they used the first time to bring them back up again....

<Insert Mad-Eye Moody impersonation here>

I do of course believe Linux is much more secure than Windows, in case that wasn't clear...

I also become very suspicious of people who tell me they can be trusted 100%. Everything will break if you hit it hard enough. Bones, trains, melons, diamonds, atoms, planets, everything. Certainly mushy little humans. Some might be tough enough to choose death over deceit, but would they chose their wife's long drawn out death over deceit? A city block's? A country's? Everybody has a limit somewhere. Maybe it's a couple bucks. Maybe it's being indirectly responsible for mass murder.

Of course, there are other, subtler ways to break things. Counter force by redirecting it, not opposing it. Trickery can be much more effective if used properly. If a person doesn't realize he's doing wrong, then his moral strength is irrelevant.



I think the option I voted for is probably obvious at this point... Be very careful if you ever try to rob my house (when I eventually get one, and have things worth robbing). A paranoid engineer with an overactive imagination is not somebody to be trifled with.

[puppyluvr]

Man, am I glad you`re on our side...
You ARE on our side, right??
I`m not even sure that post should be public..LOL
Beware the dark side, young Jedi...
Only use your powers for good..

Besides, some people cant resist breaking "Windows"..
But who would want to hurt a Penguin...
Or a Puppy...

[Pizzasgood]

? Nothing in there that shouldn't be obvious if you sit down and think about ways to hack somebody. I know very little when it comes to protecting from (or exploiting) things like buffer overflows, besides keeping up to date, but not so up to date you're buggy.

Something many people forget about linux (when they have a normal distro) is that the hacker doesn't need to be root to see the user's stuff. Lack of root privileges prevents them from messing with too much of the system files, but they can still read your personal data, make modifications if they need to, monitor your browsing, and all kinds of other fun stuff. That's why Puppy's running as root doesn't make a huge difference security wise. The main thing non-root protects against, in a desktop environment, is having to reinstall the OS itself. In Puppy doing that is trivially fast, so it's a non issue. Besides which, if my user account was compromised I'd assume root was compromised too, just to be safe, so to me it makes no difference.

In a truly multi-user environment, like the linux servers my school has available so that students can run expensive software remotely for "free", the limited accounts really do help, because they isolate any problems to a single user. I can't ruin it for the other hundreds of people with accounts. Only for myself.




One element of Linux that hasn't come up much around here is gpg keys. Those allow you to be nearly certain that a message or package came from the person who it claims to be from. That's important in the realm of trust, because then you don't have to worry whether a package was tampered with between leaving the creator's hands, traveling through the net to the repository, and traveling from the repository to your drive. As long as the signature still matches, you know it's the real deal. That way, if you trust the people who created all the initial software, and you verified the signatures, you can have a computer that is initially trustworthy. Then before you allow anything untrustworthy into the mix, you create the md5sums and backups. From there out, if you are careful, you can keep the system mostly trustworthy. It can be a little trickier with things created on the fly, like config files, but if you do the actually installation and configuration of packages offline, then make checksums of those new files, you can still keep track of those too. It could become a hassle though.

And it doesn't take into account the ninjas. If you're up against people who can simply infiltrate your home and fiddle with the computer directly, you need a whole 'nother realm of security measures. Beginning with heavy encryption, followed by securing the premises (including searching for and eliminating bugs and covering windows facing the keyboard and monitor).

[Lobster]

@Lobster - I fail to recognize how faulty or otherwise not working anti-virus software is Microsoft fault.

It is possible that Bios protection should be improved. It is possible that government interests wanted access to data. It is known that MS have deliberate NSA security vulnerabilities and the FBI have recently revealed they have their own virus - or is it a trojan?

What is Microsoft's fault is creating an operating system that needs virus software to a degree where the solution is as malevolent and time wasting as the problem.

If your operating system needs security. Secure it.
(More clues on request)

[Slapdash]

@Lobster - I fail to recognize how faulty or otherwise not working anti-virus software is Microsoft fault.

What is Microsoft's fault is creating an operating system that needs virus software to a degree where the solution is as malevolent and time wasting as the problem.

If your operating system needs security. Secure it.
(More clues on request)

Well this is exactly what I said in my last post, and we can agree on that. I can also cautiously agree that some organizations, state-run or private, may use it to their advantage and breach our privacy. Even with them firewalls etc. I still have no chance of knowing if I'm secure. Maybe the firewalls themselves are bogus and only tell me I'm alright. We are entering the Paranoia Amusement Park,. please keep your hands close to your body at all times

As for securing my system - I think it IS secure, more or less (disregarding for the time being what I wrote a couple of lines above). I'm not yet educated enough to be able to tell if my Puppy is secure.

I am convinced that the Linux makers and tinkerers, such as Linus, Barry and you guys, are benevolent. The lack of money involved is a good indicator of that But I'm also sure that there are, or will be, people who will try to exploit the sense of security Linux gives. If the attitude is "It's Linux, I am impetrenable. Screw you evil hackers." it may become a weak point.

Pardon me for offtopping some more, but really, in comparison to my Windows, with Avast and a well configured Sunbelt firewall, how exactly safe Puppy is (firewall enabled)? Or should I rather make a new topic somewhere?

[Lobster]

Pardon me for offtopping some more, but really, in comparison to my Windows, with Avast and a well configured Sunbelt firewall, how exactly safe Puppy is (firewall enabled)? Or should I rather make a new topic somewhere?

Well I was having to run two virus checkers in XP (one did not catch all) and most people seem to accept that their Windows system is compromised and can not be secured. Bad.

If you start Puppy from CD-ROM (or from a CD-image on your hard drive) no potentially harmful programs can install on your computer. With every reboot all potential malware is gone.

There have been no reported Puppy security problems. So a 'Black-ops' project to test vulnerabilities has been started. Proactive.

If you need 'tin-hat' grade security here it is
http://www.puppylinux.org/community/blo ... cure-puppy

[tronkel]

I forget who said it exactly, but some guru of the Linux world has recently said: "Privacy? - that was yesterday!"

I have to agree here. If you need cast-iron secrecy or privacy, you should consider if using computers is a good idea for you at all. Maybe paper documents stored in an iron vault would be safer.

Do I trust Linux? Maybe not 100%, but certainly more than I do MS.
I think I would trust the cat to look after a piece of fresh Marks and Sparks smoked salmon more than I would trust MS to adhere to international norms.

[Lobster]

for those wondering (wot still?) if MS can be trusted
http://www.inbetweenmeals.com/2009/01/i ... virus.html

[Slapdash]

If I rememeber correctly, the question is about Linux not Windows?

[hillside]

If I rememeber correctly, the question is about Linux not Windows?

Indeed. But, it helps so much to set a question in context.