Your Linux PC Isn't As Secure As You Think It Is

CreepyUncleGoogle said:
The BASH thing was patched within like less than 12 hours of being announced which is a lot faster than waiting until update Tuesday for Microsoft to release yet another set of broken updates.
Click to expand...

Depends on what announcement you are going off of. For instance, I knew about the vulnerability from various announcements at least 2 weeks before it was patched by Linux. Also just because it is patched in the Linux kernel, does not mean it will be patched in various distributions or in products based off the kernel. For instance many appliances use the Linux kernel as their base, but they didn't have patches for months. You have to remember companies that have systems based off the Linux kernel need to test out their products with the new patch before they can then release a new patch of their system for their customers. Comparing patches for Linux to those of Microsoft is disingenuous as you are comparing apples and oranges. Microsoft has an all inclusive system with many built in applications that all need to be tested against the new patch. Even with all that testing some problems leak through even after the patch is finally released. The same thing happens with Linux, albeit sometimes even more prevalent. Because it is open source, many times they leave a lot of the end testing and compatibility testing up to the end user, rather than fully testing it before it goes out.
 
heatlesssun said:
Even if it were possible, how do you prove that a non-trivial system contains zero defects? And that would the proof even be? Sure human deficiencies are part of the problem. But even there are other issues like ambiguity, incompleteness of requirements, misunderstanding of the problem space, etc. which aren't necessarily "not doing your" job types of issues. Even something as innocent miscommunications among people is a huge source of software defects.
Click to expand...

All of that stuff is due to human incompetence and doesn't make it impossible to make a program that isn't broken. Which, I dunno, doesn't seem to change the fact that things are broken pretty often and (getting back to what I was kinda implying earlier) testing done by Microsoft is pretty much not proven to be more effective than a buncha random people on the internet messing with source code since neither method seems to actually make super-awesome-bug-free programs.
 
NoOther said:
Depends on what announcement you are going off of. For instance, I knew about the vulnerability from various announcements at least 2 weeks before it was patched by Linux. Also just because it is patched in the Linux kernel, does not mean it will be patched in various distributions or in products based off the kernel. For instance many appliances use the Linux kernel as their base, but they didn't have patches for months. You have to remember companies that have systems based off the Linux kernel need to test out their products with the new patch before they can then release a new patch of their system for their customers. Comparing patches for Linux to those of Microsoft is disingenuous as you are comparing apples and oranges. Microsoft has an all inclusive system with many built in applications that all need to be tested against the new patch. Even with all that testing some problems leak through even after the patch is finally released. The same thing happens with Linux, albeit sometimes even more prevalent. Because it is open source, many times they leave a lot of the end testing and compatibility testing up to the end user, rather than fully testing it before it goes out.
Click to expand...

Yup, this.

Ubuntu even had issues with their first released fix relating to the BASH exploit. Users had to wait well over 24 hours before an actual working patch was released for their distribution. Lots of us got a update our environments twice.
 
Okay waaaait a second...

NoOther said:
Comparing patches for Linux to those of Microsoft is disingenuous as you are comparing apples and oranges.
Click to expand...

...if it's disingenuous to compare those things then how come you...

NoOther said:
Microsoft has an all inclusive system with many built in applications that all need to be tested against the new patch. Even with all that testing some problems leak through even after the patch is finally released. The same thing happens with Linux, albeit sometimes even more prevalent. Because it is open source, many times they leave a lot of the end testing and compatibility testing up to the end user, rather than fully testing it before it goes out.
Click to expand...

...go on to compare them? And besides that, I think we've established lots and lots of times that Microsoft leaves testing up to the outside world. Hotfixes are, according to Microsoft, things that are not fully tested before being released which is why lots of bigger organizations have have a test collection in SCCM they field patches to before deploying them on a broader scale. I'd totally think that it is an apples-to-apples kinda thing and that Microsoft lets stuff up to the product user just as much as Linux developers.
 
CreepyUncleGoogle said:
Okay waaaait a second...



...if it's disingenuous to compare those things then how come you...



...go on to compare them? And besides that, I think we've established lots and lots of times that Microsoft leaves testing up to the outside world. Hotfixes are, according to Microsoft, things that are not fully tested before being released which is why lots of bigger organizations have have a test collection in SCCM they field patches to before deploying them on a broader scale. I'd totally think that it is an apples-to-apples kinda thing and that Microsoft lets stuff up to the product user just as much as Linux developers.
Click to expand...

Pretty sure i test released heartbleed and shellshock on my Test Linux environment before we allowed it to go to production. Thats just business standards, change control process. I dont care if its windows or linux or anything.
 
CreepyUncleGoogle said:
The BASH thing was patched within like less than 12 hours of being announced which is a lot faster than waiting until update Tuesday for Microsoft to release yet another set of broken updates.
Click to expand...

If there is a zero day exploit Microsoft patches it immediately, they don't wait until patch Tuesday.
 
chinesepiratefood said:
If there is a zero day exploit Microsoft patches it immediately, they don't wait until patch Tuesday.
Click to expand...

That's not true. Out-of-cycle updates are released if they're severe enough which has nothing to do with the fact that an exploit is or isn't a zero day sort of thing. The term zero day and "take over your entire world, eat all your cold pizza from last night, and steal your fish tank" don't imply the same things.
 
Saying Linux is just like saying Windows, it provides a starting reference point but you're not saying which version you're talking about.
Waaayyy too many Linux distros out there which is the reason no matter how good it gets, its never going to compete with MS on the desktop.
Don't get me wrong, I love my Ubuntu laptop and there are a lot of people that love Mint, and if a distro was going to be able to compete mainstream, it'd probably be one of those two due to frequent updates, stability and ease of use.
I agree Linux isn't all that more secure, but it being obscure reduces the probability people will want to develop viruses and malware for it.
 
SGA76 said:
Saying Linux is just like saying Windows, it provides a starting reference point but you're not saying which version you're talking about.
Click to expand...

Linux. Gamecube Linux. Debian 5.0, to be specific. :cool:

x-window.jpg


The pic isn't mine, but I do have it successfully running and run a small IRC server on it.
While Windows is king on desktops, for everything else there's Mastercard *COUGH* I mean Linux. :D
 
Red Falcon said:
Linux. Gamecube Linux. Debian 5.0, to be specific. :cool:

x-window.jpg


The pic isn't mine, but I do have it successfully running and run a small IRC server on it.
While Windows is king on desktops, for everything else there's Mastercard *COUGH* I mean Linux. :D
Click to expand...

Yeah, Linux on smartphones beats the living snot out of all other smartphones combined.
Android rules the mobile market.
 
SGA76 said:
Yeah, Linux on smartphones beats the living snot out of all other smartphones combined.
Android rules the mobile market.
Click to expand...

I always find it interesting that some like to equate Linux with Android and will say that Windows 8 sucks because it's trying to be a smartphone/tablet OS and touch sucks and while Linux works great with keyboards and mice Android is basically 100% touch and it's keyboard and mouse support, at least at the app level, is really iffy. And likewise desktop Linux is much more iffy with touch than Windows 8.x.

We all have our biases.
 
heatlesssun said:
I always find it interesting that some like to equate Linux with Android and will say that Windows 8 sucks because it's trying to be a smartphone/tablet OS and touch sucks and while Linux works great with keyboards and mice Android is basically 100% touch and it's keyboard and mouse support, at least at the app level, is really iffy. And likewise desktop Linux is much more iffy with touch than Windows 8.x.

We all have our biases.
Click to expand...

It's because Windows did suck on desktop because it forced touchscreen controls and apps by default.
Android was meant for the desktop about as much as Mint was made for a tablet. Both are Linux and both have their place. MS just screwed the pooch with 8 in a desperate attempt to make users get used to the new look and their own app store they would gravitate (hopefully) towards Windows phones and tablets. Instead of drumming up extra business it drove users away, and the negative experiences made most users avoid the phones and tablets MS was trying to condition them to sell.
Now one out of a few thousand actually LIKED Windows 8, honestly, it drove me to Ubuntu on my laptop (been a while since I used a Linux distro on a laptop or desktop), but hey, more power to them.
 
SGA76 said:
Now one out of a few thousand actually LIKED Windows 8, honestly, it drove me to Ubuntu on my laptop (been a while since I used a Linux distro on a laptop or desktop), but hey, more power to them.
Click to expand...

Out of the whole Windows 8 ordeal, desktop Linux may have actually been the biggest loser. Sure in forums like this you hear people say how Windows 8 made them go to Linux but the market share numbers don't indicate any significant movement to desktop Linux. Maybe Windows 8 drove some average people to tablets and Chromebooks. If one found Windows 8 too much a burden to bear, moving to Linux because it's easier is an iffy proposition.
 
heatlesssun said:
Out of the whole Windows 8 ordeal, desktop Linux may have actually been the biggest loser. Sure in forums like this you hear people say how Windows 8 made them go to Linux but the market share numbers don't indicate any significant movement to desktop Linux. Maybe Windows 8 drove some average people to tablets and Chromebooks. If one found Windows 8 too much a burden to bear, moving to Linux because it's easier is an iffy proposition.
Click to expand...

Only in the world of heatlesssun can something that, in his words, be unchanged yet also somehow "lose" something as well.
 
Maintaining a stagnant low market share number in the context of what so many called the huge failure of Windows 8.x isn't exactly winning. Failure to capitalize on opportunities is by definition a form of losing.
 
heatlesssun said:
Maintaining a stagnant low market share number in the context of what so many called the huge failure of Windows 8.x isn't exactly winning. Failure to capitalize on opportunities is by definition a form of losing.
Click to expand...

I think that, in general terms, most people just can't figure out how to use Linux on a daily basis and it's okay if those people continue to use Windows so that they don't need tinker or even think very hard (though lately I haven't had to do any tinkering to get Linux to be totally awesome). As for capitalizing, the majority of distros are not sold so there is no possibility of ever generating a revenue stream. Companies that do sell Linux are making sales for systems that won't show up on end-user metrics charts and Windows UI disasters aren't going to have an impact since Windows can't be used for many of those scenarios.
 
CreepyUncleGoogle said:
I think that, in general terms, most people just can't figure out how to use Linux on a daily basis and it's okay if those people continue to use Windows so that they don't need tinker or even think very hard (though lately I haven't had to do any tinkering to get Linux to be totally awesome).
Click to expand...

Indeed. The average computer user isn't at interested in tinkering. A computer is a tool for most used for specific tasks.

CreepyUncleGoogle said:
As for capitalizing, the majority of distros are not sold so there is no possibility of ever generating a revenue stream. Companies that do sell Linux are making sales for systems that won't show up on end-user metrics charts and Windows UI disasters aren't going to have an impact since Windows can't be used for many of those scenarios.
Click to expand...

A lot of Windows 8.1 copies aren't sold either these days on low end devices. OEMs could just as freely install a Linux distro on these machines but I've not seen any doing that right now.
 
heatlesssun said:
Out of the whole Windows 8 ordeal, desktop Linux may have actually been the biggest loser. Sure in forums like this you hear people say how Windows 8 made them go to Linux but the market share numbers don't indicate any significant movement to desktop Linux. Maybe Windows 8 drove some average people to tablets and Chromebooks. If one found Windows 8 too much a burden to bear, moving to Linux because it's easier is an iffy proposition.
Click to expand...

Ubuntu "just works" on my low end laptop for surfing the web, looking at photos, light Steam gaming, actually maintaining a wireless network connection....
Don't get me wrong, my main gaming rig is STILL Windows 7, Ubuntu can't touch that, but for day to day things that aren't frustrating as hell, Ubuntu does better than Windows 8 on a laptop. Not allowing me to boot into Win8 because I'm not connected to a network with no way to connect to a network unless you're booted into Win8 is a pretty big problem that screwed over a lot of people with their laptops since MS has you set your profile online by default. It could have easily been fixed just by making your profile offline by default or adding a WiFi connection option to the login screen (like every single Linux distro out there), but both of those simple things were just too much to ask now weren't they?
 
I really support the "just works" thing for day-to-day tasks. Ubuntu, Mint, and Knoppix are basically no fuss operating systems for almost anything I want to do with a computer (and those are the distros that I've been playing with the most lately, but I'm sure there are other very pain-free distributions). The other thing I like about Linux is that it can be installed on literally anything with enough storage space that the computer's BIOS recognizes as bootable like SD cards, thumb drives, external hard drives or whatever else that Microsoft operating systems haven't been very friendly about supporting. Plus, there's no licensing problems and I can move my thumb drive OS between computers without having to call Microsoft or resubmit because the hardware running the OS has changed. But yeah, this is a thread about security and we've already pretty much established that Linux still does security better and we're kinda talking about stuff that isn't even related to security. :)
 
SGA76 said:
Ubuntu "just works" on my low end laptop for surfing the web, looking at photos, light Steam gaming, actually maintaining a wireless network connection....
Don't get me wrong, my main gaming rig is STILL Windows 7, Ubuntu can't touch that, but for day to day things that aren't frustrating as hell, Ubuntu does better than Windows 8 on a laptop. Not allowing me to boot into Win8 because I'm not connected to a network with no way to connect to a network unless you're booted into Win8 is a pretty big problem that screwed over a lot of people with their laptops since MS has you set your profile online by default. It could have easily been fixed just by making your profile offline by default or adding a WiFi connection option to the login screen (like every single Linux distro out there), but both of those simple things were just too much to ask now weren't they?
Click to expand...

When I read some of the things people say about Windows 8 it's like they must be using a different version of Windows 8 than I've seen because sometimes nothing makes sense.

I just got the Nextbook 10.1 my sister wanted for Christmas. Took about 30 minutes to setup the patches and install Office. It just worked. As for not being able to sign into a machine using a Microsoft Account offline, huh? I've done it plenty of times when connecting to various WiFi routers.
 
heatlesssun said:
As for not being able to sign into a machine using a Microsoft Account offline, huh? I've done it plenty of times when connecting to various WiFi routers.
Click to expand...
I'm glad you agree with me.
You know, because since you're bright enough to set up your account as offline you don't get that problem.
Too bad about 90% of end users will think they're setting up their normal account, set up an oline account, and have issues with their laptops when they try to turn on anywhere they haven't connected before or heaven forbid they change their home router or wireless password then they're REALLY screwed unless they've got an extra cat5 sitting around and plug directly into the router until they can log in, then put the new wifi code in.
Because, you know, MS doen't think anything through or fix their shit.:D
 
SGA76 said:
I'm glad you agree with me.
You know, because since you're bright enough to set up your account as offline you don't get that problem.
Too bad about 90% of end users will think they're setting up their normal account, set up an oline account, and have issues with their laptops when they try to turn on anywhere they haven't connected before or heaven forbid they change their home router or wireless password then they're REALLY screwed unless they've got an extra cat5 sitting around and plug directly into the router until they can log in, then put the new wifi code in.
Because, you know, MS doen't think anything through or fix their shit.:D
Click to expand...

Complete and utter BULLSHIT. FUD FUD FUD. If you have a normal online account and have no internet you log in with the password you always use and it works just fine.

Its pretty fucking sad the level of ignorant hatred some people have to the point of flat out making shit up.

Since you clearly dont know ill tell you what happens when you boot up a windows 8 machine with an online account and no internet.....

You put in the same password and use the fucking computer. :rolleyes:
 
Disposed said:
Complete and utter BULLSHIT. FUD FUD FUD. If you have a normal online account and have no internet you log in with the password you always use and it works just fine.

Its pretty fucking sad the level of ignorant hatred some people have to the point of flat out making shit up.

Since you clearly dont know ill tell you what happens when you boot up a windows 8 machine with an online account and no internet.....

You put in the same password and use the fucking computer. :rolleyes:
Click to expand...

QFT! Exactly what I was thinking as well.
 
Some responses in that blog are saying the same thing I am, you don't need to be connected to login even with a Microsoft Account. I just got a new WiFi router yesterday and this morning logged into a an 8.1 convertible laptop that hadn't turned on since Thanksgiving with a Microsoft Account that wasn't connected.
 
SGA76 said:
http://www.groovypost.com/howto/windows-8-login-without-internet/

I've had to "fix" 3 Windows 8 laptops now from family members who upgraded routers without making offline profiles for their 8 PCs, but because YOU'VE never had the problem it's complete and utter bullshit right?
Click to expand...

Oh look, a 2012 Bullshit article about a release preview of an OS. :rolleyes: Do us all a favor a blow off, your bullshit is still just that regardless of what you are trying to bs about. :cool:
 
heatlesssun said:
Some responses in that blog are saying the same thing I am, you don't need to be connected to login even with a Microsoft Account. I just got a new WiFi router yesterday and this morning logged into a an 8.1 convertible laptop that hadn't turned on since Thanksgiving with a Microsoft Account that wasn't connected.
Click to expand...

So you're saying they fixed it then?
Good for them! One less headache removed from the turd.
 
SGA76 said:
So you're saying they fixed it then?
Good for them! One less headache removed from the turd.
Click to expand...

Nope, you are full of crap. Bottom line. Or, you have no clue how to use computers.
 
Let me just try to understand what Microsoft is paying you to say..
Is it?
1. The bug was fixed for 8.1 or 8 or both?
2. The bug never existed, therefore anyone who had to deal with it is just trying to deface Microsoft?
3. You've never dealt with it so it can't exist?
4. Win 8 bugs shall no longer be mentioned because 8.1 is out?
5. You're just a paid troll from Microsoft trying to discredit any bugs their worst OS to date had?

Comparing 8 and 8.1 in Windows is like comparing Mint and Redhat, sure they're riding on the same base kernel but they're REALLY entirely different OSes.
 
https://answers.microsoft.com/en-us...internet/e8e8c8ae-1439-4d55-965b-615521f6efe5
Same issues with 8 from 13/14, straight from the MS forums.
Root of the problem was not making a local account.
Win 8 has you set up with a MS account, now a local account by default.
Hence, most users that didn't know to make a local profile have an expensive brick without an internet connection.
Again, was this fixed in 8.1 or is anyone who has had this issue just an idiot and I'm full of BS because I had to hardline Win8 (not 8.1, difference there) laptops to the routers in order to make sure they had local accounts to keep the issue from reoccurring?
Its not trolling when its true.
 
SGA76 said:
Let me just try to understand what Microsoft is paying you to say..
Is it?
1. The bug was fixed for 8.1 or 8 or both?
2. The bug never existed, therefore anyone who had to deal with it is just trying to deface Microsoft?
3. You've never dealt with it so it can't exist?
4. Win 8 bugs shall no longer be mentioned because 8.1 is out?
5. You're just a paid troll from Microsoft trying to discredit any bugs their worst OS to date had?

Comparing 8 and 8.1 in Windows is like comparing Mint and Redhat, sure they're riding on the same base kernel but they're REALLY entirely different OSes.
Click to expand...

No one is paying me and I doubt anyone of the three other people that are calling this nonsense. From 8.0 RTM onwards I've had around a dozen different mobile PCs, laptops, tablets and hybrids that I've logged on to while not network connected using a Microsoft Account.

In essence what you're saying is that at some point it was impossible to login to a Windows 8 machine using a Microsoft Account if the machine was ever to use a different protected WiFi connection. I've never seen this problem from at least Windows 8.0 RTM onward. There may have been an issue before 8.0 RTM, I personally don't recall.
 
No network access login problems have been around on older operating systems like Vista and 7 too when domain attached, but someplace where they can't authenticate with the domain controller. Even with a cached profile setup, those systems insisted on being able to talk to the DC. It didn't happen all the time, but it was something that caused traveling people occasional problems. I'm not at all surprised that it persisted into Windows 8/8.1 in conjunction with MS accounts and no network access since the authentication engine backend remains unchanged over a few version of the OS due to the need to maintain compatibility with older domain controllers.
 
CreepyUncleGoogle said:
No network access login problems have been around on older operating systems like Vista and 7 too when domain attached, but someplace where they can't authenticate with the domain controller. Even with a cached profile setup, those systems insisted on being able to talk to the DC. It didn't happen all the time, but it was something that caused traveling people occasional problems. I'm not at all surprised that it persisted into Windows 8/8.1 in conjunction with MS accounts and no network access since the authentication engine backend remains unchanged over a few version of the OS due to the need to maintain compatibility with older domain controllers.
Click to expand...

I got one for you, try logging into a Linux system that depends on users authenticating with LDAP when it cant reach its authentication servers. Boom, same issue. Keep on trying. Oh sure, just use local accounts, thats fine for users at home sure. Been a *nix admin long enough to see the same exact issues manifest in different ways, no matter what OS you are using. Dont know why people still insist on OS zealotry one way or the other. Either you are a stupid computer user, or you arent. Bottom line.
 
4saken said:
I got one for you, try logging into a Linux system that depends on users authenticating with LDAP when it cant reach its authentication servers. Boom, same issue. Keep on trying. Oh sure, just use local accounts, thats fine for users at home sure. Been a *nix admin long enough to see the same exact issues manifest in different ways, no matter what OS you are using. Dont know why people still insist on OS zealotry one way or the other. Either you are a stupid computer user, or you arent. Bottom line.
Click to expand...

How is a user responsible for not being able to authenticate? Why does a design issue equate to making someone into a stupid computer user? What about domain authentication is OS zealotry? Where did I assert in that post you quoted that Linux is bug-free and doesn't have login problems?
 
CreepyUncleGoogle said:
How is a user responsible for not being able to authenticate? Why does a design issue equate to making someone into a stupid computer user? What about domain authentication is OS zealotry? Where did I assert in that post you quoted that Linux is bug-free and doesn't have login problems?
Click to expand...

Just correlating that each OS has an issue, so bitching about why Windows blows makes no sense when other OSes suffer the same issues in other situations. Not calling you out per se. Just the idiocy in hating on one OS due to the lack of understanding or competency in the OP posting his or her poor experiences is misguided.
 
Red Falcon said:
"ZOMG, how dare you not be up to speed on the bleeding edge of tech!"
-Linux Elitist

:D
Click to expand...
Windows Pleb"Teach me how to setup my linux"
Linux Elitist:"OMG did you not read the wiki, jesus if you're not going to even search the forum you're not worth helping"

The linux experience™
 
Semantics said:
Windows Pleb"Teach me how to setup my linux"
Linux Elitist:"OMG did you not read the wiki, jesus if you're not going to even search the forum you're not worth helping"

The linux experience™
Click to expand...

It's funny because it is true. :D
 
SGA76 said:
Let me just try to understand what Microsoft is paying you to say..
Is it?
1. The bug was fixed for 8.1 or 8 or both?
2. The bug never existed, therefore anyone who had to deal with it is just trying to deface Microsoft?
3. You've never dealt with it so it can't exist?
4. Win 8 bugs shall no longer be mentioned because 8.1 is out?
5. You're just a paid troll from Microsoft trying to discredit any bugs their worst OS to date had?

Comparing 8 and 8.1 in Windows is like comparing Mint and Redhat, sure they're riding on the same base kernel but they're REALLY entirely different OSes.
Click to expand...

Dude you claim microsoft is paying him yet EVERY ONE that has responded to you has flat out said you are full of shit.

The fact that you think 8 and 8.1 are different OSes is enough to lose all credibility not even mentioning your flat out lies about online accounts not being able to log in offline.

You can point to generic bullshit help articles but its crap. You log in with the same password and it works fine.

I hate to break it to you but those people who cant login online and are "using the right password" are not using the right password. People are stupid, kids change passwords, i see it ever damn day.
 
You must log in or register to reply here.
Back
Top