John J. McDonough wrote: >----- Original Message ----- >From: "Nate Duehr" >Subject: Re: [OT] Workgroup infestation > > > > >>An OS that can't protect itself from a measly web browser and a user who >>clicks on things they shouldn't? Good lord... that's not worth paying >>for, and should certainly be the last thing recommended for a production >>system of any type. A script embedded in an e-mail can wipe out the >>machine? Puh-leeese... >> >> > >Just last week the news was not one, but two, browser borne Linux exploits. >I guess that's why you don't pay for it, eh? > Would you like to be more specific about the exploits? I'm willing to discuss it very logically and civily if you're truly interested in the discussion and not a "drive-by" that's mostly emotional and not grounded in engineering fact. Few people are. You didn't read my message very carefully -- I said the OS should protect itself and its data from such events, which are bound to happen. I'm pretty sure from my reading of those exploits that I would both have been generally protected from any ill side effects by the OS, and grateful that I have at least six browsers available to me other than the exploited one on my Linux desktop machine. The OS was smart, and I had the option to be smart. Both excellent options. If you can give a single concrete example of one of those Linux browser exploits above completely compromising the machine to the point where it has undetected spyware running on it or has turned the machine into a standard "zombie" capable of doing damage to other machines on the network, or in massive loss of the user's data, I'd be interested in reading them. I can find thousands of examples of this on Windows systems. Exploits (essentially mistakes in software development, root-cause) happen. That's a given. The question is how does the underlying OS handle such events and protect the end-user? Most people do what you just did when attempting to compare complex technology - gloss over the facts and only focus on one measurement. Do both systems have exploits? Yes. Thus, both systems are equally good/bad. Bad logic. I much prefer discussions similar to the in-depth ones on this list in the past that truly and uniquely compare things like PIC vs. AVR. Those are enlightening and smart discussions. Sure, some people get emotional, but at least four or five people on the list really have looked at the differences. In the OS world, that's very rare. RARELY does one find such discussion at that level of detail about OS's, and I contend that if engineering and technical folks avoid those discussions, end-users certainly will. As one person pointed out, many corporate "leaders" pre-empt and ban such discussion within their organizations by demanding employees use one techology over the other. Whether the system was paid for or not is irrelevant to the security discussion. I really only advocate (in lots of words) these things to all PC-style computer users: 1. Get it out of your head that there's only one choice in operating systems. 2. Engineer your tasks to match the strengths and weaknesses of the OS you choose. 3. Be professional enough to be willing to do this, even when it's unpopular and/or taboo in your company to do so. Emotional responses to engineering/technical problems are bunk. We all know this from our experience with electronics... there's usually more than one way to accomplish certain tasks with hardware, and there most definitely are reasons one is better than another. But the "best" ways are generally well-known, and hardware engineers state clearly why they don't use a particular approach if they choose one that's got caveats. Personal computing has never gone there. It should. Network and OS engineers RARELY document all the caveats (a pro/con list even) when they choose an OS for a particular project for their management, and many managers don't ask for such a thing because they believe that "an OS is an OS". This is one of the the attitudes that ultimately needs to stop to put the ingenuity and thoughtfulness back into computer engineering at the desktop level. Nate _______________________________________________ http://www.piclist.com PIC/SX FAQ & list archive View/change your membership options at http://mailman.mit.edu/mailman/listinfo/piclist