get real

Story: The Linux vs. Windows Security MysteryTotal Replies: 9
Author Content
tuxchick

May 13, 2011
11:10 AM EDT
Vista is garbage, 7 is re-branded Vista, and XP is still the best Windows. It's also the most secure windows. You should read the PDF-- one might think, hey this comes from the NSA, so it should be good!

It's not. Just another re-hash of all the '10 Ways to Be Secaur' articles that infest tech publications, with the same tired advice like 'spend a bunch of money on third-party security software'. It talks about Apple too, but not one word about Linux, no, not even the glamorous celebrity Ubuntu. How can you take seriously a paper that starts with "The cyber threat is no longer limited to your office network and work persona"?? When was it ever? And that calls Vista and 7 "modern" operating systems? It must be a comedy piece.
phsolide

May 13, 2011
12:19 PM EDT
Every time MSFT comes out with a "new" operating system, i feel so tired. It's always "The Best Windows! Ever!" and "Now With MORE SECURE!". And then 8 zillion security problems cause MSFT to recant their promise to never issue another service pack. After 8 zillion more problems, the trade rags annouces that Windows ??? SP 2 is now in complete collapse. Time to more on, people. Some mixture of ugly technology and culture causes Windows to be the Dragon King of malware platforms.
tuxchick

May 13, 2011
12:39 PM EDT
Charlie Brown, Lucy, and the football.
helios

May 13, 2011
1:24 PM EDT
My thoughts exactly...

http://linuxlock.blogspot.com/2009/08/windows-users-charlie-...
vainrveenr

May 13, 2011
2:09 PM EDT
Although the original PDF article by the Information Assurance Mission at NSA successfully avoids mentioning these at all, the *BSD's should almost certainly be mentioned together with "Windows ???" and Mac OS X in any serious discussion of an OS's security.

Mac OS X's kernel core is essentially based upon at least one of the *BSD's (see the Mac OS X Wikipedia at http://en.wikipedia.org/wiki/Mac_OS_X), so it would seem to make sense that the *BSD's should be mentioned in passing. And the NSA does emphasize ever-so-slightly more complex terms such as "Host-based Intrusion Prevention System (HIPS)", "sandboxing", "Full Disk Encryption (FDE)", "SSL Encryption", and "Data Execution Prevention (DEP)" so the argument may end up moot that the *BSD's are much too complex for the target audience of the NSA PDF article to grasp.

Which then gets to the key question of the Who is the target audience in this NSA 'Best Practices...' PDF release??

Near the end of the LinuxInsider piece, Noyes clearly notes the obvious irony here:
Quoting:"Home users will never even see this, never mind read it," Hudson explained. "Business users? If they haven't switched by now, a pdf bearing the NSA's imprimatur isn't going to count for a hill of beans next to the considerations of software that can't be migrated from XP, or the costs and time of migrating desktop users to a new version.

"Besides, most of those installations will be taken care of over the next few years by simple attrition or migrating the users to tablets," she added.

"So who *was* the real target audience? I would have to say it's the boss of whoever at the NSA ordered this written, to 'show they're doing something' so they can justify their paycheck," Hudson suggested. "After all, haven't your tax dollars always been used for NSA -- New Spending Authority?


Yes, the NSA should get real!!

It may be more likely that advanced home users will hear about (and use) Linux, the advanced security capabilities of Mac OS X's *BSD-based kernel, and the *BSD's, than they'll hear about the NSA Information Assurance Mission's vested-interests-serving 'Best Practices' release. And as far as the NSA knows, advanced home users have already heard about these former three, and the NSA may be just as blind in this matter as blogger Roger Pogson suggests in 'End of Oversight – Beginning of Blindness', http://pogson.6k.ca/ .



Steven_Rosenber

May 13, 2011
2:23 PM EDT
I was going to write about that NSA thing, but I lost interest pretty quickly. I agree with the ends but not the means. They advocate using Windows 7 Ultimate because you can do full disk encryption ... but even among Windows users, it's mostly Home Premium, not Ultimate. And you can do all of that in Linux and spend $0.
BernardSwiss

May 14, 2011
12:36 AM EDT
Quoting:XP is still the best Windows. It's also the most secure windows.


Seriously? I was under the impression that one of the few good things one can say about Windows is that its security has improved since XP. (And the practical experience of my Windows-using acquaintances seems to bear this out).

From my look at the document, it appears to be fairly good, best practices advice for Windows users, who might be persuaded to actually consider making a few small adjustments presented in fairly simple, clear terms.

If my aforementioned acquaintances were to ask my opinion about this brochure, I'd tell them they would be probably be better off switching to Linux -- but since they won't do that, they should most definitely follow the advice in that brochure.

helios

May 14, 2011
10:14 AM EDT
I have a client who runs a consulting firm and she has 7 computers running Windows Vista Professional. She paid obscene amounts of money to have specialized software written for her specific needs thus, a full-blown migration to Linux isn't practical.

Besides, doing so would destroy a fairly lucrative revenue stream. ;-)

It is rare if I am not called out at least twice a month to fix problems concerning viruses and malware, and trust me, I have her machines protected to the point of paranoia. And as much as it pains me to do so, I have to give the appropriate kudos to Microsoft for MS Security Essentials. It's probably the best AV and AM software available for the price....or any price for that matter.

But then again, it should be...who knows viruses and malware better than Microsoft?

She invested in the Win7 upgrade for her Vista computers and did the installs herself since they are fairly straight forward. They went without a hitch.

4 days later, I had to come out and kill the AntiVirus 2010 malware nuisince from 2 of her machines..."fully protected" machines I might add. She won't let me block ports or restrict users as she feels it breaks the trust bond between her and her employees. Fine by me...I have a kid to put through college.

My long-winded point is simple. Place all the safeguards you want. A sloppy or careless/uncaring computer user will find a way around them.

We're now negotiating a deal for a dual boot on two machines with Windows running under VirtualBox. She's gonna need to upgrade her RAM but I think that might be the best solution available.
tuxchick

May 14, 2011
11:33 AM EDT
The old dodge of blaming users for Windows' incurable defects is pretty worn-out. Not that people are always blameless, but you can't sail a sieve no matter how much calking you slather on it.

Bernard, the NSA article is titled "Best Practices for Keeping Your Home Network Secure." Honest advice for that topic is "Don't use Windows because it is not secure-able."
jdixon

May 14, 2011
10:52 PM EDT
> I was under the impression that one of the few good things one can say about Windows is that its security has improved since XP.

The security infrastructure has improved in Vista and 7. That doesn't necessarily translate to improved security.

With Vista and 7 you can actually run non-administrative accounts and expect things to work (most of the time). And with UAC enabled, you actually get some protection from programs trying to access administrative functions. The first problem is that most home users are going to turn off both features. The second problem is that the UAC messages are going to confuse the average user enough that they'll end up allowing malware anyway, even if both features are enabled.

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!