|
As in sociology, in terms of security there are those that emphasize the individual (the user) and others that tip the balance towards structural determinations (the operating system). The first of these is the case of this article published in eWeek which prompted me to write this answer.
In reality, the individual acts conditioned by the structure; This means that, although it has a certain degree of autonomy, its scope for action is limited and conditioned by the structure. As far as security is concerned, the same thing happens. Although the user has part of the responsibility regarding the security of the system, there are structural conditions that limit and condition the actions of the users. This quasi-philosophical reflection is relevant because it is very common to hear among Windows defenders that, in reality, all the blame is on users and / or third-party programs (which are full of security holes). The question that arises is: is this computer "illiteracy" not encouraged and caused by Microsoft? Isn't accusing third-party program developers really a scapegoat? The real interesting question to answer is: why doesn't this happen in Linux? |
Let's see what are the 10 arguments most used by Microsoft and its defenders to argue that Windows security flaws, in truth, are not Microsoft's fault. The fault is always the others ...
1. Third-party app security holes
Third-party applications can cause major security breaches on a Windows PC. Third-party programs do not always have adequate security measures in place to ensure that data is kept secure. To make matters worse, applications are not always updated frequently enough. That is a problem. Hackers are fully aware that some programs are easier to break than others, so they attack easier targets.
The Linux way:
It never ceases to call my attention how ungrateful the guys at Microsoft are: to clean up their prestige they blame the developers of Windows programs. It is not that Windows is insecure, but that the programs that other companies develop and that run in Windows have many security holes. The truth is that, if anything, that answer still dodges the question: why do those programs (for Windows) have more security holes? Are Windows programmers idiots? No, the problem is in the way the most popular Windows programs are written, almost all of them being proprietary software. On the other hand, there is the question that, in Linux, the programs are updated through the repository system.
2. Outdated software
Generally, third-party applications are updated by the developer himself. There's just one problem: users don't always update programs. We have all been there. We are in the middle of something important and a program we just opened asks us to update it. Instead of waiting for the update and potentially being forced to restart the computer, we leave it for another time. This may seem like the best option at the time, but it really isn't. If the update was a security patch, we would be putting our computers at risk for an even greater amount of time than we should. If we don't update our third-party programs, there's not much Microsoft can do to protect us.
The Linux way:
Updates are made through the repository system. This has numerous advantages: it is done centrally, from a secure source, in the background (without interfering with what the user is doing, even when it comes to updating the program he is using) and generally does not require the user to reboot the system. Furthermore, as it has been built in a modular way, Linux can be updated "piecemeal": it is not necessary to wait for a kernel update to correct a bug in the boot, the X environment, etc.
3. Antivirus and anti-spyware out of date
Running anti-virus and anti-spyware programs that are not fully up to date is almost as useless as not running anything at all. As new security holes are discovered, manufacturers are releasing updates to their programs to keep user data safe. Unfortunately, providers cannot force users to update their programs. Thus, a user who chooses to wait or cancel the update puts himself at risk of being affected by a problem that could easily be avoided with the help of a simple patch. True, Microsoft should have done a better job of making Windows more resistant to viruses and spyware, but it also needs some help from users.
The Linux way:
One of the first things a novice Linux user discovers is that an antivirus doesn't seem to be necessary. It is striking because, despite this, Linux is considered a much more secure system than Windows. The reality seems to indicate that antivirus, although they can help control or avoid some of the effects of malicious programs, do not attack the causes and conditions that allow their reproduction and massiveness on Windows systems. Besides the fact that there are far fewer malicious programs (viruses, malware, etc.) for Linux, it has been proven that almost none of them seriously compromise the OS. I know it can be counter-intuitive for a Windows user but no antivirus makes your OS more secure. In any case, the need for an antivirus reveals the gaps and security flaws of the host OS.
4. Users open attachments they shouldn't open
Microsoft should not be blamed for a user opening an attachment that he or she should not open. In other words, Microsoft cannot be blamed for the stupidity of Windows users. If someone really believes that they have won the lottery, that there is a magic formula to enlarge their private parts, etc. you deserve to be infected by a virus. We all know that unless we are expecting that attachment from, of course, a known source, opening attachments is never recommended. For years, hackers have been using email to take advantage of users who never found out that opening an email attachment from an unknown sender is a bad idea. As much as security vendors and Microsoft have tried to raise awareness of this issue, users are simply not listening.
The Linux way:
Ehh… no attachment can be executed. Easy. To execute a file, it is not enough to "double click". The user will have to save it, give it execution permissions and, only then, can they execute it. On the other hand, thanks to the huge community that was built around Linux, its users are continually educated about the potential dangers of granting execution permissions to programs received from untrusted sources.
5. Users browse dangerous sites
In recent years, companies like Google have helped protect users to only browse safe sites. But that doesn't stop heavy users from using Internet Explorer, Firefox, or any other browser to browse sites that contain malicious files. Likewise, there are victims of phishing attacks on sites that look like a real page, for example email or a banking website, in which users fill in their data believing that it is the real page, when in fact not it is. Huge numbers of people continue to browse sites that wreak havoc on their computers or their lives. Hopefully after being burned once, these idiots learn their lesson.
The Linux way:
It is very difficult to prevent users from browsing pages with malicious content, but there are some structural aspects that influence the actions of users. First of all, Linux users don't have to search for or install "cheat" programs, or look for cracks or serials on dangerous pages. Furthermore, Linux users are rarely so desperate to remove the suspected virus as to download and install any so-called virus "remover" from insecure or untrusted sources. Second, the default internet browsers on all Linux distributions are much more secure than Internet Explorer.
6. Where are all the passwords?
Some users make it too easy for malicious hackers to gain physical access to their computers. Without a password to control access to a machine, anyone can sit at someone's desk, boot up the PC, and start stealing confidential information. Today, companies around the world require users to password protect their machines so that criminals cannot access their data. Why don't people apply that lesson to protecting their home PCs? Yes, it might be a pain to type in a password every time the computer "wakes up," but it helps to keep data confidential.
The Linux way:
Linux distributions are configured in such a way that to perform potentially dangerous actions the user is asked for the administrator password. Lastly, most of them lock the keyboard after a few minutes without activity. Execute permission limitation is the area where the latest versions of Windows have made progress but are still light years away from Linux.
7. The passwords are there, but why are they all the same?
Having a password is a great first step, but having the same password for everyone makes your system and the information stored both on your system and on the web very difficult to protect. It can be very comfortable but it is not very safe to say. Any hacker after obtaining one of your passwords, the first thing he will do is test if it works in another of the services you use. If so, he will have access to everything he wants. Passwords must be tough to crack and vary from site to site.
The Linux way:
In Linux all passwords are encrypted and stored in a Keyring. In order for applications to access these passwords, it is necessary to enter the main password of your Keyring. That way, you don't have to remember thousands of passwords, just one.
8. Run in administrator mode
A common mistake is running Windows in administrator mode. This can make using the PC more convenient, but it also gives malicious hackers access to do whatever they want on the PC. Some security experts say that getting used to limited users could eliminate many of the security problems that plague the average Windows user today. For its part, Microsoft could do a better job of informing the public about the dangers of administrator mode. But again, if a user wants to run as administrator, what can Microsoft actually do to stop it?
The Linux way:
Once again, the installers of the different Linux distributions agree on one thing: they all force you to create a user with limited services, who will be the user of the machine, and they also force you to enter an administrator password. In this way, you can log in with an ordinary user, with limited execution permissions, and within it, some potentially dangerous actions can be executed only if the administrator password is entered first (thus avoiding having to log in as administrator, etc.). This way of doing things greatly limits the destructive potential of a malicious program but gives the system enormous flexibility.
9. Windows updates
Windows updates could spell the difference between security and a security breach on the user's computer. As annoying as they are, Windows updates are an integral part of your computer's security. Every time Microsoft releases patches to its operating system, users must be ready and willing to update Windows as soon as this update is available. If not, they are prone to putting themselves at risk. Microsoft can only recommend that users download a security update and provide patches whenever possible. What users decide to do next is up to them.
The Linux way:
As we saw, Linux updates are much more transparent to the user. Added to this is the fact that, being a modular system, Linux can update its parts without having to wait for a "major update". Additionally, Linux is known for releasing updates and patches (including security ones) faster than its Redmond counterpart.
10 Education
It's easy to blame Microsoft for security in the face of user problems, but sometimes users have to easily realize that education could help them avoid many of the problems that plague them on a daily basis. With better security education, the network would be a safer place, thanks to fewer users looking to view malicious sites. Opening infected attachments would be less of a concern, as users would know how to deal with them. With better education, there would certainly be fewer outbreaks, which would mean a safer work environment for everyone.
The Linux way:
As we saw, many of the problems in Windows that are considered a "lack of security education by users" are also structural problems caused by system failures. The combination of both makes Windows a very insecure system. In Linux, contrary to popular belief, not all users are hackers, which is demonstrated by the growing popularity of "newbie" distros like Ubuntu and others. However, it is true that there is a greater awareness of security, but this is because Linux promotes an active attitude on the part of users and encourages their curiosity to find out "how things work". In Windows, on the other hand, the passivity of the user is always sought and the concealment of the true functioning of things. Similarly, nothing is done to 'educate' the user.
Synthesis.
Microsoft is certainly not innocent of the security problems that affect Windows or its software. But it is not always to blame. And it is important to remember that. This is what the "defenders" of Windows say.
In truth, user action does not take place in limbo nor can it be considered ahistorically. Windows users act with a certain autonomy, but always conditioned and limited by the characteristics of the OS and were "educated" in the practices that it allows and promotes.
In that sense, in Linux there is the combination of the best of these worlds: a very strong community, which helps in the awareness of its members regarding security and other matters; an operating system that is generally distributed with more restrictive and secure configurations, but at the same time more flexible (inability to execute attachments, main user with limited privileges, etc.); and with its own characteristics that make the system more secure (repositories that allow installation from reliable sources, faster and more secure updates, "modular" and multi-user construction, etc.).
It is true, here, in Spain we use 'Awareness'.
Excellent article, this must-see!
It seems to me a totally dedicated note for Linux users to gloat in how smart they are, a person who only wants to read an email or be able to surf the internet does not have to know how an operating system works, we all agree that windows do not It is a good system, it has many flaws, but being proprietary and all, it achieves what nobody does, being simple and intuitive, despite the benefits of Linux, it is not a system that you can install for your mother to use unless you have previous knowledge of computer science, a common user only wants to do the job as simple as possible, which linux does not do for more distro for newbies who take out, many things you name are true and others are only your point of view, linux is still a system operating for connoisseurs, it still has many things to improve, things that I could make it more user-friendly, which I think is the purpose of any operating system, as long as it does not change it will continue to be a system only for connoisseurs. for something more than 10 years ago that the percentage of use remains the same and is not gaining ground, and I'm not a fan of windows, I work in systems and so far the best use for linux is on servers since users do not get used to it, Not to mention domestic use, sometimes free costs more than expensive
hahaha, even for Windows you can find justifications for its poor performance, as a book I read out there says, "do not try to blame or criticize someone, because the only thing you will cause is to justify it."
Viruses and everything that can be related to it is nothing more than a round business, where you allow the patient to get sick (your computer) to create a millionaire market for vaccines and medicines, which you must acquire and renew periodically. Personally, I think that antivirus creators are the ones who most distribute computer infections, and of course, Microsoft should also receive a cut for continuing to create a system that allows itself to be infected.
The only thing left to say is that in Linux you can make 10 and more mistakes like these, but your security will not be threatened, not in a tenth of what it will be in Windows.
Greetings from Chile.
First of all greetings.
The blame is on the users, right?
So can someone tell me how it happened that they hacked into Bill Wey's pc and dibulgaran the number of his credit cards?
Definitely one of the best articles I have read in a long time!
=)
very good article! It is very true that Linux leads you to find out how things work, it arouses your curiosity that makes you read for hours and hours. two years ago you were an ubuntu user and I never found anything unsolvable.
regards!
Very good article ...
Very good. As always excellent comments and observations!
Hug! Paul.
Great! Thank you!
Regarding the term "awareness", it is synonymous with "awareness"; the latter is the most used in Latin America while the former is in Spain. For an interesting analysis of the subject I suggest you read: http://www.dircom.udep.edu.pe/boletin/viewArt.p...
Hug! Paul.
Interesting fact! Thanks x comment!
Cheers! Paul.
I use windows xp sp2 with IE 6.0, in administrator account, without updates, without firewall, without DEP (memory protection), without antis… (virus, etc., etc.), without autorun, super fast pc, safe, click to any attached file, browse any web, without danger in USB, etc, ...
Super simple solution, I use the administrative templates deactivating: autorun routes, environment two, environment scripts, autorun, extensions of executable files in attachments, all the information is on the Microsoft website.
The truth is, I would have put number ten first, since the other nine are consequences derived from it. It is more likely you can keep adding more numbers to the list and they would derive the vast majority from point ten. Not only in computing but in the vast majority of aspects of our environment. For example, I reinstall Windows more than due to failures, to sanitize the system, and thus make the games go as well as possible within the limitations of my PC. Great article.
Well that looks like windows in calzonsillos ... hehehe ... you could make one of those trout verisones of windows that have turned around ...
I loved this: "Linux promotes an active attitude on the part of users and encourages their curiosity to find out 'how things work'. In Windows, on the other hand, the passivity of the user is always sought and the concealment of the true functioning of things. »
That perfectly synthesizes everything you say in the article.
Just a note xD Don't blame Opera if you are using a beta version. You accepted that there could be bugs for being beta and the only one you can blame is you for using it. Also, if it happened to you once, how come you didn't copy the comment the second time? xD
Thanks for reminding me of this comment from so long ago: p…. XD
This was the first beta that came out and it came with a bug that was pertinently reported -and fixed- (related to Disqus, Openid, facebook, gmail and the like) where any function such as Copy & paste (in fact, any text or hypertext) would close you the browser, if I remember correctly = D (which is not likely since I don't remember very well or what I ate yesterday.)
Regards. ; D
It is true!
Very good article, like the previous one on why Linux is more secure. As a former Windows user, I was screwed over many times and learned the hard way, never the hard way. Before switching to Ubuntu, I left Windows without any problem, no virus or slow machine, it just always tired me the same. I learned a lot about Ubuntu, GNU / Linux and free software after passing me, before I barely knew what free software was, but here I need to learn a lot more and the results are very satisfactory, even to find out about Windows itself since I am a PC technician and it is what my clients' computers have (and I tell them about the benefits of GNU / Linux, of course it does). Here there is a culture of seeking information that practically does not exist in the world of Microsoft and proprietary software.
I'm really glad I blindly switched to Ubuntu.
One criticism: you don't say "awareness", the correct thing is "awareness." A hug.
Excellent comment!
Thanks for the contribution! Hug! Paul.
Diosssssss opera is arghhhh, it has already been twice that when giving it "post comment" it closes without reason and deletes everything ... I'm ufffffffffff> :( It is deleted immediately, now I have to pay the bread for using a beta ... Well now it's time to rewrite the comment from memory, it works ... say Adieu. Let's see if I can rescue something from my original comment. 🙁
As usual the entrance is excellent, my congratulations = D
As today I finish rereading “El beso de la Virreyna” by José Luis Gómez, I am going to blaspheme a little against Juana de Asbaje (and charge me the metric, rhyme, octasyllables, beauty and everything else):
"Windows fool you accuse
to the user for no reason,
without seeing that you are the occasion
of the same thing that you blame:
yes with unequaled eagerness
you request their disdain,
Why do you want them to do well
if you incite it to evil? (…) "
Windows has shielded itself in a half truth: The user is guilty of all the malware that infects his computer. You already explained it promptly, a well-built OS should not allow a double click to ruin the entire system, nor should it allow a self-executing program (or any malware) to compromise the entire OS. And even less a serious company should bear its errors to the users who use its OS.
Does an operating system really have to be broken by the action of a careless user? Why is it so easy for a third party to breach the OS? Why don't you fix your vulnerabilities, can't or won't? And here we find ourselves again with the issue of antivirus, which is a multimillion dollar business and there are many conflicting interests ... I think that microsoft and antivirus have a codependent relationship, where it is better to get money than to return to the safer system. I repeat again a well-built OS shouldn't be so fragile, just like a well-built software shouldn't be vulnerable (Right apple?)
I can understand that a user by mistake or ignorance damages a program, changes a configuration, or even by accident (like me: /) playing "let's experiment" damages the GUI ... and here we see precisely one of the great advantages of linux: no human error is catastrophic, everything can be fixed in a few minutes (I have to reinstall the X hahaha). Or outright we would be very naive if we give execute permissions to a program that contains… I don't know… maybe, rm -Rf /: p
But we find ourselves with a clash of cultures: the linux culture and the closed software culture. That is why windows bears all the blame for a vulnerable OS, it never taught us to be curious, to review the program, to find a way to protect ourselves from malware, they themselves caused lazy and conformist users. That is one of the great advantages of the Linux community (users) (BSD too) over those of Mac and Windows, the fact of having a Linux is because you wanted something more and that causes you to have more initiative and mainly curiosity.
I bet a new linux user reading my comment would be looking for that command I described earlier. A Windows user might not think twice about downloading and running an .exe that promises to make some illegal software original.
PS I posted this comment on Ephiphany with no problem; D