Yes, that's true.... Linux/Unix has it's own security problems. While trying to avoid a flame war or making this into a full-fledged *nix VS. Windows thread.... I will point out that most of the security holes in various apps that run under *nix are typically fixed quite promptly, due to the open source programming model. I've heard enough horror stories about Microsoft being told about security holes in IIS and other Microsoft apps and them not patching the holes in a timely manner....
As you said, though, Unix/Linux has it's own problems... IMNSHO, the biggest problem is that it doesn't have enough "end-user" software to run on it... :-) -----Original Message----- From: Ben Scott [mailto:[email protected]] Sent: Tuesday, September 29, 2009 1:37 PM To: NT System Admin Issues Subject: Re: MICROSOFT SECURITY ESSENTIALS On Tue, Sep 29, 2009 at 11:51 AM, John Aldrich <[email protected]> wrote: > I believe that Ubuntu will NOT allow the admin user to log in by default ... Ubuntu does not assign the "root" account a password during install. That means "root" cannot login. However, the first user (created during install) is automatically granted sudo privileges to run any command. Thus, "sudo -i" will give you a root shell. Kind of like RUNAS on Windows, except it actually works right for almost everything. :) And if you "sudo passwd root", you can assign the root account a password and login. > I believe Fedora will let the local admin log in all day long. Fedora doesn't stop you from logging in as "root". Fedora does, however, prompt you to create a regular user account during install, and leads you down that path fairly strongly. It's done that since day one. The real difference here is not the security model (they're very similar) but the history. Unix has been multi-user since day one, and pretty much everything expects it. While there are admins who spend too much time at the root prompt, it's almost always because they're lazy, not because they have software that doesn't work unless they do that. While there are plenty of single-terminal workstations, they're functionally identical to a multi-user system. In contrast, the Microsoft world started with a "wide open" and "single user" mentality, and still suffers from that mindset today. To their credit, Microsoft's has gotten a lot better, but it's still often a case of "we expect a single user, but allow for more than one". And the third-party application landscape -- which is, after all, the big reason for running Windows -- is a total crap-shoot. Way too much stuff doesn't run properly through RDP or RUNAS, or without admin rights, or gets confused by multiple users. So there's nothing *technically* keeping Windows from behaving well, but most Windows admins are still going to end up spending time dealing with these issues. It's depressing. Unix is completely different. In Unix land, we have a completely different set of depressing issues. ;-) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
