Seriously thoughtful Should I switch to Ubuntu, or stay with Windows XP?

[astra]

Quote:

Originally Posted by tirsales

There are nearly no viruses for Linux - ntl. I still have an Antivir (opensource) running (if not for my own protection, then I could (at least) tell others 'bout virus I found in their files )

Well as far as I know it is not because Linux is more secure, it is just a matter of time/willingless of some idiot to write one...
Of course, there is no widespread attacks....what is a percentage of linux usage vs. windows? 10% vs. 90%?

What I am trying to say is that if I were to use Linux as my main desktop machine with all the passwords, banking, etc., I would not dismiss Antivirus so lightly. Maybe firewall as well.

[tirsales]

Quote:

Originally Posted by astra

Well as far as I know it is not because Linux is more secure, it is just a matter of time/willingless of some idiot to write one...

This is actually not (totally) true - of course part of it is based on "no interest in generating virus attacks", others are based on a completely different design.

Quote:

Of course, there is no widespread attacks....what is a percentage of linux usage vs. windows? 10% vs. 90%?

Depends. Desktop or Server?

Quote:

What I am trying to say is that if I were to use Linux as my main desktop machine with all the passwords, banking, etc., I would not dismiss Antivirus so lightly. Maybe firewall as well.

Firewall? Well, forget about desktop firewalls - they are bullshit. (I am not talking about package filtering IN THE KERNEL (which both, windows and linux are capable of doing)). Dedicated firewalls are never a bad idea - and as I wrote, I am not running a Linux w/o Antivirus, and I would not recommend to do so (though, of course, it is much more secure then doing so in Windows).

--edit: German source from the Chaos Computer Club

[astra]

I am not firewall pro.
I believe that my Linksys NAT capable wireless router does the most important bit of defending me from intrusion but I use ZoneAlarm to prevent some s/w on my PC to access the Internet without my explicit permission.

[smurphy]

*lol* Love these talks about Linux
The fact that the source-code is open, provides nearly any half-skilled nerd the possibility to write virus-like code for the linux OS. However- the thing is that most distributions nowadays force users to work as non-priviledged users, e.g. not as Admin.
This makes it very hard for a nerd to write a virus-code that executes and does something nasty. So - viruses, even if you catch one under Linux, will not eb able to do anything that requires priviledged access ...

And - regarding firewalls please always keep in mind - most firewalls are preventing anything from outside (Internet) to come in (Intranet / Your local LAN). What most people do not know, is that whenever a user issues a request from inside the LAN to the Internet, the Firewall will await the response from outside and let it pass through (easily said).
With this - I just want to tell - that the Firewall will just prevent non requested traffic to get through. If now, the user goes on www.xxx.xx - and there are some javascript-code that install a program on his computer - the mistake is all the user's ... and that's where usually Antivirus programs come very handy. Especially under windows where most users have Administrator privileges, and it's easy for any malicious script to execute a program to install a bad trojan or whatever on the box.
The thing now is, that under Linux, you will "almost" not be able to run a .exe programm (except if you have wine / similar installed and your browser knows about the lining)

Please note - that for gaming I do have a win-box, with Windows XP SP2 - and NO - I repeat _NO_ antivirtus - installed.
And this for years now - with no virus infection so far ...
1. My Lan is secured both ways. I configured my firewall to let pass only specific traffic in _both_ directions !
2. I don't go to unknown websites under Windows
3. I know my system and the way it behaves !

That works Believe me

[tirsales]

Quote:

Originally Posted by smurphy

The fact that the source-code is open, provides nearly any half-skilled nerd the possibility to write virus-like code for the linux OS.

You have never tried, have you?

Quote:

This makes it very hard for a nerd to write a virus-code that executes and does something nasty. So - viruses, even if you catch one under Linux, will not eb able to do anything that requires priviledged access ...

There are root-exploits, and finding them is the hard part about writing viruses

Quote:

What most people do not know, is that whenever a user issues a request from inside the LAN to the Internet, the Firewall will await the response from outside and let it pass through (easily said).

And thats just one of the reasons why a Desktop firewall is NOT secure.

Quote:

The thing now is, that under Linux, you will "almost" not be able to run a .exe programm (except if you have wine / similar installed and your browser knows about the lining)

And even then - I've yet to see a root exploit from within Wine

Quote:

1. My Lan is secured both ways. I configured my firewall to let pass only specific traffic in _both_ directions !
2. I don't go to unknown websites under Windows
3. I know my system and the way it behaves !

That works Believe me

I guess you are not talking about a desktop firewall - but about a real firewall (or, at least, an IP filter)
And I never objected to those

[tirsales]

Quote:

Originally Posted by astra

I believe that my Linksys NAT capable wireless router does the most important bit of defending me from intrusion but I use ZoneAlarm to prevent some s/w on my PC to access the Internet without my explicit permission.

And thats the little mistake - ZoneAlarm itself has errors. (I am not saying that ZoneAlarm is a bad product - every software has errors). There has been more then one case of "root exploits inside a desktop firewall" - and then the firewall itself is a security problem.
A well configured system does not need a desktop firewall, a badly configured system does not profit from it.

[Sweetpea]

Quote:

Originally Posted by tirsales

I guess you are not talking about a desktop firewall - but about a real firewall (or, at least, an IP filter)
And I never objected to those

The best firewall, in the end, is the end-user.

Firewalls can (and will be) turned off, virus scanners will not stay up to date by themselves and will also be turned off, people will still open unknown attachments without looking and install activex controls from websites (naturally, that goes for Windows only). Or open email from people they don't know and link to websites from those emails. And people will still enter usernames and passwords at phishing sites.

I don't think a simple application is the solution. You'll need several. And even then you aren't completely safe.

And I agree with this:

Quote:

A well configured system does not need a desktop firewall,

but I'd like to add to that:

Quote:

a stupid user does not profit from it.

The first part is to educate the user how to use the internet safely (we managed with my mother, so it should be possible!)

[smurphy]

Quote:

Originally Posted by tirsales

You have never tried, have you?

There are root-exploits, and finding them is the hard part about writing viruses

And thats just one of the reasons why a Desktop firewall is NOT secure.

And even then - I've yet to see a root exploit from within Wine

I guess you are not talking about a desktop firewall - but about a real firewall (or, at least, an IP filter)
And I never objected to those

Oh - I did ... I did actually that to test security software while I was working for a Security company and I used wine to actually avoid rebooting into windows. And what you can do with Wine - is amazing if you know the right hooks. Wine is actualy just used to generate a buffer-overflow which then drops the exploit code into a root-owned shell to install software...
I admit - it took me a while to figure this out

And you are right - I am talking about the Full State Inspection "Packet filters" usually sold as Firewalls by ISP's

[smurphy]

Quote:

Originally Posted by Sweetpea

The best firewall, in the end, is the end-user.

Firewalls can (and will be) turned off, virus scanners will not stay up to date by themselves and will also be turned off, people will still open unknown attachments without looking and install activex controls from websites (naturally, that goes for Windows only). Or open email from people they don't know and link to websites from those emails. And people will still enter usernames and passwords at phishing sites.

I don't think a simple application is the solution. You'll need several. And even then you aren't completely safe.

And I agree with this:



but I'd like to add to that:




The first part is to educate the user how to use the internet safely (we managed with my mother, so it should be possible!)

Please keep in mind 1 thing.
Many people do actually think, that having security software for every bit is the best thing to do.
However - I tend to enforce the KISS principle on my systems. "Keep It Simple Stupid". In fact - if you have nothing that is going to fiddle in the background of your system all the time, doing loads of things you don't understand anyway - detecting a strange behavior is very simple.

If in fact, you have An AV installed, Zonealarm, all kind of other Filters to filter out Pop-up' s, privacy filter etc. - you will not know what is going on - and, last but not least, you will stop thinking about securing your own data and behavior on the net - which IMHO is the biggest Mistake every Human sitting in front of a computer screen - is doing !

[wodin]

Quote:

Originally Posted by BlackVoid

I would have switched to Linux a long time ago, if it were not for the applications. There are a lot more applications for Windows than Linux. Even the Sony Connect software comes for Windows only.

Speaking of that, is there a decent eBook reader for Ubuntu?

[Moejoe]

Quote:

Originally Posted by wodin

Speaking of that, is there a decent eBook reader for Ubuntu?

Calibre? That's what I use anyway (don't install from the repositories, use the page on the main Calibre site).

[tirsales]

Quote:

Originally Posted by smurphy

Oh - I did ... I did actually that to test security software while I was working for a Security company

That hardly applies as "average nerd"
I am well aware that it is possible to write viruses for Linux - though I doubt that any "professional virus-author" needs the source code to do this - I just doubt the point "easy" (see, among others, the point regarding root vs user access)

Quote:

And what you can do with Wine - is amazing if you know the right hooks. Wine is actualy just used to generate a buffer-overflow which then drops the exploit code into a root-owned shell to install software...
I admit - it took me a while to figure this out

I admit, I have never seen an attack like this *in practise* and I guess that it will have to be a finely crafted one (not your average Windows attacck )

[kiswa]

Quote:

Originally Posted by wodin

I'm not sure if this is the right forum for this question, but if you need to ask, you'd better stick with Windows. Linux is very capable but is very unfriendly.

Not all Linux is unfriendly.

I would recommend you take a look at Linux Mint. It's based on Ubuntu, but is even more user friendly. Visit the site, look at the forums and see what you think.

And since it's based on Ubuntu, you get not only the Linux Mint forums for help, but also that Ubuntu forums (if you need help that is - basic user stuff will work 'out of the box' as they say).

[kacir]

Quote:

Originally Posted by kiswa

And since it's based on Ubuntu, you get not only the Linux Mint forums for help, but also that Ubuntu forums.

Yesterday I have set the system taskbar in my Mint installation to "autohide". I did not like the way it was animating the "unhiding", I did not like the response time. Since the desktop is basically heavily tweaked Gnome, there is no option to set precise parameters from GUI. Some users might get confused.

It took me 30 seconds to google up a working solution on Ubuntu forums.

There is a command (yeah ... I know ... Command) gconf-editor that starts nice GUI tool for tweaking Gnome. There is probably an icon in Mint Control Panel, but this is quicker.

[=X=]

Quote:

Originally Posted by smurphy

Oh - I did ... I did actually that to test security software while I was working for a Security company and I used wine to actually avoid rebooting into windows. And what you can do with Wine - is amazing if you know the right hooks. Wine is actualy just used to generate a buffer-overflow which then drops the exploit code into a root-owned shell to install software...
I admit - it took me a while to figure this out

And you are right - I am talking about the Full State Inspection "Packet filters" usually sold as Firewalls by ISP's

Am I the only one who sees the irony of using a Windows emulator program to write a virus in Linux?

Quote:

Originally Posted by wodin

Speaking of that, is there a decent eBook reader for Ubuntu?

There is calibre, and for other flavor's of linux there's the kindle 1/2, Sony PRS-505, PRS-700, etc..)

=X=