kasia in a nutshell

Agreed. Part of the Windows problem is using the file's extention to decide whether to execute it or not (.BAT, .EXE, etc.). Then have the OS hide the extention!

I can't picture my mom typing chmod yet, but there's a lot of sense behind not allowing something to execute until it's specifically allowed to.

Some of the viruses/worms depend on social engineering too. For example, you may have a mail with attachment that tells you "Click here to install a screen saver of Cindy Crawford". In Linux, the mail will have to read something like "Copy this attachment to your /usr/bin/ , then do chmod a+x /usr/bin/cindy.scr. From a xterm launch cindy.scr to see the Cindy Crawford screensaver".

Any guesses which option seems more likely to induce the user to do what the mail advises ?

Also, the pervasiveness of scripting and well-known backdoors with tendrils well into the depths of the kernel are responsible for a large part of the problem. If there were a standard UNIX mail client which allowed arbitrary emails to execute arbitrary commands on the user's account, that client would be just as big a vector as Outlook.

The main problem with Outlook is that it has too much functionality which really isn't all that necessary (or useful) for email, but which has quite a bit of room for buffer overflows and arbitrary script execution through dodgy MIME type handling and so on. "Ooh, this image is of type application/ms-octet-stream - better call its handler to display it! Oh, its handler is exec()? Okey dokey!"

Yes but you're missing a key point in Windows versus Unix issue. No user/admin/guru of Unix would *EVER* consider leaving the root password blank. I'm a casual Unix user and even I use a password there on stand alone machines. In Windows users often leave Administrator (the closest thing to root in Windows) with a blank password. Regardless of the security model, I'm pretty sure that dumb ass users would be just as bad on both Unix or Windows - it's better for all of us that Unix isn't as widespread or else yes, I believe there would be just as many exploits on Unix as Windows. Besides, virus writers want attention so yes, they will always target the OS with the largest install base to make the biggest splash - the problem with it these days is that they make it seem easy on Windows.

The worst virus risk to a PC is a User, regardless of OS.

A Linux virus would not be at all pointless: one does not need root permissions to cause all kinds of problems. A non-root program, if run, could easily add itself to the user's .profile, daemonize, and then do one of many things: become an IRC/DDoS bot, be an anonymous open proxy for the bad guy, scan other networks for vulnerabilities, or send spam/viruses. Most "bad stuff" on the internet doesn't require superuser.

Instead, the saving grace for Linux is not the non-admin user, but there being no culture of self-executing attachments (or even *any* kind of executable attachments). That, and the very small number of Linux mail users, is what makes a Linux virus pointless.

But not the non-admin.

one small comment to add to the mix; there have been hundreds of "escalation" exploits that would allow a linux virus to "obtain" root. virii, on any platform, don't have to be run as root to be dangerous.

yes, many windows users run their machines from a horrifically overpriveledged account. however, the solution to this problem isn't further restricting users, its further restricting bits. there should simply be no way at all that a rouge program can get access to my address book, or my nic, or my browser, regardless of the permissions of the account that has been hijacked.

Do you honestly expect some homebody who can't figure out which port to plug their new printer into is going to know (let alone do) about switching to "root/administrator" when they need to do anything of importance? Yea...OK.

I'm reformed windows user and I still find myself running as root way too often. Why? Because too many Linux things still don't ask for a root password if your running it underprivelaged. So, its far more convient to run as root.

I know! I know! I'm trying ;) It takes time to get around a bad habit

Chris: look into "sudo", which is much better than "su" for running stuff as root now and then. It takes a bit to set up (and the config file format is kinda dumb), but once you get it going, it's really easy to just do

$ cd /source/something-1.2.3
$ ./configure
$ make
$ make test
$ sudo make install

I have heard of sudo for a long time, but it's been much, much more useful than I expected. It's worth the struggle to get comfortable with.

I see three issues with this:
1) Normal users getting a new PC often just run with Administrator-privileges because it's easiest. And that's sadly true (see 2). People often get angry because they can't do the things they want on their new PC which costed them 1000$+. So they see that if they run as Administrator (aka root :)) they can do almost anything they want (happily the settings for having the Administrator running with SYSTEM-privilegies is deeply hidden :)).

2) Developers often have Administrator-privilegies which is BAD! BAD! BAD!. They should be part of the Debugger-group, but nothing more. Having Administrator-privilegies hides all kinds of errors for them, which occurs when a good standard user tries to use their program. For example, many programs uses registry settings in HKLM (which on a standard system only Administrators have rights to write to) instead of HKCU. If all developers read "Developed for Windows" logo guidelines (http://www.microsoft.com/winlogo/default.mspx), the Windows-world would be a lot better :).

3) Using the runas command gives you IMHO all/most(?) of what su gives you. Another nice thing is that Windows asks you if you'd like to run setup-programs in a different account than the one you're running the program as.

For more information about developing without administrator-privilegies and all the problems you can run into, check out these blogs for example:
http://www.iunknown.com/000214.html
http://staff.develop.com/candera/weblog/2003/02/06.html

regards,
Andreas Häber

As Randy says: "The worst virus risk to a PC is a User, regardless of OS."

If Windows didn't exist and most companies were using UNIX, can you honestly say that bimbo-secretary would not open that "I love you" message and run the attachment? It all comes down to the daft people (or uninformed, at least) who "can't resist having a look".

It's a redundant argument, anyway: the OS has little to do with it if it's set up properly.

Hell, how many companies do you know who have a *proper* set of security policies set up in Windows? Users will always win with "But I can't do xyz now!"

Ho hum. :)

I had one guy in my computer science program, who was, both the biggest dick, and the biggest linux advocate I ever saw. And he would always run everything as root. Claimed it didn't really matter on his laptop and such, even when I showed him it was a bad idea.

There are those die-hard linux fans who are just as bad as the normal windows users.

You cannot currently do everything as a Visual Studio .NET programmer as a non-administrator (at least if you are doing ASP.NET development. It would be nice if you could, but just now, you cannot.

On the subject of not running as administrator, the problem for the vast majority of users is that they just do not have it in them to keep two user accounts straight. At least, my mother-in-law certainly does not (my Mom might be able to, because my step-dad is a programmer type who could help).