On Sun, 02 Feb 2003 15:10:38 -0700, FemmeFatale <[EMAIL PROTECTED]> wrote: > My b/f is a windows MCSE. Fine. In windows you run as root anyway. Even > on 2k I run as an Admin. > > Now he says he sees no diff from that to running as Root in linux. > > I can't give him any better argument for not doing so other than its > insecure (he doesn't care about that on a home compy) & that you can reall > botch Xwindow. Botching that doesn't faze him either cause he'll just > reinstall anyway. > > Help?? Convince him? pls? Thx
...Yet more proof that MCSEs are useless qualifications. I believe that EVERYBODY should be careful about security. Very few people care today, and this has led us into a world full of insecure Microsoft-based systems. Why is it that _every_ major destructive worm since the 1988 Morris worm has come from MS systems? If people cared about security, there'd be far fewer worms and denial of service (DoS) attacks, and the Internet would be _much_ faster as a result. In the past six months, we've seen at least two major distributed denial of service (DDoS) attacks on the Internet's core 13 DNS systems, almost bringing down the Internet as a whole. Generally they are performed when a cracker (whether it be a live person, script or worm) cracks into many systems and assumes control over them. Due to the insecurity of MS systems it is very easy to usurp thousands of machines with simple automated scripts, which can be found anywhere on the Internet and can be used by even the most inexperienced kiddie. Once dominated, these machines can all be directed to simultaneously attack one target, forcing it to fold under the load. This wasn't too much of a problem in the Win9x days, since those OSs didn't have a well-developed TCP/IP stack. WinXP, however, has the use of full raw sockets (explained at http://grc.com/dos/winxp.htm). Raw sockets make it possible to spoof IP addresses (among other things), which is especially useful in DoS attacks (AFAIK, it has no beneficial real-world application). *NIX (including Linux) has had this capability for a long time, but it was never a problem since only the root user can use them (and as you know, responsible *NIX users don't login as root). Windows XP, however, runs as root all the time by default. Today, we have a situation where there are literally millions (and growing) of unprotected raw sockets-enabled systems out there, sitting in homes and businesses. They are simply ammunition for crackers/kiddies/worms. Your b/f should be doing his part towards preventing this sort of thing. It may seem insignificant on an individual level, but if everybody did just a few simple things like not running as root we'd all be better off. He may not care about the integrity of his own data, but does he know that he's contributing towards the continued insecurity, instability and slowness of the Internet as a whole? People don't seem to realise that the Internet is like an ecosystem. Since everything is interconnected, even the slightest change can have catastrophic results. Usually whenever I try to convince an 'ordinary user' of the importance of system security, I get the response, "nobody is going to want to break into my computer". Nothing could be more wrong. In today's world of automated scripts/worms and DDoS attacks, _every_ computer is at grave risk. A successful DDoS attack depends on how many systems are doing the attacking (they are like troops in a battle), so it is only natural that they try to subvert as many as they can. It is often very difficult for a computer user to realise how bad it truly is out there, and how much they are at risk. I get them to install a simple intrusion detection system (IDS) and watch the results. In Windows, install ZoneAlarm, and in the control panel watch as the number of unrequested connection attempts tick up. In Linux, Install Firestarter and configure a simple firewall, and watch the IPs scroll by in the GUI. If you want to go further you could install Tripwire, Snort or Prelude, but for a non-expert this would be overkill. ZoneAlarm/Firestarter should be sufficient to scare the pants off most people. Of course, there's also the old saying (modified slightly to fit the circumstances), "ten out of ten *NIX users can't be wrong". There must be a reason why *NIX admins and users only use the root account sparingly, isn't there? If your b/f is so correct in his belief, then why isn't anybody else (save for the few people who don't know any better) doing it? If he were right, you'd think that after over thirty years of UNIX existing somebody would've thought of it by now. There's a reason for all this, and just because he doesn't understand what that is doesn't mean that he is right. -- Sridhar Dhanapalan [Yama | http://www.pclinuxonline.com/] "People confuse 'security' and Trustworthy Computing." -- Microsoft exec Craig Mundie, 2002-02-20
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
