When Does Usability Become a Liability? 930
nasteric asks: "I caught myself in the middle of a very interesting discussion last Friday over Krispy Kreme donuts and coffee. The discussion had to do with usability and security. Many of the Microsoft Administrators I work with argued the more user friendly Linux becomes, the more vulnerable it becomes. They claimed making Linux a friend of Joe User will require it to 'open itself up' and become more susceptible to attack. Needless to say, this became an endless debate between our Microsoft Administrators and our Linux/Unix Administrators that will undoubtedly continue into the morning. Therefore I pose this question to the Slashdot community. Will making Linux more user friendly result in it becoming less secure? Hopefully your expertise will help shed some light on (and bring to and end) our discussion." Does decent usability necessarily imply the presence of vulnerabilities? Macs seem to have this area down pretty well, with little in the way of vulnerabilities. Can Linux software follow the same route?
Re:It's all in the install program... (Score:4, Informative)
Re:oh of course! (Score:2, Informative)
Re:Mac OS X "trojan"? (Score:5, Informative)
I assume that most Mac mailers observe the MacMIME [cmu.edu] spec. This makes sending forked files through email a transparent process.
(Not arguing with the rest of your post -- I think it would be a lot easier to trojan Mac users with a "Install this Cool Screensaver" thing instead of jumping through hoops with a fake MP3.)
Re:Yes (Score:5, Informative)
There is no need to log into an admin account to do any of this kind of stuff under OS X.
I've also never seen an OS X app that says you have to give all users all perms to the root folder, or have everyone running as admin, or open up the program folder for everyone to write to because settings are being stored in the wrong dang place.
Windows could be a lot more secure, but Microsoft doesn't go far enough to shame software vendors into sticking to the logo requirements. How many times have you Windows admins had to support a desktop app or driver for a peripheral that REQUIRES admin or power user rights? It's insane that there are Windows programmers that are still writing crap like this today.
Re:Yes (Score:5, Informative)
Re:Mac Security (Score:3, Informative)
Re:"Microsoft Administrators" have no perspective (Score:4, Informative)
How about "familiarity breeds contempt"?
How about post hoc, ergo propter hoc?
Re:Yes (Score:3, Informative)
They're not. Most drivers that require admin rights to run were written in the days of Windows 9x, and because the device-maker doesn't make that product anymore there is no proper Windows NT/2000/XP driver. It's just that the company or user is too cheap to buy a modern version of the device, and instead resorts to the security-weakening workaround that's free.
Not exactly, but there is some truth to it (Score:4, Informative)
On the other hand a system infected with viruses and trojans can be un-usable.
In all fairness to MS, the Windows history is from a novice single user or small work group. Windows was kinda of thrust onto the Internet, by, well, the growth of the Internet. It is more usable and less secure because of that.
Linux has the whole multi-user UNIX, USENET, geek, Internet history behind it. It is more secure and less usable because of that.
I see Windows and Linux evolving toward each other in security, in usability and in many other ways.
Re:It's all in the account setup... (Score:5, Informative)
Except it's not quite the same. On Linux, graphical apps, at least the ones that are part of the distro's admin tools, prompt for the root password if they are started by a regular user. Windows XP, as far as I've been able to tell, doesn't do this. Ordinary *nix apps are designed to run with user-level privileges, and this has been so from the beginning. Many Windows apps, however, are written with a permissive environment like Windows 95/98 in mind, so apps do things that only work if the "Program Files" directory is writable. Most Linux distros have a regular user account created as part of the installation. Any additional users created as part of a Windows XP installation have Administrator privileges by default.
On a typical Linux box, running as a regular user is usually the path of least resistance. The opposite is true for Windows XP.
Re:Wha? (Score:4, Informative)
burn song.wav to cd1 as audio-cd
burn all songs in c:\mp3 to cd1 as data-cd
that would be pretty easy and friendly. But no os does that AFAIK. No reason you couldn't make a bash alias to do that and then it would be easy for people.
Actually, that looks pretty close to AppleScript. Unfortunately, the "ease of use" tends to become a liability to advanced users, as they have difficulty remembering the syntax.
Re:It's all in the install program... (Score:3, Informative)
No longer true as of Windows 2003.
IMO, the biggest flaw is Windows security is the legacy the crappy default file permissions Windows NT has left us with. These had everything R/W to everyone, more or less.
Applications developers are still writing software that (a) assumes this is still true (only true if the user is an admin) and (b) writes files outside of the user's profile (requiring point (a)).
Until this is fixed, dumb Windows admins will continue giving people local admin privileges as a matter of course, leaving the door wide open to whatever MalWare happens to arrive in their inbox.
Re:Wha? (Score:5, Informative)
Sorry, I do not have the source available. The study was discussed in the NYT within the last year or so.
The answer is "no" (Score:3, Informative)
When you install a Windows app, it typically wants to go in and overwrite/add
Linux/Unix, on the other hand, has always, always always been about networks and shared access. And the apps have always been written as such. Users can install and run apps straight from their home directories without having to add or change anything in
I guess what I am trying to say is that Linux won't be necessary to "open up" as it becomes more user friendly because it and the apps that run on it have been written with the idea that it's a shared system. Give the user their sandbox to play in and don't let them touch the rest of the system. Saying opening up the system Windows style is apples and oranges because Windows was originally created with a single, trusted user in mind, and it's been impossible for Microsoft to extricate themselves from that trap they set way back when. If you want an analogy, take a look at SMTP. If it was originally built with distrust in mind would we be having the problems with spam we are today?
Been that way since 1984 (Score:3, Informative)
1. All Mac OS and Mac OS X applications have always been able to have any icon.
2. All Mac OS applications and all Classic/Carbon applications under Mac OS X, have always been able to have any name...including misleading names.
I would hardly call this a "deep-rooted, system-wide flaw". What does a Linux command-line executable "look like"? And indeed, it, too, can have any name, yes? Is that also a "deep-rooted, system-wide flaw"?
In fact, this item is revealed as the application that it is in every Finder view *except* icon view (which is also how it will appear on the desktop). Even a simple Get Info reveals that it's an application. The "solution", if one is needed, is to visually badge and/or identify something as executable, possibly with some small addition to its icon, as is done with aliases.
But no, this is not a "flaw" any more than it's been for the last two decades. (And for the market share number enthusiasts, this EXACT same "technique", as it were, was possible during the heyday of Mac market share as well. In fact, it's probably been "exploited" countless times. That's because the "exploit" is nothing more than tricking the user into running something they shouldn't.)
Re:Yes (Score:4, Informative)
> Most "viruses" at the moment need a stupid user.
Hmm, I was under the impression that most viruses these days just need a stupid email client (read: Outlook), with no intervention by the user required one way or the other.
A virus, by definition [ic.ac.uk], requires human intervention to propagate.
A worm [ic.ac.uk] can propagate without human intervention.
Re:Memory Permissions (Score:2, Informative)
"Oh. *Ahem* That's because Nautilus views samba shares through the VFS subsystem, which only some Gnome applications actually implement, and none of the applications you would use. So to work around that, honey, just copy-and-paste into your home directory, then double-click the new file, edit it, save it, then copy-and-paste it back onto the samba share using Nautilus. Or if you like, I can su root, change the smb.conf, send a USR1 signal to smbd and then mount the share. That'll work except when you boot when outside of wireless LAN range. Then an additional reboot may be needed."
"Honey?"
Re:Wha? (Score:4, Informative)
Its not as bad as you make it sound. The software in question is essentially a directed brainstorming application that helps authors make sure their ideas for a novel adequately cover the many different levels that many critics think are essential for a 'good book'. It isn't exactly 'point and drool'...
Re:Apple doesn't think so (Score:3, Informative)
Ahh, that's a fantastic idea. Foolproof.
Downloading email attachment to
[~/attachments]$ ls -l
-rwxr--r-- 1 joeblow joeblow 124 Apr 11 16:30 virus_scan.sh
[~/attachments]$
This utility requires a root password to run. Password: ***********
<snip deleting files>
Except that it doesn't work like that. You see, under OS X, the root user is disabled by default. "Administrators" in OS X parlance, are users authorized to do sudo-permitted functions as root. In order for an admin to gain true root-level permissions, they need to enable the root user in NetInfo, and then su to root. If they enable the root user, they are circumventing the protective measures Apple put in place. But Apple *did* put them there, and they *do* work if left alone.
By the way, it's obvious that you are a Linux user, and have never seen the guts of OS X. The following directory structures don't even exist under OS X:
You're just like the Windows Admin talking about Linux security. Ironic, eh?
Re:Asbestos suit time (Score:3, Informative)
C:\> RUNAS
RUNAS USAGE:
RUNAS [/profile] [/env] [/netonly]
program command line for EXE. See below for examples
Examples:
> runas
> runas
> runas
NOTE: Enter user's password only when prompted.
NOTE: USER@DOMAIN is not compatible with
Re:It's all in the account setup... (Score:2, Informative)
While it is true that Windows XP accounts created during setup have full Administrator rights, you don't have to operate the OS that way.
To run with user-only permissions:
Go to Control Panel, User Accounts.
Make sure the Administrator account has a password, and that you know what it is. Very important! If you don't know the password, set one by choosing Change an Account > Administrator > Change Password.
Change your personal account to a limited account, by choosing "Change an Account > Your Name > Change the Account Type." Change the account type to "Limited".
Log off, and log back on again.
Ok, now you're logged on as a User, with a limited account. Congratulations.
Go to Control Panel, choose Add / Remove Programs, and go to Windows Components.
Notice that you don't have administrative rights. Close Add/Remove Programs.
Now here's the tricky part:
Hold down the Shift button (left or right), and right-click the Add/Remove Programs icon.
Choose the "Run As..." option. If you don't have the Run As option, the "Secondary Logon" service may need to be started. Log on as Administrator, right-click My Computer, Manage, go down to Services and Applications, Services, and double-click on "Secondary Logon". Set to start Automatic, and click Start.
Choose "The following user:", and enter in the Administrator account and password.
Voila! You've done the equivalent of "sudo", and are now running the Add/Remove control panel (and any processes spawned) as Administrator.
You can do the same with nearly any icon or shortcut, and for the command line, there's the "runas" command.
Quite useful, really.
Re:Apple doesn't think so (Score:3, Informative)
I think you're still overlooking an important point: in MacOS X, administrator-level and root-level are NOT the same thing. Administrator-level functions are a subset of root-level functions. There are things an administrator is NOT permitted to do (and deleting System files is one). If the root user is disabled (as it is by default), those files simply can't be deleted, no matter how clever the script kiddie is.
I think that was the point of this thread, wasn't it? MacOS X was held up as an example of the way an operating system can be both usable and secure at the same time. In MacOS X, you can do any admin-level tasks as a non-root administrator, EXCEPT destroy the system.
And you're right; that directory structure is from my own install of Gentoo. But the example was not intended to address a specific problem.
No, but it illustrates that while you are clearly not familiar with the technical workings of MacOS X's security features, you are quick to dismiss them as useless. My point was that you should take some time to understand MacOS X security before you just shoot it down. I was a Linux user and admin from 1995 to 2002, and I've been a FreeBSD user and admin since 2000. I've installed and managed AIX, SCO, and Solaris systems, as well. I'm very familiar with Unix/Linux security, and I find Apple's solution to be an excellent mechanism for padding in the average user, while allowing the pro/admin to get into the guts of the system. In my opinion, "user-oriented" Linux distros should take note of Apple's methodology in that area, because they could learn a thing or two.
Not a lazy analysis (Score:3, Informative)
==
Operating Systems Used to Access Google
February 2004
Windows 98 23%
Windows XP 46%
Windows 2000 18%
Windows NT 3%
Mac 4%
Windows 95 1%
Linux 1%
Other 4%
==
That's Windows 91% vs Mac 4%
I'm not saying Mac's are more or less secure then Windows, because I have touched a Mac in 12 years.
I am saying that
"Security experts say this state of affairs primarily reflects the Mac's very small share of the personal computer market, which makes it an unattractive target for virus writers looking to spread mayhem."
is hardly a lazy analysis. When there are 22.75 Windows Boxen for every Mac, you can assume that:
Virtually all hackers are familiar with Windows.
As a Windows guy, I haven't had to touch a Mac for years.
That's not the case with Macintosh guys.
A Windows attack would reach 22.75 times the audience as a Macintosh attack.
Further more, Macintosh and Linux users are experienced enough with computers to know what an Operating System is.
These people are experienced enough to download patches, and not open all attachments.
I meet people who don't know what version of Windows they are running. These people cheerfully sign up for Gator(Grrrrrr....), double click attachments, and haven't updated virus definitions since the day they got their computer.
Again, I'm not saying that Windows is more secure, I am saying that it's ubiquity has made it the target to attack.
Sangloth
I'd appreciate any comment with a logical basis...it doesn't even have to agree with me.