from blogs.zdnet.com by way of winxpcentral.com ............
Open source gets results, while Microsoft blames malware on 'stupid users'
Two very different news articles crossed my desk today. First, there was a report that open source developers on 32 projects
fixed 900 bugs in two weeks that were reported by an automated scan program from Coverity, sponsored by a grant from U.S. Homeland Security. Second, a presentation was given by a Microsoft security official who said that rootkits, phishing, trojans, spyware, and other forms of malware had
gotten so bad on Windows that IT departments needed to come up with a fast way to "nuke the systems from orbit", i.e., wipe out the hard drive and start over. He goes on to say that phishing is a problem because "there really is no patch for human stupidity".
Suppose for a moment that popular open source systems like Linux or Samba were suddenly under the same wide ranging attacks that the proprietary Microsoft systems are under now. What do you think would happen?
I predict that lots of people, all over the world, would get fed up and start fervently scanning for holes, first by hand and then by ever more sophisticated automated scans over the source code and analysis at run time. Lists of bugs would be created, reputations put on the line, and those lists would be pounced upon by some of the same people that pounced on the Coverity list.
While the problem would not be solved in two weeks, there would certainly be a heck of a lot of progress in a hurry, compared to the years of fixes that have trickled out of Redmond. Users are plenty fed up now, but what can even knowledgeable users do to help without the source code? Nothing.
Not that I am pro-windows, but I think his statement has some merit in that 80% of the problems are caused by stupid people. I think if all of these stupid people were using Open Source, you would have the same problems, albeit, maybe smaller.
I think Open Source has two big advantages.
1. The people using it are more of an elite class of computer people.
2. Evildoers won't crap where they eat.
Cue GTS rant in......3.....2.....1....
Quote:but I think his statement has some merit in that 80% of the problems are caused by stupid people
I agree that bugs are caused by stupid users" (as we developers call them), but Microsoft needs to do a better job of quality "Quality Assurance" -- that's all on them.
i could post an image here that would screw up your computer.
you cannot avoid it in anyway. well unless you disabled images. or used firefox.
i dont know if its fixed but the HTML code:
<img src="img" hight=999999999 width=9999999999>
would make a windows computer BSOD (or lag like crazy) (Internet Explorer only, firefox handled it fine)
does this mean your stupid?
yes, some of this is caused by stupid users. i know one guy who got a popup.
![[Image: picture19ye.png]](http://img50.imageshack.us/img50/7521/picture19ye.png)
and thought it was for real. yes it was taken on my mac, notice the conflicting info. but regardless he downloaded and installed a "fix" which ended up screwing up his computer. the SAME THING could happen to a OS X user, but they are spoon fed "IM INVINCIBLE" and dont do anything to avoid stuff.. yes there are mac flaws, none are all that big. Open source OS is rather secure do to the way it was made. anyway but back to windows user, they are spoon fed "OMFG 20304923904920349023490234 VIRUS MADE TODAY!!!" so *most* live in fear. if OS X was in the same 'fear' im sure i could get some to download a shell script that erased their hard drives. while under the geise of fixing.
my parents, fairly non-computer literate ppl. have gotten ZERO virus since ive switched them to firefox. and its probably an outdated version of firefox, oh and they have not updated windows on their computer because uhh... yea.... IE, OutLook are some of the worst for getting virii.
yeah, some of it is dumb users, but most is their insecure stuff.
Why human stupidity isn't as much a problem on Linux:
- Finding software
When a Windows user wants software, where do they go? They hit Google or Download.com or other such places. There is a VERY HIGH amount of viruses, spyware, and malware within these "free" or "shareware" apps they find. When a Linux user wants software, where do they go? Their own built-in software stack.
Gentoo: emerge mozilla
Ubuntu: apt-get mozilla
Fedora: yum --install mozilla
... etc ... and yes, there's friendly GUIs to interface with these.
- In Windows, everything is root
When a virus wants to run in Windows, it walks right in and starts hacking away. When a virus wants to run in Linux, it needs to know your user password to do even minor damage, and then it needs to know your root password to do significant damage. Yes, this is still open to some moron putting in "admin" as their password, but just having a password makes it that much harder for a virus etc to run. If it's a good password -- damn near impossible.
- Community
The Linux community helps one another. I dare say it's the most activity global community for helping one-another that exists. There's tons of resources for Linux users to get help from one another -- and that includes good security practices. Off the top of my head:
- Our Linux forum
- Their distro's wiki site
- IRC Freenode network
- Qunu.com (for INSTANT help from Linux experts, including myself)
- LinuxQuestions.org
- Software Philosophy
Microsoft's philosophy is make it work, keeping all the code hidden. Your security comes through the obscurity of the source code. You let hackers poke at you constantly until they hit one of hte massive holes you left in the code, and then you scramble to fix it, often poorly or slowly.
Linux's philosophy is that the more people that see the source code and find the security problems to begin with, the better. If there is a problem, it can be fixed rapidly... often in hours for critical flaws (compared to months for Microsoft).
Class dismissed.
A normal computer user will not go through all those steps, GTS. It is as simple as that. It might seem easy to you, but trust me, most people can't figure out what a right mouse click let alone going to a command prompt and typing in some commands.
mlb Wrote:A normal computer user will not go through all those steps, GTS. It is as simple as that. It might seem easy to you, but trust me, most people can't figure out what a right mouse click let alone going to a command prompt and typing in some commands.
My 80+ year old neighbor is baffled by Microsoft Outlook, yet he managed to install and use OpenSuSe 10.0 just fine.
If you think installing software is easier on Windows than it is on OpenSuSe .. you're looney.
Hunt through malware spyware and viruses
vs.
Search through 10,000+ open source apps by title, description, and more... or even browse by category .... all in a GUI, no command line needed
hmmmmmmmmm
The average person can't install software on either system. Most malware is installed due to people being stupid... as someone who has worked in the field for quite a long while now, I think I have a pretty good idea of the average computer user.