I think some of the people who argue these things lose sight of the practical. For example, I know that the FBI or a competent locksmith could pick the lock on my front door, but I lock it anyway and consider that sufficient security for my needs.
But if you came home and found all your stuff either gone or completely trashed, would locking the door on the way out after the discovery have the same importance?
This is because my imperfect lock offers sufficient discouragement for 99.999% of the people who I believe might try to enter my house for bad purposes.
Your lock is quite perfect for the job it's supposed to be doing. The most likely way for it to be compromised is through the carelessness of the caretaker of its key. If you've ever walked out the door and left it unlocked or worse, standing open, loaned the key to a friend or family member, or hidden the key in a convenient location, then you've decreased the security on your home by at a notch or more for each of those acts.
The average home computer user probably compromises their computer at least once every time they use it. Most with multiple combinations of those things. I don't see a root account saving them much grief in those circumstances.
I also believe that 99.999% of them would leave evidence of a break in when circumventing my present locks.
That's small comfort when you're standing there looking at the carnage of what was your home. At that moment, that's all the evidence you'll really care about.
It only takes one person to break in and destroy what's important to you. And I think if you start asking around and find how many people have been victims of break ins, you'll find that the likelihood of your being burglarized are a lot higher than you'd like to think.
Likewise, I understand that there are people skillful enough to penetrate my firewall and own my Linux systems in my house w/o console access (I can root any Linux box from the console, and so can you). I'm not sure how, but I've been told it's true by people who should know what they're doing. I also realize that it would be beyond my skill level and price range to prevent this.
So I take what I think are reasonable precautions to force the thieves to go elsewhere. I try not to be low-hanging fruit.
But maybe the focus should be more on what constitutes "low". If you've placed the fruit ten feet off the ground, but the forest if full creatures that can climb, you've put your faith in the wrong safety mechanism.
Have you watched the new reality show "It Takes a Thief"? I have found it very enlightening. A point that is continually made on the show is that the biggest misconception people have (and the biggest source of their false sense of security) is that because they have locks on all their doors, that their possessions are safe because the thief will go to an easier target. Wrong.
Everyone has locks on their doors. And most on their windows. Thieves know this. We still have thieves. Locks are by no means by and of themselves sufficient, but they are the first step toward a secure house. Most homes burglarized were accessed through unlocked, or poorly locked doors or windows.
The second misconception is that the thief is only looking for easily accessible and liquid assets: mainly money and jewelry. Wrong again. He'll take anything of perceived value to /him/. And the safer he feels in your home, the longer he'll stay.
People also think that the thief has some kind of natural human respect for their belongings, especially for those he's not interested in stealing. Wrong again. He'll trash the house looking for anything of value because he knows people like to hide stuff in places easy for /them/ to get to - under beds, in the backs of dresser drawers and closets, in the flour or sugar jar. If throwing everything in the middle of the room and sorting through it is the most efficient way for him find valuables, that's how he'll do it, with no regard as to how much a mess he'll leave. After all, he /does/ expect to leave - he doesn't have to live there.
The show does try to demonstrate how to minimize illegal entry. One of it's biggest themes in protection is compartmentalization (my term). Someone in the thread mentioned that putting locks on interior rooms is security outweighed by inconvenience. But it's also one of the best ways of protecting your valuables. The assumption must be made that the thief /will/ get in, at which point you may have left him free access to everything within. Compartmentalization is a way to mitigate the damage done once he is inside.
I expect analog measures can be taken on a computer, even a single user computer to accomplish the same thing. I am trying to spawn discussion as to what can be done on a single-user system past just locking the doors.
But I can't come up with a home analog to root/non-root access other than maybe that you've locked up access to the utilities, the refrigerator, and the HVAC. There is a difficulty trying to make computer-house analogies. In the first place, the house will generally have more intrinsic value than its contents. That's not often the case for home computers. Secondly, houses, and their owners are far more visible and therefore easier for a vandal to case than a computer. Also I don't see a house having a suitable analog to the computer's OS. A house's infrastructure is just functionally too different.
My concern about Lindows (or whatever the kids are calling it now) is that it hangs the fruit way low and doesn't attempt to even educate the new buyers that there could be problems.
I think the CEO is trying to sell a product to Windows users which has the coolness and geekiness of Linux but the ease of use of Windows. He's downplaying the security aspect because he knows "Safety doesn't sell" and his target market is not going to change its habits when it comes to computer security.
But he also knows that because of those habits, and that his target market is going to use the multi-user capable Linux as a single user platform with the "I locked the doors so my stuff is safe because, like the Club(tm), the thief will pick a more vulnerable target" false sense of security, forcing them to do everyday tasks as root is not going to sell his product.
And he, rightly in my opinion, also knows that there is no inherent safety built into running as a non-root user for his target market that's going have any practical affect in protecting their stuff. He knows that people routinely destroy their own stuff daily without any help from god.
When I read the comments of what's-his-name, the former MP3 and present Lindows guy, I come away convinced that he is personally clueless. Not the end of the world for a business type, but in this case, both clueless and unwilling to listen to others. Bad combination.
Clueless maybe from a geeks perspective. Mainly because he's not telling the whole story. But he is being shrewd as a businessman. How far this will get him is anybodys guess, but I assume that in spite of MP3.com's demise, he personally walked away no poorer.
So IMO Lindows will end up adding to the already overpopulated pool of machines that will be rooted by spammers etc.
I expect the same to some degree. Unfortunately, this has the potential to decrease the value of Linux in many people's minds. Because it was misused just a badly as Windows, it will be said that is after all no better.
And even though Stewart and jhriv and Tracy and probably a few others we could name could crack our boxes, you and I will not be rooted because we do a few simple things, like having a basic firewall, not using passwords in the clear over untrusted lines, and not running as root except when we have a rooty thing to do. Like install an update to ssh ;-)
And locks on our front doors.
--
Best Regards,
~DJA.-- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
