Why do people switch to Linux 13484

Very impressive. Why do I care again? This is all internal checks that every OS that claims to have protected memory and user permissions has to do. NT happens to do it in a way that you think is superior, and maybe in the abstract it is, but that does not mean no other OS does such things.

If the design made actual compromises less likely, then you'd have a point. But that doesn't seem to be the case.

Um, that's not really the reason they're in SELinux AFAIK. The reason is Role-Based Access Control. It has nothing to do with making the OS "more secure" against being rooted per se, although it enables bettter sandboxing of services and the like which indirectly leads to better security. And also to more admin headaches.

Systems like SELinux or Trusted Solaris are just not the right thing for the average home user or small businessman. There's too much knowledge required to admin them effectively. For the purpose of running some games or spreadsheets they aren't "more secure" so much as "less useful".

Look, my whole point in all of this is that Linux and Windows can in theory both protect themselves from users reasonably well. Yet one is a security nightmare and the other is not. The difference in the real world must be attributed to something. If what you claim is true and the Linux design is inferior, then you have to explain why it isn't getting zombie-fied at anywhere near the rate Windows is.

You have explained that, you claim it is the users. I agree with you, but now you have to explain why the users act differently.

My claim is that it is because Microsoft encouraged their users and ISV's to ignore security, and now they are stuck with a big problem.

It was, after all, Microsoft's idea to invent ActiveX. It was their idea to just pbutt email attachments to the shell to see what happens. It was their idea to hook the browser into every damn corner of the system. It was their idea to give users admin rights by default.

All the ACL's in the world won't fix the bad poo they've layered on top. They've essentially disabled or bypbutted a lot of protections in order to provide ever more "features" and now they are reaping what they've sown. Even if they fixed everything tomorrow, their reputation is shot now and won't be coming back soon.

NT had a lot of potential when it was designed. Microsoft has chosen to squander most of it on the alter of Marketing.

Given the choice between two things he doesn't understand, the user will go with the one whose ads feature the best-looking models.

Unfortunately there is no way to get one without the other.

Those fall under "admin tools" in my book. I don't care if regular users can access them.

What's different is that my daughter and her friends might want to play a game but have no idea what "tcpdump" is or why they'd want it.

Because she never needs to, she won't get into the habit of elevating herself to root whenever something doesn't work right. And that's the important thing when you have millions of systems deployed. If users get in the habit of running stuff as admin "just in case", then you're screwed security-wise no matter what mechanisms you have.

Microsoft has dug itself a real hole on this one. They have to change the user culture or else make a system that can protect itself from root. Tough deal either way. Linux, OTOH, merely has to indoctrinate new users to existing good practices as they come on board. That's a lot easier to do because they're already in a mode to change if they are getting a new OS.

-- - Bob Hauck - A proud member of the reality-based community.