Linux: Successful Upgrade – SBS 2003 to Linux

Late in 2010 one of our charitable organization clients, a local church, came to these decisions: 1) The aging XP Professional systems in their office needed to be replaced with new systems. 2) The existing XP Professional systems that were not so old needed to be upgraded to newer operating systems. 3) The existing SBS 2003 system needed to be upgraded to a new OS as well.

We at ERACC made the pitch for Linux on the desktop and the server but the staff at this client thought they “needed” to stay with something “famliiar like Microsoft” and voted for Windows 7 Professional on their new and “upgraded” desktop systems. (I knew they were not going to see fuzzy, cuddly familiarity with  a migration from XP to W7. But I also know when to stop promoting Linux and move on along.) However, the fellows in charge of decision making about their server decided they wanted to try Linux and not spend money  to “upgrade” SBS 2003 to Windows Server 2008. We considered this latter victory enough for our Linux sales pitch and laid out an upgrade plan for their office. Funds were procured and the parts for new systems were ordered from ERACC in late December. The work began the first week in January 2011.

The server was the first system to be upgraded and we chose Mandriva 2010.2 Linux for the server. Why? The primary reason is we know Mandriva has some easy GUI tools for new system administrators to use to get started. The secondary reason is we are most familiar with the Mandriva distribution “under the hood” here at ERACC. So we can provide the “not so easy” administration tasks that may be needed at the CLI. (A recent repair of the Bind / rndc configuration was one thing the GUI tools could not handle.)

One example of administration at the CLI that we will be providing in the future is installation of a  BiblioteQ library managment system. The client has an on-site library that is not “computerized”. The library will get one of the older PC systems that is being retired from daily desktop use. They eventually want library management software and we have recommended BiblioteQ on Mandriva on the retasked PC connected to a database on the Linux server. The setup of and connection to a BiblioteQ database is non-trivial for those unfamilair with the Linux CLI, so we will be doing that for them.

The server hardware is a Dell PowerEdge 2900 with 2 GB RAM, two Xeon dual-core CPUs and a PERC 5/i RAID controller with a pair of 160 GB SATA drives in a RAID1 configuration.Dell PowerEdge 2900 Linux File Server The old 160 GB SATA disks in a RAID1 configuration were backed up to a 1 TB NAS unit using a live PartedMagic Linux CD-RW disc. The server was booted with the PartedMagic disc. The NAS share was then mounted via NFS and the data on the NTFS partitions of the SBS 2003 installation were simply copied to the NAS. A simple copy was good enough as the SBS 2003 system was just used as a file server. Copying NTFS data with PartedMagic Linux Had the system also been a database server then additional steps would have had to be taken. If it had been a vendor lock-in Microsoft SQL Database server, a migration to Linux might have been too costly to do at this time. (Comments on experiences migrating from MS SQL on a MS server to a different database engine on a Linux server are welcome.)

Once the 160 GB RAID1 was copied and verified the system was shut down and a pair of 500 GB SATA drives were installed in the hot swap drive bays. A new RAID1 configuration was initialized on the PERC 5/i controller using the new 500 GB drives. Then the system was rebooted with a Mandriva 2010.2 Linux x86_64 DVD. The installation of Mandriva went smoothly and the system was rebooted once the install completed and the DVD removed.

The Bind 9.7.2 server was installed for mapping IP addresses to local area network (LAN) systems and to forward non-local requests to the router. Each PC is assigned a static IP address and these were mapped to the machine names for each PC under Bind.

All the user accounts from the SBS 2003 installation were recreated as Linux users on the server to create the private directories under /home where we would place their server based “My Documents” directories from the old SBS 2003 setup. Then remote media sources for Mandriva were set up and SAMBA 3.5.3 was installed. SAMBA was configured with the information for the workgroup used on the SBS 2003 setup. The users were added as SAMBA users using Mandriva’s excellent DrakSamba tool. Mandriva Linux Control Center 2010.2 DrakSamba At this point each user’s PC was accessed and the network drive shares were checked and recreated as needed. Then, while logged in to the user’s PC, each user’s server based “My Documents” directory was copied to the user’s /home directory on the Linux / SAMBA server and the Microsoft “shortcut” for that was recreated on the user’s Microsoft desktop.

The old setup and the new setup both required an installation of the PowerChurch church management software (Only available natively for Microsoft systems.) to be accessible from most user’s PC systems. Since the SAMBA server had the same network name as the SBS 2003 server, the PowerChurch software share was recreated under SAMBA to be the same path it had been on SBS 2003. When tested from each user’s PC this “just worked” and the PowerChurch software loaded as if nothing had changed.

At this point the upgrade from SBS 2003 to Linux is done. Some call this a “migration”, but we here at ERACC think of any move from Microsoft to Linux as an upgrade, so that is what we call it. Over the next few weeks each user’s PC will either be replaced with a new PC running W7 Pro or migrated to W7 Pro from XP Pro. To date, two of these are done and we are working on the third one this weekend. In case you are wondering, the W7 Pro installations work just fine with SAMBA 3.5.3 on Mandriva 2010.2 Linux.

download
download.com

Notice: All comments here are approved by a moderator before they will show up. Depending on the time of day this can take several hours. Please be patient and only post comments once. Thank you.

Notice: Some of you are sending us comments with obviously bogus e-mail addresses. Your comment will not be posted while using a bogus e-mail address. Please read our comment policy on the front page of our web log. Thanks.

If you cannot abide by our policy then please comment about this article on other sites:

Reddit Comments

LXer Comments

Linux Today Comments

Open Source: FOSS Security Updates vs Microsoft Patch Day

It is almost that time again. The ritual of installing Microsoft patches released on the second Tuesday of each month to fix security problems with its operating systems and software. My company will be monitoring and installing these updates again for some of our local clients this week.

It is an ironic coincidence that I have received update notices from Mandriva for software installed on my Linux PC systems as well this weekend. These updates come regularly from the upstream developers through Mandriva to Mandriva end-users.  These updates may be simple code fixes for bugs, upgrades to get new versions of software or security fixes to patch possible security problems. While looking at these today I thought it would be interesting to compare vulnerability wise what I am getting from Mandriva today with what Microsoft customers will be getting on Tuesday 14 September 2010.

First, to understand Microsoft's vulnerability code words one must know the terminology Microsoft uses and what it means. This is found in this table borrowed from Microsoft:

Rating Definition
Critical A vulnerability whose exploitation could allow the propagation of an Internet worm without user action.
Important A vulnerability whose exploitation could result in compromise of the confidentiality, integrity, or availability of users data, or of the integrity or availability of processing resources.
Moderate Exploitability is mitigated to a significant degree by factors such as default configuration, auditing, or difficulty of exploitation.
Low A vulnerability whose exploitation is extremely difficult, or whose impact is minimal.

Then one needs to see the Microsoft Security Bulletin Advance Notification for September 2010. If that URL is broken or does not work for one I created a PDF document from that page. What we see are nine "bulletins". The word bulletin is Microsoft-speak for "a problem with our code" or "a vulnerability in our code". The euphemistic term bulletin sounds urgent, no?

Then we see the various software that is afflicted with the problems requiring patches. For our purposes today I am going to ignore all but those that affect Windows 7. Why? Because I am using the latest Mandriva release and anyone using Linux on the desktop is more than likely using a recent release. Or at least a release that is newer than XP sp3 or Vista sp1. So the only fair comparison is to stick with Windows 7.

Windows 7 has three patches. These are all marked as Important which, based on the table above, means they each are "A vulnerability whose exploitation could result in compromise of the confidentiality, integrity, or availability of users data, or of the integrity or availability of processing resources." Looking at that definition again some may wonder what the heck it really means? Essentially it is saying one's system might be compromised, also known as cracked and improperly known as hacked, if this patch is not installed. The compromise cannot be "automatic" based on Microsoft's judgement of the problem in Microsoft's code. So, it likely would require one to click on a URL or open a file to create the compromise. Gee, that cannot be too serious then, right? Oh wait, it CAN be serious! So, you Windows 7 users need to make sure you get those patches.

Now I will examine the updates I am getting from Mandriva. I get a GUI popup that updates are available and  have opened that in one of my desktop workspaces. However getting a list from a GUI is problematic. Here is the list as generated from the Mandriva command line command 'urpmi –auto-update -v':

  beagle                         0.3.9        40.3mdv2010.1 i586
  beagle-evolution               0.3.9        40.3mdv2010.1 i586
  beagle-gui                     0.3.9        40.3mdv2010.1 i586
  beagle-libs                    0.3.9        40.3mdv2010.1 i586
  firefox                        3.6.9        0.1mdv2010.1  i586
  firefox-en_GB                  3.6.9        0.1mdv2010.1  i586
  gnome-python-extras            2.25.3       18.2mdv2010.1 i586
  gnome-python-gtkmozembed       2.25.3       18.2mdv2010.1 i586
  gnome-python-gtkspell          2.25.3       18.2mdv2010.1 i586
  kernel-desktop-2.6.33.7-1mnb   1            1mnb2         i586
  kernel-desktop-devel-2.6.33.7> 1            1mnb2         i586
  kernel-desktop-devel-latest    2.6.33.7     1mnb2         i586
  kernel-desktop-latest          2.6.33.7     1mnb2         i586
  kernel-source-2.6.33.7-1mnb    1            1mnb2         i586
  kernel-source-latest           2.6.33.7     1mnb2         i586
  libnspr4                       4.8.6        0.1mdv2010.1  i586
  libnss3                        3.12.7       0.1mdv2010.1  i586
  libxulrunner1.9.2.9            1.9.2.9      0.1mdv2010.1  i586
  nss                            3.12.7       0.1mdv2010.1  i586
  nvidia-current-kernel-2.6.33.> 195.36.24    3mdv2010.1    i586
  nvidia-current-kernel-desktop> 195.36.24    1.20100901.3> i586
  rootcerts                      20100827.00  1mdv2010.1    i586
  xulrunner                      1.9.2.9      0.1mdv2010.1  i586
  yelp                           2.30.1       4.2mdv2010.1  i586

These updates are better shown grouped and explained this way:

firefox

"Security issues" were identified and fixed in Firefox and Mozilla-Thunderbird. The software below relies on some functionality from Firefox and thus also needs to be updated. Technically this is not a "Linux" update. It is a Firefox update that affects some FOSS software that happens to be on my Linux desktop PC. Happily Mandriva provides for these updates in its package management system. Firefox on Microsoft Windows 7 must also be updated. But that is not shown in the Microsoft security bulletins and one cannot get that update direct from Microsoft.

  • firefox-en_GB (Why no firefox-en_US? I don't know.)
  • beagle
  • beagle-evolution
  • beagle-gui
  • beagle-libs
  • gnome-python-extras
  • gnome-python-gtkmozembed
  • gnome-python-gtkspell
  • libnspr4
  • libnss3
  • libxulrunner1.9.2.9
  • nss
  • rootcerts
  • xulrunner
  • yelp

kernel-desktop-latest

Four "vulnerabilities" were discovered and corrected in the Linux 2.6 kernel. The software below is all related to the Linux kernel and thus also needs to be updated.

  • kernel-desktop-2.6.33.7-1mnb
  • kernel-desktop-devel-2.6.33.7-1mnb
  • kernel-desktop-devel-latest
  • kernel-source-2.6.33.7-1mnb
  • kernel-source-latest
  • nvidia-current-kernel-2.6.33.7-desktop-1mnb
  • nvidia-current-kernel-desktop-latest

The words "security issues" and "vulnerabilities" are not my words. These are how the updates are described by the Linux/FOSS community. If one wants to know about the vulnerabilities and security problems as reported then these two URLs will explain the details:

http://www.mandriva.com/en/security/advisories?name=MDVSA-2010:173 (for Firefox)

http://www.mandriva.com/en/security/advisories?name=MDVSA-2010:172 (for Linux kernel)

Okay, so what does this all mean? Is Linux and FOSS less secure and more vulnerable than Microsoft Windows 7 because there are more updates shown here? No, not really. In fact, even if I did not apply these updates and some virus authors were trying to crack Linux, my risk of my Linux desktop PC being successfully cracked is low to zero. Did you get that? I will repeat what I said, "In fact, even if I did not apply these updates and some virus authors were trying to crack Linux, my risk of my Linux desktop PC being successfully cracked is low to zero."

Some ignorant people argue that Linux and FOSS are not cracked much because Linux and FOSS are not all that popular. The argument then goes on to state that Microsoft systems are cracked often because they are more popular and this makes Microsoft a bigger target. That is absolutely false. Linux security updates if not applied to a typical Linux desktop system will most likely not result in that system being compromised. The converse is not true of Microsoft systems. Don't update Microsoft and one will definitely be at a higher risk of likely to certain one's Microsoft desktop system will be compromised with malware. Even then one's Microsoft PC is still vulnerable due to basic design flaws in the operating system.

Frankly, it requires much more effort to crack a typical Linux desktop PC than to crack a typical Microsoft desktop PC. Heck, even the United States National Security Agency (NSA) thinks so. This is covered in a document about its Security-Enhanced Linux a.k.a. SE Linux. This excerpt from the Introduction is telling (my comments are in red):

Unfortunately, existing mainstream operating systems (meaning Microsoft) lack the critical security feature required for enforcing separation: mandatory access control (MAC) [17] (SE Linux adds this).

The document goes on to state that mandatory access control a.k.a. MAC is needed and is added in SE Linux. However, the interesting point here is that the basic structures needed to be able to add MAC are already in Linux but not in Microsoft systems. This means Linux systems already have a higher security standard "out of the box" than Microsoft. Plus, I doubt even the US NSA can get source code to any Microsoft OS without paying dearly and then signing a raft of Non-Disclosure Agreement documents.

So, go ahead and patch those Microsoft Windows 7 systems and then keep on worrying they will be cracked anyway. I think I will put off my Mandriva updates until after I take care of our Microsoft clients and their monthly "Patch Tuesday" requirements … maybe I'll update my systems in December.

Internal ERACC advertisement: Windows users – need anti-malware (anti-virus) software? Get it from our on-line shopping site here: AVG Software

free hit counter
free hit counter

Notice: All comments here are approved by a moderator before they will show up. Depending on the time of day this can take several hours. Please be patient and only post comments once. Thank you.

Edit Sun Sep 12 21:30:41 CDT 2010: Change the first sentence in the second paragraph based on an accurate observation of the wording by a reader.

Linux: “Free” Software vs “You Get What You Pay For”

This article has been bounding and jumping around in the nether regions of my mind for quite a while now. It decided today that it needs to be set free.

Everyone of us has heard or read some form of the old phrase, “You get what you pay for!”. The gist of this phrase is basically if something is “free” or low cost it is probably worth nothing or very little. However, is this true when applied to Free Open Source Software (FOSS) and Linux? Looking at my usage of both I would have to say a resounding, “No!”.

As an advocate for using FOSS in general and Linux in particular I have pondered this apparent conundrum for a long time. With FOSS and Linux I get “free” software and it is worth quite a lot to me in terms of usability and function. Frankly, both would be worth quite a lot to anyone who used them. The fact that the software is free of a monetary cost in most cases does not make it worthless.

You see, one also “pays” for something with time, effort and energy. Each of us has a limited life-span. The time we choose to “spend” on anything is gone forever. No matter how much we may desire it we cannot get that time back. Therefore our most precious commodity is our personal time. I have taken the time, effort and energy to familiarize myself with FOSS and Linux, so I have “paid” for it in those ways. The more time, effort and energy I apply the more I get out of FOSS and Linux. At this point I am very comfortable with Linux on my desktop and FOSS for my work and play.

I also spent time, effort and energy learning about Microsoft products, IBM OS/2 (now eComStation) and SCO Unix systems. In all of those cases I had to spend money as well. Basically I had to “double invest” in those products. Why do I say “double invest”? Well, I also had to spend time, effort and energy to earn the money that I spent on these products that I then had to spend more time, effort and energy to learn. With FOSS and Linux I only have to invest once, not twice.

Now we come to a corporate reason to switch to FOSS and Linux. One which many Pro-Microsoft FUD spreaders dismiss out of hand. A corporation with several dozens to thousands of Microsoft desktop systems has to also spend money as well as time (more money), effort (more money) and energy (more money) to get up to speed on new, likely expensive, closed source software and the hardware for same in the case of Microsoft Windows 7. With FOSS and Linux these same corporations have the option to bring all their support in-house and only spend time, effort and energy to get fired up on FOSS and Linux. The mythical idea that IT managers want a “throat to choke” when things go wrong is a red herring here. If one wants a choke-able throat at hand what better one than in-house support? Some people on staff that have a clue about installing, using and fixing FOSS and Linux is the better choice than some people working for some other company at the other end of a phone number.

Some may ask, “What about those stock holders in a company? Won’t their dividends suffer in a switch that is possibly as disruptive as a switch to FOSS and Linux on the corporate desktop?” Sure, in the short term, a corporation may spend less to stay with proprietary, costly, closed source software and keep dividends up for stock holders. But anyone with the ability to think ahead and plan for long term results can see that down the road switching to in-house support using FOSS and Linux will mean significant savings for a corporation in the long term. It could also mean more dividends for stock holders, those people that Microsoft FUD mongers try to point to as blockades for moving off of Microsoft. Any company that I hold stock in should be thinking in the long term and should be switching to FOSS and Linux.

So, what will it be for you? Will you keep paying twice for your software in both money (earned with your time) and personal time (more precious than money) for learning? Or will you choose to switch to FOSS and Linux on your desktop and only “pay” for the software once? I will just keep paying once, thank you.

Need a new computer with Linux? Get one from ERACC with your choice of Linux distribution already installed and ready to use! Or get one from Dell, system76, ZaReason, or find a local system builder near you.

Unique visits for this article:

free hit counter
free hit counter

Notice: All comments here are approved by a moderator before they will show up. Depending on the time of day this can take several hours. Please be patient and only post comments once. Thank you.

Edit Sun Jun 20 14:17:10 CDT 2010: Fix URLs and edit comments for same in the last paragraph.

Security: FOSS/CSS Updates – Are They Worth Anything?

The short answer: Updates are worthless if one does not apply them.

Once again I find myself cleaning malware off of a home user’s Microsoft based notebook PC. Once again, while it has anti-virus software installed it was infected by a “drive-by attack” from a web page. It was infected with the Antispyware Soft fake anti-malware nag and FUD software. The installed Norton Antivirus, which is up to date, did nothing to stop this attack and was then disabled after the malware got on the system. What happened?

As I type this article the notebook PC’s Microsoft system is downloading and applying updates. Many updates. At least a couple of years of updates. Maybe more than that. The IE browser was pre-IE8 and was not patched with security updates even then. The Firefox browser, which is set as the default, was also not up to date. If the system had not been infected and given into the care of my company to clean up it would likely never see another software update applied. Even though the system was set to download and apply updates automatically, the scheduled time was set for 3:00 AM. A time when this notebook PC owned by an older lady will never be on.

Unfortunately, on consumer desktop and notebook PC systems we in the IT community that services this market often find that software updates are not applied. This includes all software updates, not just those that apply to security flaws in software. It seems that in general people with home computers fall into these categories:

  • Ignorant that updates are needed to protect their PC from malware and fix known bugs in the software. These people never apply updates even if notices are popping up to inform them of updates. If the PC is infected they may be blissfully unaware they are using an infected PC.
  • Aware that updates are needed but lackadaisical about applying them. These folk put off updates for many reasons, but mainly because it is inconvenient to apply updates.
  • Aware that updates are needed and apply them regularly.
  • Absolutely fanatical about making sure updates are applied as soon as they are available.

It appears from my experience that the majority of non-technical end-users who end up with infected systems fall into the first category. The second category is a smaller group that have just been lucky to not yet have an infected PC. These two categories of users are almost all Microsoft operating system users. The latter two categories are the small group of users that are more technical and/or security conscious. The more security conscious but non-technical are usually those who have had to deal with a prior PC infection. The latter two categories rarely or never see an infection. The Open Source community of Linux users is generally more technical at this point and thus more likely to take updates seriously.

The main problem as I see it is one of education. A lack of training that emphasizes the importance of getting and applying software updates as soon as possible. Ignorance rather than sloth. There is no government required training course or license to use a PC as there is to drive a car. But I am not calling for government regulation because most government regulations are already too invasive and burdensome. The world needs less government and more personal responsibility, not more government oversight. The answer does not lie in some government regulation.

What can we do about this problem? I can think of at least two.

  • Those of us who sell to consumers PC systems with popular operating systems installed could take the time to explain to our customers the importance of software updates. We can make that part of the sale (Are you listening Dell? HP? Best Buy? WalMart?) instead of just “selling” Microsoft, Apple or Linux based PC systems and leaving the end-user ignorant. Instead of selling anti-malware as the answer to all malware woes we can be honest and admit that no software is able to make a PC perfectly safe (especially not Microsoft’s operating systems). Then emphasize the importance of getting and installing software updates as they become available. Inform the customer that security is a process, including an awareness of the need for security updates, not a product. Sure, there are still those consumer end-users who will not “get it” and will still not apply updates. But more people being made aware of the importance of software updates will mean more people are likely to take updates seriously and apply them.
  • Automate all updates by default in software on systems expected to be purchased and/or used by the average consumer. Even major updates like XP Service Pack 3 (do not change the original license terms thus requiring end-user agreement, Microsoft, and you can do this too). Then setting such automated updates to apply at some time when the computer is likely to be on. Perhaps default scheduling of the updates to start after the system has been on for half an hour instead of some fixed time in the wee hours of the morning when most home PC systems are off. With FOSS systems that use online software repositories this would mean almost all the software would be updated. The exceptions would be software that the user got outside the repositories. Yes, make this the default but leave options for the user to schedule updates or disable updates altogether. The user that has no clue will be a bit more protected by this proactive approach. The user that already is aware of the need for security processes will be able to handle this just fine.

Oh yes, if an automatic update that applies every update is selected we can be sure there will occasionally be hiccups in the process. The end-user should be informed of this probability up front. Not unpleasantly surprised after the fact.

If any of you have some interesting ideas about making average end-users aware of the importance of applying updates please feel free to post a comment. Comments that average end-users are all “morons” are unwelcome. Try to be a bit more thoughtful than that.

Unique accesses to this article:

free hit counter
free hit counter

Notice: All comments here are approved by a moderator before they will show up. Depending on the time of day this can take several hours. Please be patient and only post comments once. Thank you.

Linux: Updating a Linux Unfriendly Motherboard BIOS

You have a relatively new PC with your favorite Linux distribution installed. You are content and all is well with the world. Then you discover that your motherboard needs an update to the BIOS to allow some new hardware to work properly with your PC. Alas! Your almost new PC, which has an on-board floppy controller, was shipped with NO FLOPPY DRIVE. The BIOS update procedure, of course, requires a bootable floppy with (Egad!) Windows 98 DOS or higher. What the heck do you do?

I recently ran into just this problem with a ~2 year old Mandriva Linux based PC that my company built for a client. Of course, I have floppy drives I could use temporarily in this PC to update the, unfriendly to Linux, BIOS. But as I was pondering the situation I wondered what would I do if I did not have a floppy drive to use? Then I realized almost every PC made in the last 10 years or so has at least a CD drive from which one may boot a “Live” OS. This PC is no exception as it has a DVD?RW drive installed, actually two of them. One can create a bootable CD with a Windows 98 floppy image and load a BIOS update from a virtual disk created from that same boot.

While I do have a “legal” copy of Windows 98 I do not have that copy of Windows 98 installed anywhere at the moment. Also, my Linux work PC does not even have a floppy controller in it. So, I began to look around the internet for a bootable Windows 98 image and found one at the Boot Disks web site. Then I needed to get the BIOS update utility and the BIOS update image onto that ISO before burning a CD with the Windows 98 ISO image. A little bit of research with my current favorite search engine turned up ISO Master. I checked my Mandriva 2010 packages and there it was, waiting for me to install it:

Mandriva urpmq -i isomaster Results
Mandriva 'urpmq -i isomaster' Results

I installed ISO Master and opened the Windows 98 ISO file with it. I then used the ISO Master file browser to find the BIOS update software I had previously extracted from its “zip” file and dragged those to the file list in the ISO. Using the Save As option from the ISO Master File menu I created a new ISO file with the new files included:

ISO Master - New ISO Image
ISO Master - New ISO Image

I then created a bootable CD-RW disk from this new ISO using k3b from my fluxbox menus. I used CD-RW so I could update the disk image later as needed and then reuse the CD. I then booted the system needing a BIOS update using the Windows 98 bootable CD-RW disc. The Windows 98 DOS complained about the partitions on the hard drive, but I just ignored that as I already knew it would not “like” the ext3 partitions. The ISO image I chose at Boot Disks creates a RAM disk with the contents from the image in that disk. I switched to that RAM disk, started the BIOS update program with the switches needed to update the BIOS and watched as the update completed successfully.

I then removed the boot CD and rebooted the PC. The motherboard complained of a BIOS checksum error, which was also expected, and asked me to press “F1” to continue and load the BIOS setup screens. The BIOS settings were back to factory default so I changed the ones that needed changing, mainly the boot order. Then I saved the BIOS settings and rebooted again. No errors this time and the Mandriva 2010 Linux installation booted without a hitch. I checked to see if Mandriva 2010 now saw the new hardware. Yup, there it was.

So, if you find yourself in the same predicament maybe this article will help you get your BIOS update done. A comment to let us know this helped you would be appreciated!

This article has had this many unique views:

click for free hit counter
FREE HIT COUNTER

Notice: All comments here are approved by a moderator before they will show up. Depending on the time of day this can take several hours. Please be patient and only post comments once. Thank you.

Edit Mon Apr 5 11:21:50 CDT 2010: Remove URL to Boot Disks site per Frank’s comment.

Virtual Control – Linux, VirtualBox and OS/2 or eComStation

This is part one of a two part article about a “real life” control system that is a candidate for moving to a VM on Linux. This control system is being used right now in a real manufacturing facility.

Last year in February I wrote the article “Windows 98? Linux and VirtualBox! (Maybe)“. It is about using VirtualBox to perhaps keep an old Windows 98 system running in a virtual machine (VM). In that article I touched on the concept of a business that runs a system controller on old hardware that may be saved by moving the system to a VM. This article is a follow-up on that concept to cover a recent test we did at ERACC for moving a control system from “real” hardware to a VM. I have not asked permission to name names so I will just call the company that contacted me “client” and use first names only for the people involved.

Several weeks ago I was contacted by Stan at the client about an IBM OS/2 Warp 3 system that runs a critical control system in their manufacturing facility. The hardware for this system is around 15 years old and they recently had problems with the SCSI hard drive. The concern is that this old hardware is eventually going to fail completely as all things man-made eventually do. They could purchase a new control system, but that would cost in the tens of thousands of dollars. Perhaps $40,000/US or more for the controller and cost of the installation from the control system manufacturer. In this current poor economy businesses are looking for ways to save money so a solution with a $40K or more price tag is going to be very carefully researched before such an expenditure will be made. This case is no exception. In the course of the client’s research my company was discovered as we still support OS/2 in its current incarnation as eComStation.

So Stan contacted me. He wanted to know if we could build them a new PC to run the current control system software. I assured Stan we could do that, but I suggested that we try running the software inside an eComStation VM using VirtualBox on a Linux system first. My reasoning is if it works this “future proofs” the current control software and keeps them from having to purchase a new system any time soon. I planned to help get the VM up and running at their facility and all of this could be done for well under $2500/US. I mentioned that I would need a disk image of his current control system and would work from that to create a VM with which to test. Stan agreed this sounded like a good idea and said he would get the disk image done and get back to me.

A few weeks passed. Then I received a call from Stan saying the disk image was ready on a USB thumb drive. I gave Stan our shipping address and he placed the thumb drive in the mail to us. When the thumb drive arrived I brought it to my work PC and copied the “disk.img” image file. This PC runs Mandriva 2010 Linux on an AMD Phenom quad-core based motherboard which includes AMD’s hardware virtualization. One needs hardware virtualization to run OS/2 or eComStation in a VirtualBox VM. The disk image was converted to a VirtualBox virtual disk image (VDI) using the command:

VBoxManage convertdd ./disk.img /data1/virtual_machines/virtualbox/vdi/disk.vdi

This VDI was then used to create a VM to try to boot it. Unfortunately it would not boot. So a new VM and VDI was created using eComStation 2.0 release candidate 7 (eCS2rc7). This new VM was booted and the VDI created above was mounted as a second “disk” in the VM. The data and programs were copied from the mounted second VDI to the new VDI and testing began. After editing the eCS2rc7 startup files, CONFIG.SYS and STARTUP.CMD, to include the relevant software for the control system the VM was rebooted. The first reboot failed as some of the old OS/2 Warp 3 based drivers failed to load. It was determined by trial and error what new drivers were needed to replace the old ones and which of the old drivers are irrelevant when using a VM. Finally we had a booting VM that started the control software.

We discovered that the control software uses TCP/IP to “talk to” the manufacturing hardware. This is important because a custom hardware interface would likely not work in this case. Any control software that communicates using TCP/IP or serial connections is likely to work just fine though. We had what we needed to know to proceed with this project. I contacted Stan and sent him the data, with screen shots, in an e-mail. Stan forwarded the information to MIS at the client. As of now we are waiting for MIS at the client to give the go ahead to continue. I am confident that this will get a “green light”, so I am “jumping the gun” a bit with this article.

I will write part two once the project has proceeded to its conclusion, good or bad. Although, “good” is the only outcome I think is likely.

This article has had this many unique views:

click for free hit counter
FREE HIT COUNTER

Notice: All comments here are approved by a moderator before they will show up. Depending on the time of day this can take several hours. Please be patient and only post comments once. Thank you.

Edit Sat Mar 20 12:25:38 CDT 2010: Fix typo as pointed out by John Angelico, Thanks for the “heads up”.

GNU/Linux: rdesktop – Working on a Windows Based PC Remotely

Time does pass quickly. I just realized it has been over two months since I had time to write an article here. I finally found something new I want to write about, so I am taking time to do that now. Please feel free to leave a comment.

Today I am working to finish setting back up a Microsoft XP Professional based Dell Optiplex 755 system for one of my local clients. It had a dinked-up Windows Registry and needed to have a fresh install done. This model does not include PS/2 mouse and keyboard ports. When I took this system in on Friday I did not realize I have no available USB optical mouse to use. Nor do I have a PS/2 to USB adapter on hand. While this will be corrected in the future, the only USB mouse I have on hand is a small Belkin mouse for use with a laptop. This mouse uses a ball instead of optics to move the pointer and it has a very short cord. A USB extension cable solved the short cord problem. This would be a good solution if the mouse were not worn out from use causing the pointer to not be easy to move all the time. As a result, to say I hate using this mouse is an understatement. During the reinstall of XP Professional on this PC I finally got to the point where I had to do something to relieve the pain.

When I originally worked on the systems for this client I set up TightVNC on all the systems at the location. Then, using non-standard ports, I configured their router for remote access to be able to support these systems remotely using the Java based web connector in TightVNC from my Firefox web browser. This works wonderfully for all the systems at the location … except for this #@$% Dell Optiplex 755. For some reason TightVNC would never receive a remote connection on this system. I tried over and over to get it working but never was able to resolve the problem. However, in reinstalling the system I had hopes that TightVNC would now work so I would not have to use this awful mouse to finish setting up the system. Unfortunately, even after a wipe and reinstall of Microsoft XP Professional TightVNC will not make a connection. At this point I suspect it may have something to do with the Intel video built-in on the motherboard. Apparently the Microsoft Windows driver for this Intel video chip is incompatible with TightVNC. It is rare that TightVNC will not work, but it does happen. However, I still needed a way to connect to this PC for remote support as well as to end my scroll-mouse pain trying to set it up using this horrid, worn out Belkin mouse.

Suddenly, as if a light from Heaven illuminated my head, I recalled there is another tool for remote access to Microsoft Windows based computers. I could not remember the name so I did a quick web search. Sure enough I found references to ‘rdesktop‘ for connection to Microsoft based Remote Desktop Protocol (RDP) servers from Unix and GNU/Linux. A check of the installed packages on my Mandriva 2010 PC found that rdesktop was already installed and waiting for me to use. I checked the rdesktop manual page (man rdesktop) to see how it works. Following that I set up remote desktop support on the Microsoft XP Professional PC. Then I used the following line to connect to the Microsoft XP Professional PC:

rdesktop -a 16 -u MSUSER -p MSPASS -g 1024×768 REMOTEIP:REMOTEPORT

Success! It worked! Not that I had doubts it would work … okay, I admit I did have some doubt. After the TightVNC problem I was concerned that no remote access would work on this PC. Fortunately for me I was wrong.

I will explain what that rdesktop line above does. The “-a 16” specifically sets the color depth to 16 bpp for the connection. One may use 8, 15, 16 or 24 bpp for the color depth. I tried 24 bpp but received a message from rdesktop that it was not supported in this instance. The “-u MSUSER -p MSPASS” passes the Microsoft user login name and password for that user to rdesktop to send to the RDP server on the Microsoft PC. This bypasses the login prompt one would otherwise have to use. The “-g 1024×768” sets the local rdesktop window geometry to 1024 width by 768 height. The “REMOTEIP:REMOTEPORT” in this case are 10.10.10.101:3389, which are the values for the system while connected to my LAN. One may leave off the port number of 3389 as that is the default port. However, I am going to be using this over the internet with a non-standard port so I am practicing including the port now to ingrain it in my memory.

Below is a screen shot showing this working on my system:

rdesktop with XP-pro at eracc

Click to view the full size image.

Now I have a new, to me, tool to use to support my clients that insist on running Microsoft operating systems. After about ten years of looking into and using GNU/Linux for my own use I have not found a thing that I need to do that I cannot do using GNU/Linux. I expect over the next ten to twenty years more and more people will discover the same results with GNU/Linux for themselves. I look forward to watching that happen.

This article has had this many unique views:

design schools

Notice: All comments here are approved by a moderator before they will show up. Depending on the time of day this can take several hours. Please be patient and only post comments once. Thank you.

GNU/Linux: Virtualbox for solving a common small business problem.

We have all heard the GNU/Linux naysayers posit that, “No one will use Linux until (insert application name here) runs natively on Linux.” Other than the fact that this is almost pure hyperbole there is some kernel of truth there. This article demonstrates one solution.

Many small business owners may want to move to Linux for any number of reasons. A large number of them hold back because their business relies on Windows XP Pro or Vista Business to run QuickBooks with Payroll, which has no strong Linux equivalent. Sure, there are accounting applications with Payroll available for GNU/Linux but most accountants that support small businesses only know QuickBooks. To be able to use these accountants the small business owner must use QuickBooks. Running QuickBooks in WINE is not always the best answer as that has its own set of drawbacks.

Adding to this problem is many small businesses are very small businesses and may only need one computer for the entire business. This one computer must be used for web browsing and e-mail reading. Both of which are major inroads for malware on Microsoft systems. Yet the PC is also used for the accounting of the small business. Accounting data has a great deal of information that may be useful to criminals. However, malware is rife on Microsoft based systems making problematic any accounting data’s safety on a single multi-use Microsoft PC. What is the FOSS loving small business owner to do? Enter Virtualbox for GNU/Linux to the rescue.

I have just such a client that faced this same dilemma a couple of years ago when deciding to get a computer from my company for his small, family owned business. The fellow is a GNU/Linux user at his home but found that he needed to use QuickBooks at the business so his long-time accountant could “do her thing” as she is one of the QuickBooks accountants I mention above. This computer at the business also had to handle e-mail and web browsing safely. This gentleman did not want to risk his accounting data on a Microsoft based PC that was multi-tasked with e-mail and web browsing. Yet he had to have all of those on his one office computer.

I sat down with him and went over his options. After talking it over for a few days he decided to go with a new computer preloaded with the Mandriva Linux distribution like he used at home. Why? Because I had explained to him we could solve his problem by running a real Microsoft OS in a virtual machine on Linux. At the time all I knew how to use was VMware. So, I set him up with VMware on his new GNU/Linux system and he bought a Microsoft OEM CD and license for XP Professional to install in the virtual machine. I installed and set up the XP Professional in the VM and got his QuickBooks set up to save backups to a shared directory on his office system that would be transfered via rsync to his home GNU/Linux system for a daily backup of his important accounting data. He could web browse and e-mail to his heart’s content on his GNU/Linux desktop without fear of infecting his XP Professional that was running his QuickBooks in a virtual machine in a window on his desktop. Printing was (and is) handled by a Samsung small business network laser printer that works with both GNU/Linux and Microsoft systems.

This worked great until the first time I ran an update for him where Mandriva update installed a new kernel. After the reboot … bye bye virtual machine. I had to reinstall VMware and ran into a problem with the kernel headers that I had to fix by hand. This was not good. I was able to get him working again but it took more time and cost him more in support fees than it should have. I began to look for an alternative to VMware and found Virtualbox.

I discovered that Virtualbox is open source and can be distributed with GNU/Linux as opposed to VMware which is not open source and cannot be so distributed. We had a planned upgrade to upgrade his GNU/Linux to Mandriva 2009.1 this past Spring. This was the time designated to switch his virtual machine tasks to Virtualbox. Of course there is no easy way to migrate a VMware setup to Virtualbox. Following the upgrade of Mandriva I did a fresh install of his XP Professional in Virtualbox, reinstalled his QuickBooks and recovered his accounting data from the latest backup file on the shared directory. This has been working well ever since.

So, if you are a FOSS loving small business owner that must have QuickBooks for your accountant, check out GNU/Linux with Virtualbox running a real Microsoft OS. While this is not getting completely away from Microsoft, which may be your goal, it is a step in the right direction. In the future maybe Intuit will see the light and develop QuickBooks for the GNU/Linux desktop as well. Or maybe accountants will learn to use FOSS accounting software and save Intuit the trouble of having to make QuickBooks on GNU/Linux for everyone to buy.

This article has had this many unique views:

free hit counter
download free hit counter

Notice: All comments here are approved by a moderator before they will show up. Depending on the time of day this can take several hours. Please be patient and only post comments once. Thank you.

GNU/Linux Security: Linux House vs Microsoft House

This is the second article in my series about GNU/Linux security for the GNU/Linux curious and new GNU/Linux user. The first article is here: GNU/Linux Security: Ubuntu has been Cracked!

There are many attempts to explain the differences between GNU/Linux and Microsoft products when it comes to security. In this article I am going to make yet another attempt. I want to make this as simple as I can for the non-technical users out there. Especially those that are using Microsoft products and cannot conceive of anything that is more secure by default. If you are a technogeek god then ignore the fact that the explanations here are very simple. If you, in your great geekness, want to expound further then feel free to post a comment.

At base the Microsoft products all go back to a core that is built on the MS-DOS concept of a single task, on a single computer for a single user. There is little need to be concerned about security with such a design. This is a fine concept if one never attempts to use such a system for anything other than a single task, on a single computer for a single user. But that is not what Microsoft has done. The Microsoft products simply kept that single user, single computer base technology and added on multi-tasking (Running many programs at one time.) and networking (Connecting many computers together for sharing data, printers and so on.) Later multi-user capability (More than one user on a computer at the same time.) was added on top of this single user, single tasking core. Granted the multi-user capability is not really present in Microsoft desktop products, so we can ignore the fact that one may create multiple user accounts on a modern Microsoft based desktop system. I will call the Microsoft model a one-one-one model. (See comment #15 below from “paul”, he explains what I mean here better than I have myself.)

The problem with adding on these multi-tasking, networking and multi-user capabilities to the Microsoft one-one-one products is that there appears to originally have been no concern for securing these systems. The security concern only began once people began to see systems being cracked and exploited “in the wild”. However, there was a serious problem with securing these systems. To correctly raise the security bar for Microsoft systems “out of the box” the core of the operating system should have been redesigned from scratch. The backwards compatibility that has its roots in that single task, single user, single computer model would have to go away at some point. Apparently the high and mighty Muckity Mucks at Microsoft made an executive decision to not do that, ever. So, today we have Microsoft Windows 7 released and containing roots going back to that insecure one-one-one operating system design.

How is GNU/Linux different? A GNU/Linux desktop system is designed from the ground up along the Unix model of multiple tasks with multiple users among multiple computers on a network. I will call this a many-many-many design. As such the basic design also includes consideration for securing the operating system and data on same when many users may have access to the same system simultaneously. Therefore, when a GNU/Linux computer is taken out of the box for the first time it already has a higher security capability. This is because of the many-many-many design that included consideration for security from the beginning.

How does this apply in a real world scenario? Okay, because of the original flawed design decisions by Microsoft many third party software packages require that a user be running as a system administrator with full access rights to the computer, including to system files. So, by default when one pulls out a new computer with a Microsoft system installed the users are created as “administrator” users. This is a problem because now this administrator user can browse to an infected web page and see a pop-up with an “anti-virus” warning. Then our poor user will click the close button on the pop-up and become infested with “Antivirus 2010” or other fake anti-virus program that at minimum is irritating but may also have broader security implications by then installing other malware (Malicious Software) that can steal personal information. Because the user is an administrator with full access to the operating system’s files the malware that starts from the web page also has full administrator access and can install itself with impunity.

How can I blame Microsoft for these third party software packages and/or users being set up as administrators? Why not blame these third party software designers? Well, I do blame poorly written software that requires administrator access to work correctly. But I also blame Microsoft. Because Microsoft made the poor decision to stay with their one-one-one design and just “improve” it. At first the only way for any software to work correctly with these “improvements” was to have administrator access. Over the years this has changed, but rewriting all software to these new, more secure specifications is a slow and expensive process for the software companies involved. Microsoft should have scrapped that one-one-one model and redesigned the core operating system from scratch. That redesign should have looked something like Unix … or like GNU/Linux.

The GNU/Linux many-many-many system on the other hand works just fine when a plain user who is not an administrator uses programs on it. So, no software run by the user can affect system files. Further, no software on GNU/Linux is designed to automatically allow software to run from a web browser or e-mail application without the user’s knowledge. No open source developers I know are silly enough to think having such “capabilities” is a good idea. So, when our dear user browses to an infected web site and sees a pop-up about an anti-virus infection she can safely close that pop-up without worrying that an infection will occur in the background that will take over her computer. It is very unlikely that a web based malware script written with GNU/Linux as the target could find a way to even infect the user’s home directory. Why? Well, software that is downloaded from a browser instance is not set as executable. So, even if a browser could be made to download a file without the user knowing it the user would have to make changes to the file permissions to make it executable. There are no .EXE, .COM, .BAT or other files on GNU/Linux that can be run just because of their file extension. A file has to be a compiled application or a script and be set as executable before it will run. This automatically makes it much more difficult to infect a GNU/Linux system behind the user’s back. The effort required is much greater than with Microsoft based systems where the file extension makes the application or script able to be run.

I created a script and uploaded it to my web site to demonstrate this. Here is what a “ls -l” file listing of that script looks like when first downloaded:

-rw-r–r– 1 gene users 73 2009-10-23 22:28 a_script_for_you

See that “-rw-r–r–“? That means the owner of the file, the “gene” shown after the “1”, can read it and write to it but not execute it, “rw-“. The group, the “users” shown following “gene’, and everyone else, not shown but implied, can read but not write and not execute the script, “r–r–“. The dashes are placeholders for the bits that allow writing, “w”, and executing, “x”, of files. Now I will change the permissions on the script by hand and run it:

[gene@era4 ~]$ chmod 700 a_script_for_you
[gene@era4 ~]$ ./a_script_for_you
I can only run if you use the command ‘chmod 700 ./a_script_for_you’ or similar!

See? I had to explicitly intervene to make that script run. I would have to do the same if I downloaded a program from a web site. Browsers on GNU/Linux have no ability to change the script to be executable on my system without my knowledge. I have to be involved in the process, so I have to be convinced that making this program or script executable is a good idea. If this script comes from the “Joe’s Bar and Grill” web site and purports to be an upgrade for Firefox I am going to be very suspicious about making it where it will run on my computer. So should you. Social engineering attacks, where the bad guys convince a user to do something stupid, can still occur with GNU/Linux. So beware and be informed about those. But automated attacks that get system level malware installed through the browser or through e-mail are quite impossible on GNU/Linux.

This brings me to my illustration of the Linux House versus the Microsoft House. The Linux House is built with bullet-proof windows that are closed and locked. There are thick steel bar grills over all the windows. The Linux House has thick concrete walls, roof and floors. The Linux House has thick solid steel, bunker doors that bolt at both sides, the top and the bottom. Any thief that wants to get in and steal your family heirlooms is going to have to have some serious means of breaking and entering, like a bazooka or a tank. Yet all the security of the Linux House is behind beautiful and functional facades and the typical resident can be blissfully unaware of it most of the time. On the other hand the Microsoft House is pretty much like your house you live in now. It is quite adequate for day to day living but it is no serious impediment to a thief that wants to get in and steal your jewelry. It has plain old Windows. The thief can pretty much just break those Windows and climb in at will. You see, plain old Windows are no real way to stop a thief.

Can Microsoft operating systems be secured? Yes, they can, up to a point. But the starting point to secure Microsoft operating systems is far lower than the starting point for GNU/Linux systems. However, the flawed original design of Microsoft operating systems that underlie all modern versions of Microsoft operating systems keeps them more amenable to attack even when as locked down as possible. Of course, in reality, the only truly secure computer is one that is never used, by anyone. But then again, no one is going to spend money on a computer that cannot be used.

Any of you serious security types that want to share more information about GNU/Linux and its security by design model or have better illustrations than mine, please leave a comment.

This article has had this many unique visitors:

Powered by votectdirect.com school website.

Notice: All comments here are approved by a moderator before they will show up. Depending on the time of day this can take several hours. Please be patient and only post comments once. Thank you.

GNU/Linux Security: Ubuntu has been Cracked!

[Notice: If you do not like the title, read the article anyway. Otherwise, there is no point in sending me a comment as I will not post comments that state something like, "Your title suxxors! I refused to read your article after I read the first paragraph! You're just trying to boost traffic to your site! You're lame!!" Do you also go around judging books by their covers? 🙂 ]

Okay, I admit I created that title just to get your attention. It worked, you're here. What is the reason for such a provocative title? Other than the obvious tabloid hook, I want to explore the future of GNU/Linux. You know, the time in the near future when "Once 'Linux' is (as|more) popular (as|than) 'Windows' it will start getting all those viruses too."

First off, the problem with that statement is that there is no single homogeneous 'Linux' to be attacked, meaning GNU/Linux of course, as there is a single 'Windows' to be attacked. There are several hundred distributions of GNU/Linux all with differing release versions of software and underlying software libraries. The very heterogeneous nature of the GNU/Linux ecosystem makes creating a far reaching automatic malware attack difficult to unlikely. While one may find a way to automatically attack a large user base of a single distribution, like that of Ubuntu, the attack will not likely work across all or even most other GNU/Linux distributions due to the diverse nature of the versions of included software.

Calls from people without and within the FLOSS community to create a "single Linux" or to standardise all distributions are a danger to the security that is inherent in the healthy heterogeneity of GNU/Linux. No, I do not mean "security through obscurity", I mean security through diversity. Part of the problem with the Microsoft install base is that the Microsoft systems in use are all very similar. An automated attack that works on one of them will more than likely work on most of them. If there ever becomes a single GNU/Linux that contains 80% or more of the market then GNU/Linux will be less secure as a result. (See my correction for the previous sentence in comment #25.) In such a future a theoretical automated attack that could infect one GNU/Linux system would have far reaching consequences. Just as the malware that affects Microsoft systems has today.

We all know the weakest security link in a system is the user. I predict that social engineering attacks will be the most prevalent method of attempting to subvert GNU/Linux users. Even today a naive user running GNU/Linux could still be subverted with a phishing scam. However, since GNU/Linux has traditional Unix privilege separation an automated attack that can take over the computer from an unprivileged user login becomes much more difficult. Under traditional Unix privilege separation a non-root ("root" equals "administrator"), unprivileged user cannot change the system files. Could one overcome this privilege separation? Perhaps on a single distribution one could if one put enough time and effort into it at the time a security flaw that allows privilege escalation[1] is first discovered. But to make such an attack work across the huge diverse GNU/Linux ecosystem would be near to zero. That is, as long as GNU/Linux remains a diverse ecosystem.

What about the users that do not ever update their systems? Yes, this will still be a problem under GNU/Linux in the future of its World Dominance. There will always be users that do not update their systems either through apathy or ignorance. Any update that requires user intervention is unlikely to be installed by these users. Automated updates that are on by default can do much to overcome this problem. There are problems with automated updates too though. In some cases an automated update may cause a system problem. For example an update to the X windowing system that includes a new 3D driver may cause the GUI to not work on some systems. Should a problem like this affect a huge user base it would be a PR disaster. So, turning on automated updates by default is not encouraged in most cases.

What is the answer to the apathetic user problem? I do not have it. Some people just do not care about the security processes they need to know to be secure. There is no way to make them care unless they actually end up with a malware infection. Of course at that point these people are more likely to blame the operating system or the malware authors than themselves.

We can address the ignorant user problem though. Just because a user is ignorant does not mean the user is "stupid". Almost all users that fall in the ignorant category can be taught to protect themselves if they have an opportunity to learn good security processes and know they need to learn them. A local Linux User Group (LUG) can be an excellent source of training for our world full of future GNU/Linux users. If you do not have a LUG near you, then start one. Once you have, or discover, a local LUG then occasionally offer a Security Process Training Day through your LUG that covers the basics of what users need to know to keep their GNU/Linux systems secure and happy. Then encourage everyone you know that uses GNU/Linux near you to attend. You may even be able to get "free" advertising through local media outlets for a non-profit LUG.

The Bottom Line: We in the GNU/Linux community need to be proactive with our family, friends and neighbours that decide to use a GNU/Linux distribution. Since most of us already know and practice good security processes we can pass along our knowledge to the new user that may be ignorant but is willing to learn. For any user we run across that is apathetic about security we can encourage them to stick with Microsoft. After all, the apathetic users are already a drag on the Microsoft user base, let's not encourage them to bring their problems to our platform. Am I blaming these users? Yes, I am in the case of apathy. Sometimes the blame falls squarely in the lap of the user. Apathy about security is one of those "sometimes".

[1] Privilege escalation attacks take advantage of a flaw in a system level service that may be running with higher level privilege than a regular user. Exploiting the flaw gives the attacker a higher level of access which may allow compromising the operating system itself. These types of flaws can be found in any operating system at any time. GNU/Linux is no exception.

Read the next article in this series: GNU/Linux Security: Linux House vs Microsoft House

Internal ERACC advertisement: Windows users – need anti-malware (anti-virus) software? Get it from our on-line shopping site here: AVG Software

This article has had this many unique views:

Powered by votectdirect.com school website.

Notice: All comments here are approved by a moderator before they will show up. Depending on the time of day this can take several hours. Please be patient and only post comments once. Thank you.

Edit Tue Oct 20 13:01:16 CDT 2009: Change "blatant deception" to "provocative title" in the first paragraph. I think some folks are imploding after seeing the words "blatant deception". 🙂