What would get you to switch to linux from windows?

That's so not true. Back in the days there used to be multiple 'fly by' infections where it was enough to accidentally click a link and view a website and you got infected. Just not so long ago there were malware embedded in jpeg headers and displayed in advertisements on regular 'harmless' web sites. If you read e-mail locally and you're attacked, outlook will kindly preview the mail for you to make sure the payload gets run and you get infected.

So yet again, that is user's fault. They clicked on stuff they should not have.

Not to mention the software source model of windows that attracts people to download and run executables from the wild and untrusted sources. Without forgetting the very flawed 'protections' that make running Windows in limited user mode a pain - and on the other hand UAC pop-ups that get triggered constantly for trivial reasons just to teach the end user to accept the prompt when ever it happens - without thinking twice.

As opposed to the model that Linux uses, where many times you can do the same thing now by just clicking on a link on the web that is going to install a package?

The USB implementation is STILL critically flawed and a direct route to infect any Windows machine. It's simply not safe to use a USB stick twice if you use it on another computer. And in some cases the infection came new out of the box :)

Also not true. I have actually had Windows catch a number of malware intrusions via USB and block them.
 
There's a non-trivial number of Mac users and it's still relatively unhurt despite having huge security holes.

You answered your own question, if it has huge security holes as you put it then it still doesn't have enough market share to attract the scumbags. Think about it, you're a malware writer, out of every 1,000 machines, 15 are Linux, 50 are Macs, and 900 are Windows, which one would you target for an quick buck?
 
So yet again, that is user's fault. They clicked on stuff they should not have.

So they go to HardOCP com that hosts an infected advert. Are you saying that people made the mistake of visiting HardOCP site? In a way I agree with you - it's really not safe to surf the internet with Windows, at all.

As opposed to the model that Linux uses, where many times you can do the same thing now by just clicking on a link on the web that is going to install a package?

Not really. Repositories are still the number one way to install things and whenever you see linux software being offered, it comes with a SHA verification key to make sure it's authentic. Further more, the code is open for anyone to review.

Cought USB infections
Ah, you mean your antivirus had a lucky day and caught an infection from the USB that was registered in it's database lol. There are USB based attacks that completely bypass any antiviruses. If you had one of those, you'll never know you're even infected. Like Stuxnet.
 
Last edited:
You answered your own question, if it has huge security holes as you put it then it still doesn't have enough market share to attract the scumbags. Think about it, you're a malware writer, out of every 1,000 machines, 15 are Linux, 50 are Macs, and 900 are Windows, which one would you target for an quick buck?

Think of it, are you going to use the OS that's targeted by everyone or the OS that's not targeted? Hmm, tough choices. Which one would be the smarter to use?

Even completely disregarding that FACT, linux makes things way more secure by default. For example if you download a file from anywhere, it's not executable by default. The user must deliberately change it's permissions to run it. Also linux users are mostly by default in user space where windows users are by default super users in practice (UAC is not really helping when it teaches users to click accept every time they do something, including changing a desktop icons name lol).
 
Last edited:
So they go to HardOCP com that hosts an infected advert. Are you saying that people made the mistake of visiting HardOCP site? In a way I agree with you - it's really not safe to surf the internet with Windows, at all.

If they click on the advert, yes, which is what you said. And if they were running anti-adware/spyware, it should catch it. I have searched the internet with Windows for over 2 decades with zero problems, so I am not really sure what is so unsafe about it? Are you just that terrible at security that you are clicking on everything and going to any old link that is provided to you?


Not really. Repositories are still the number one way to install things and whenever you see linux software being offered, it comes with a SHA verification key to make sure it's authentic. Further more, the code is open for anyone to review.

Not true, not all Linux software comes with an SHA verification. And it is also not true that all the code is open for anyone to review. These are both completely false statements.

Ah, you mean your antivirus had a lucky day and caught an infection from the USB that was registered in it's database lol. There are USB based attacks that completely bypass any antiviruses. If you had one of those, you'll never know you're even infected. Like Stuxnet.

Just for your edification, Stuxnet also can infect Linux machines... So that is a very poor choice for an example. The main portion of Stuxnet is mainly not platform dependent. There are many people that have Linux that are hacked and never know it either. So not really sure where you are going with that.

Think of it, are you going to use the OS that's targeted by everyone or the OS that's not targeted? Hmm, tough choices. Which one would be the smarter to use?

Even completely disregarding that FACT, linux makes things way more secure by default. For example if you download a file from anywhere, it's not executable by default. The user must deliberately change it's permissions to run it. Also linux users are mostly by default in user space where windows users are by default super users in practice (UAC is not really helping when it teaches users to click accept every time they do something, including changing a desktop icons name lol).

The one that is more commonly used and has a ton of methods out there to protect it, rather than the one less people use and has a bit more obscure and more difficult ways to protect it for the layman. Also the second part of your statement is completely untrue. You can execute installable programs from the web on many modern DEs for Linux.
 
Think of it, are you going to use the OS that's targeted by everyone or the OS that's not targeted? Hmm, tough choices. Which one would be the smarter to use?
OK, so should I switch to the most rarely used OS ever then? And again this is a fallacy, because if everyone switches then that OS will be targeted and it will be no different.

Even completely disregarding that FACT, linux makes things way more secure by default. For example if you download a file from anywhere, it's not executable by default. The user must deliberately change it's permissions to run it. Also linux users are mostly by default in user space where windows users are by default super users in practice (UAC is not really helping when it teaches users to click accept every time they do something, including changing a desktop icons name lol).

Linux can get away with that because it is mostly used by techies. Having to mark a file as executable is something MS could easily implement, and they would get flooded by support calls and people complaining on forums about onerous security. Look at the complaining for UAC and all you have to do is click OK and only when a super user action is performed. MS has to bow to its largely noob user base, they could implement security up the wazoo but it would be the least used version of Windows ever. Those users are also not going to give up all their apps/games and familiarity with Windows to do something in another OS they would not even tolerate in Windows.

Windows users do not run in super user space, with UAC they run in user space, you do not have to click accept to UAC to modify desktop icons unless their permissions have been messed with by somebody or a program you installed, which is pretty much the expected behavior. As far as UAC teaching people to click accept, it would really be no different if these noobs used unix, they'd just be trained to enter their root password, which is worse. The idea that users care more about passwords is thoroughly debunked by studies which have shown that users will give up their password for a candy bar. Most of what you're complaining about is the vast amount of noobs on Windows, and then you imagining they are going to learn to be security gurus if they switch to Linux, that is a flawed concept.
 
Last edited:
OK, so should I switch to the most rarely used OS ever then? And again this is a fallacy, because if everyone switches then that OS will be targeted and it will be no different.



Linux can get away with that because it is mostly used by techies. Having to mark a file as executable is something MS could easily implement, and they would get flooded by support calls and people complaining on forums about onerous security. Look at the complaining for UAC and all you have to do is click OK and only when a super user action is performed. MS has to bow to its largely noob user base, they could implement security up the wazoo but it would be the least used version of Windows ever. Those users are also not going to give up all their apps/games and familiarity with Windows to do something in another OS they would not even tolerate in Windows.

Windows users do not run in super user space, with UAC they run in user space, you do not have to click accept to UAC to modify desktop icons unless their permissions have been messed with by somebody or a program you installed, which is pretty much the expected behavior. As far as UAC teaching people to click accept, it would really be no different if these noobs used unix, they'd just be trained to enter their root password, which is worse. The idea that users care more about passwords is thoroughly debunked by studies which have shown that users will give up their password for a candy bar. Most of what you're complaining about is the vast amount of noobs on Windows, and then you imagining they are going to learn to be security gurus if they switch to Linux, that is a flawed concept.

Entering the password, as well as having to enter sudo before every command when installing software under Linux does have an added advantage of allowing for some time to pause and think about what you're doing.

Windows weakness is the fact that it has to cater for not necessarily 'techies' but 'Mum and Dad' users, therefore simplicity is important resulting in an undeniable drop in security precautions. Naturally this isn't the sole reason why Windows is flooded with nasties, but the simplicity of just punching 'Accept' quite simply may not be helping the cause.
 
Entering the password, as well as having to enter sudo before every command when installing software under Linux does have an added advantage of allowing for some time to pause and think about what you're doing.

Windows weakness is the fact that it has to cater for not necessarily 'techies' but 'Mum and Dad' users, therefore simplicity is important resulting in an undeniable drop in security precautions. Naturally this isn't the sole reason why Windows is flooded with nasties, but the simplicity of just punching 'Accept' quite simply may not be helping the cause.

You over estimate noobs, the only thing they'll be thinking about when typing sudo and entering a password after they've done it a bunch of times, is "goddamn microsoft for making me wait for an mp3 (or porn or warez)". Such actions become automatic when you've done them a few times. They will do it mindlessly without any understanding of the repercussions it could have. People who understand the repercussions are probably just as well off with a UAC prompt.
 
You over estimate noobs, the only thing they'll be thinking about when typing sudo and entering a password after they've done it a bunch of times, is "goddamn microsoft for making me wait for an mp3 (or porn or warez)". Such actions become automatic when you've done them a few times. They will do it mindlessly without any understanding of the repercussions it could have. People who understand the repercussions are probably just as well off with a UAC prompt.

Judging by some of the misconceptions being thrown around here I'd be surprised if noobs could even open Chrome under Linux. ;)
 
Going off the other thread I'm going to guess game support is a big one. Aside from games though what sort of features or properties would get you windows people to make the switch?

Only games needed.
Until thats sorted with performance at the same level, I'm not rocking the boat.
I'll maybe take another look when Windows 7 expires, cos I cant stand Windows 10.
 
Judging by some of the misconceptions being thrown around here I'd be surprised if noobs could even open Chrome under Linux. ;)

I know a couple that are probably guilty as charged, unless (don't remember) Chrome just puts it's icon on the desktop.
 
Only games needed.
Until thats sorted with performance at the same level, I'm not rocking the boat.
I'll maybe take another look when Windows 7 expires, cos I cant stand Windows 10.
It'll take a while to get games there. Obviously there's the whole DirectX vs vulkan thing and the legacy code issues for older games, but beyond that the linux world is completely changing how graphics is done with a new display server called wayland. In the long run it should be very good, but if games are the thing you really care about then trying linux again when win7 expires is probably a good plan.
 
I know a couple that are probably guilty as charged, unless (don't remember) Chrome just puts it's icon on the desktop.

I was being a sarcastic bugger, Chrome is as simple to run as under any other OS - Everything is fairly simple TBH.

 
Well in that case yea, but doesn't that depend on desktop manager/distro you choose?

An icon's an icon, you can stick it where ever you want.

The belief that different desktop managers/distro's completely change how you navigate Linux is a load of crud. Run Linux for a while and you'll soon realise that an OS is made up of a number of smaller programs all achieving different tasks, the look of the OS may change, but those underlying programs are all still present and the underlying file structure of Linux is identical between distro's.
 
OK, so should I switch to the most rarely used OS ever then? And again this is a fallacy, because if everyone switches then that OS will be targeted and it will be no different.

Except it will. It's free and open source. Anyone can participate in detecting and fixing the problems.

Linux can get away with that because it is mostly used by techies. Having to mark a file as executable is something MS could easily implement, and they would get flooded by support calls and people complaining on forums about onerous security. Look at the complaining for UAC and all you have to do is click OK and only when a super user action is performed. MS has to bow to its largely noob user base, they could implement security up the wazoo but it would be the least used version of Windows ever. Those users are also not going to give up all their apps/games and familiarity with Windows to do something in another OS they would not even tolerate in Windows.

I did it, my family did it. Anyone can do it. The other option is to compromise your security and privacy (without forgetting the paying part).

Windows users do not run in super user space, with UAC they run in user space, you do not have to click accept to UAC to modify desktop icons unless their permissions have been messed with by somebody or a program you installed, which is pretty much the expected behavior. As far as UAC teaching people to click accept, it would really be no different if these noobs used unix, they'd just be trained to enter their root password, which is worse. The idea that users care more about passwords is thoroughly debunked by studies which have shown that users will give up their password for a candy bar. Most of what you're complaining about is the vast amount of noobs on Windows, and then you imagining they are going to learn to be security gurus if they switch to Linux, that is a flawed concept.

You're so wrong. Linux doesn't prompt for privilege elevation for trivial things such as renaming a desktop icons. UAC pops up way too frequent and it's way too easy to accept to make any difference in security. Not to mention that many exploits bypass UAC.
 
Except it will. It's free and open source. Anyone can participate in detecting and fixing the problems.

Doesn't seem to help, Linux still has lots of vulnerabilities discovered each year.

I did it, my family did it. Anyone can do it. The other option is to compromise your security and privacy (without forgetting the paying part).

For most people they lose apps/games and ease of use, for non-existent security and privacy. Windows has all the same security features that other OS's have, like DEP, ASLR, user/super user seperation and sandboxing, etc. The privacy argument is a joke, MS only uploads telemetry to see how apps are used and how/why they crash not the actual private user data like words typed or documents or pictures.


You're so wrong. Linux doesn't prompt for privilege elevation for trivial things such as renaming a desktop icons. UAC pops up way too frequent and it's way too easy to accept to make any difference in security. Not to mention that many exploits bypass UAC.

UAC doesn't prompt for renaming desktop icons, unless the admin configured the shortcut's security that way which is desirable on certain systems. UAC never pops up on my system unless I install a new app or configure some system wide setting as it's intended. What exploit bypasses UAC? To bypass UAC you'd need a privilege elevation exploit, which are also available for Linux.
 
Agreed. Unsafe at any clock speed: Linux kernel security needs a rethink (and Android's ongoing security issues are examples)



There are indications that these crash dumps can include user data that the application was working on at the time. Also, if you're a developer and an application you're developing crashes, it may send information about your application that you don't want to share to Microsoft.
It's a small world, with all the hacks and whistle blowers, if MS was specifically trying to gather that info to use for some nefarious reason, we'd know about it. It's simply a side effect of the process of investigating crashes. I mean really, that's what we're worried about, some personal info that may get sent when an app *crashes*? That would be the least efficient spying method ever..


I've said this on the source thread of this fork (LOL). UAC is not security. It is not a security boundary. It is a convenience to users, a feature to accommodate running as a standard user, and to encourage developers to target for standard user rights. Microsoft has repeatedly said this., including Mark Russinovich, CTO of Microsoft Azure and Technical Fellow previoiusly in Windev.
With enough knowledge, UAC can be bypassed. Mark Russinovich has demonstrated this, and it looked similar to what was detailed on this site: Bypassing Windows User Account Control (UAC) and ways of mitigation | GreyHatHacker.NET

But also, UAC will only prompt for renaming in secured areas, like All Users Start Menu and All Users Desktop icons, %SystemRoot%, %ProgramFiles%, %ProgramFiles(x86)%, etc. UAC prompts for actions requiring administrative permissions.

Well that UAC stuff doesn't work in always-notify mode, I run in always-notify mode as everyone should, I never get prompted except when you would expect unlike what the article insinuates about constant prompting (only installing apps and changing system settings). MS did decrease the *default* UAC security level because people were going nuts about it, I never found it to be onerous to click YES/NO for those occasions where it's needed. MS decreased the amount of repetitive UAC prompts in explorer, etc. but never went back and increased the default level. I agree that UAC should be at the most secure setting by default. However if anyone thinks the people who raged about UAC until MS had to decrease the default level a little bit are going to go and type 'sudo' and their password instead when they won't even toggle UAC to the max setting, they're nuts.

No app I have puts icons in those places, sounds like a badly written app that would not put the icon on the user desktop like every other app I've ever seen does, Windows should not be judged for bad apps anymore than Linux should be. Places like system root and program files are expected to have UAC prompts for renaming, that would be a security hole if a standard user could modify files or their names in those locations. And security boundary just means they don't consider it an emergency to patch UAC issues like the lowered UAC setting bypasses. At Max setting it should work just like standard user which is a security boundary.
 
Last edited:
Not according to Mark Russinovich (and others at Microsoft): Security: Inside Windows Vista User Account Control and User Account Control: Inside Windows 7 User Account Control

"It’s important to be aware that UAC elevations are conveniences and not security boundaries." "The primary purpose of elevation is not security, though, it's convenience." -Mark Russinovich

RIght, so according to what you just quoted, there is no sandboxing and there is no elevated privileges, everything is always running as an administrator account. Therefore, the standard user account with another account set as admin with password is no standard user account at all.
 
RIght, so according to what you just quoted, there is no sandboxing and there is no elevated privileges, everything is always running as an administrator account. Therefore, the standard user account with another account set as admin with password is no standard user account at all.

Honestly, I've often wondered if this is the case with UAC. Does it actually elevate privileges or is it just a pop up preventing something from installing?
 
Mark is talking about a MS policy, not the security of the system. Security Boundary just means MS is obligated to fix any potential flaw. For 99% of uses, UAC is equivalent to Standard User. I think there are edge cases when you elevate an app and it loads libraries from the user profile instead of a super user profile (really an app flaw), that is a microscopic security issue but can not really in principal be fixed, that require MS to say UAC is not a security boundary.
 
RIght, so according to what you just quoted, there is no sandboxing and there is no elevated privileges, everything is always running as an administrator account. Therefore, the standard user account with another account set as admin with password is no standard user account at all.

The standard user account enjoys all the security benefits of a standard account when it comes to software installation, if UAC is enabled privileges can be escalated when necessary, if UAC is disabled under a standard user account you eventually go crazy due to the restrictions of not being able to do a thing.
 
Honestly, I've often wondered if this is the case with UAC. Does it actually elevate privileges or is it just a pop up preventing something from installing?

Well, you can stop wondering because yes, it does elevate privileges.
 
No.
Mark Russinovich: "What’s a security boundary? It’s a wall through which code and data can’t pass without the authorization of a security policy. User accounts running in separate sessions are separated by a Windows security boundary, for example. One user should not be able to read or modify the data of another user, nor be able to cause other users to execute code, without the permission of the other user. If for some reason it was possible to bypass security policy, it would mean that there was a security bug in Windows (or third-party code that allows it). " - PsExec, User Account Control and Security Boundaries

Jon DeVaan (posted by Stephen Sinofsky): "One important thing to know is that UAC is not a security boundary."
Update on UAC
Dr. Jesper M. Johansson: "Unfortunately, this is also where we run into some of the limitations of UAC. Remember, there is no effective isolation; there is no security boundary that isolates processes on the same desktop. The OS does include some protective measures to keep the obvious and unnecessary avenues of communication blocked, but it would be impossible and undesirable to block them all."
Security Watch: The Long-Term Impact of User Account Control

I've got more. Do you want me to keep going? UAC is not a security boundary.

I'm not saying this to downplay UAC or the security improvements in Vista, 7, 8, 8.1, and 10. I'm saying it to defend Windows from accusations of lacking security due to limitations of UAC (as mentioned in quotes above).

UAC is a security boundry and elevates privileges not matter what you post to the contrary. UAC is far and beyond more than just simply a yes or no prompt. Otherwise, try installing something without elevating the privileges in a secured area. (Sandboxing would be considered a security boundry, in my opinion, which is what UAC also accomplishes.)
 
No.
Mark Russinovich: "What’s a security boundary? It’s a wall through which code and data can’t pass without the authorization of a security policy. User accounts running in separate sessions are separated by a Windows security boundary, for example. One user should not be able to read or modify the data of another user, nor be able to cause other users to execute code, without the permission of the other user. If for some reason it was possible to bypass security policy, it would mean that there was a security bug in Windows (or third-party code that allows it). " - PsExec, User Account Control and Security Boundaries

Jon DeVaan (posted by Stephen Sinofsky): "One important thing to know is that UAC is not a security boundary."
Update on UAC
Dr. Jesper M. Johansson: "Unfortunately, this is also where we run into some of the limitations of UAC. Remember, there is no effective isolation; there is no security boundary that isolates processes on the same desktop. The OS does include some protective measures to keep the obvious and unnecessary avenues of communication blocked, but it would be impossible and undesirable to block them all."
Security Watch: The Long-Term Impact of User Account Control

I've got more. Do you want me to keep going? UAC is not a security boundary.

I'm not saying this to downplay UAC or the security improvements in Vista, 7, 8, 8.1, and 10. I'm saying it to defend Windows from accusations of lacking security due to limitations of UAC (as mentioned in quotes above).

I said UAC is not a security boundary in the technical policy definition sense of the word. Anyways seems a moot point, if you want process isolation of that nature, then use a standard user account and log out and use an admin account when necessary, etc. I think the context of this, is are people going to switch to linux about it? Even if UAC is not 100% fool proof, it's good enough in most every scenario, and when it's not, it's vastly easier to use the standard and admin account combo than switch to Linux. I'm pretty sure Linux will also allow apps to mess with elevated apps on the same desktop, so this is no Linux win. In fact I read it was even easier in Linux. Windows will for instance block sending keys to an elevated cmd.exe prompt, but I don't believe Linux does so.
 
Here's another link stating that UAC is not a security boundary:

Update on UAC

To quote:

One important thing to know is that UAC is not a security boundary. UAC helps people be more secure, but it is not a cure all. UAC helps most by being the prompt before software is installed.
 
Actually, the more I read into it, the less effective UAC appears to be. According to this Microsoft blog the primary purpose of UAC was never to stop the installation and running of malicious software, it's primary purpose was to force users to begin running as standard users with UAC elevation when needed in an attempt to encourage software developers to write code that didn't require administrative access in order to execute correctly.

In fact, reading this article it's obvious that MS don't have a great deal of confidence in UAC's ability to prevent the installation and running of malicious code whatsoever...

Security Watch: The Long-Term Impact of User Account Control

To quote:

While it is correct to claim that a goal of UAC was to provide some level of protection for apps running as an admin from those that were not, that was not by any means the primary purpose of UAC. The primary purpose was to start us on a path where more users run as standard user, which in turn would force developers to write more programs that work as a standard user, reducing the number of situations where users need to elevate. As developers write more UAC-compliant apps
 
Well, you can stop wondering because yes, it does elevate privileges.

Honestly, I'm not entirely convinced.

There appears to be some form of privilege escalation under a standard account, but under an Admin account (which most Windows users run) it simply appears to be preventing code from executing.
 
Last edited:
Am I the only one who likes the command line? When I was a kid, our family's first Intel-based PC had a 486DX2-66 running DOS + Windows, and I was okay using the command line from that point on. Even now, with my laptop running Ubuntu 16.04, I will still fire up a terminal to do things, even though I could just click on icons to do the same thing. I must be weird... :wacky:

I love the CLI. I use it daily to run circles around my co-workers with all the common utils such as sed/awk/grep/sort

EG: My boss comes & says "hey, how many of our switches are on ios version X.y.z" ?

My coworker - starts logging into each switch to check, or logs into the web gui of our backup repo to ctrl-f through each file individually. I log into backup server & do a find/exec/sed/awk/sort (etc) and parse the output and redirect stdout to a csv or text table & mail it to my boss.

Please don't take my CLI away :)

NOT being able to do stuff like that would make me hate my job.
 
YOU DON'T NEED TO CLICK ON ANYTHING. Are you simple or what? It's enough that the ad loads when you open a page.

Are you simple that you have not adjusted your settings to prevent that? This is 2016 man, even most common settings in modern browsers tend to prevent that sort of behavior.
 
Are you simple that you have not adjusted your settings to prevent that? This is 2016 man, even most common settings in modern browsers tend to prevent that sort of behavior.

Lool no they don't. Especially IE/Edge. Flash autoplays, images autoload, scripts autorun. That's all it needs. With adblock / script block you're a bit better off but even that won't save you against the JPEG malformed header attack (yes I'm aware this was patched Win7 and forward already but historically speaking). You'd need to run your websites using text only lol.
 
Last edited:
I would only switch to Linux from Windows if there were support for the Surface Book, Surface Pro, and the GTX 1000-series GPU.

Actually, that's coming with Linux 4.8: Linux 4.8 kernel will support newer hardware, including your Microsoft Surface 3

I'd be interested in seeing how well 4.8 runs on Surface devices. People have gotten Linux on Surface devices before however it can be temperamental. But that's because Microsoft isn't developing for it primarily.
 
Back
Top