Forgot your password?
typodupeerror
Linux Software

Correcting Common Linux Misconceptions? 44

Posted by Cliff
from the thou-shalt-not-fear-the-penguins dept.
abolishPenguinPhobia asks: "I am a teacher at a comm. college and was looking to install Linux on a couple machines for students to use. I figured since the students have to learn *nix anyway they might as well have access to some Linux machines. Anyhoo...I was told by the network administrator that the linux machines were not to be connected to the network for fear of viri, DoS attacks, and so on. My question for the /. community: Why do people fear Linux? It seems to me that people are misinformed that Linux is only a 'hackers' OS. How can we change this?" This is only one of the common Linux "myths", and there are several more where these came from. Is there a central clearing house of such myths and intelligent efforts at debunking them somewhere online?
This discussion has been archived. No new comments can be posted.

Correcting Common Linux Misconceptions?

Comments Filter:
  • So many distributions have left machines in a highly insecure state that they've gotten a bad reputation. The problem is significantly less now, but you'd have to come up with some "manufacturers" claims to back that up. Is the administration open to BSD? That may be a good alternative.
  • 8. Is your son obsessed with "Lunix"?

    BSD, Lunix, Debian and Mandrake are all versions of an illegal hacker operation system, invented by a Soviet computer hacker named Linyos Torovoltos, before the Russians lost the Cold War. It is based on a program called "xenix", which was written by Microsoft for the US government. These programs are used by hackers to break into other people's computer systems to steal credit card numbers. They may also be used to break into people's stereos to steal their music, using the "mp3" program. Torovoltos is a notorious hacker, responsible for writing many hacker programs, such as "telnet", which is used by hackers to connect to machines on the internet without using a telephone.
  • I'm sure he was suggesting they stay off the network for their own protection. After all, there are a LOT of viruses on Windows networks - especially if you're running Office.

    It's nice of him to try to keep the Linux boxes safe - but he shouldn't worry. They're strong enough to surive even in such a dangerous environment.
  • Reasoning? (Score:4, Insightful)

    by JMZero (449047) on Wednesday December 19, 2001 @03:38PM (#2727747) Homepage
    Was his fear based on Linux, or on the simple desire to limit the diversity of machines on the network. Security is easier to administrate when you limit yourself to a certain selection of OS's and products. He may even understand that Linux is typically very secure.

    I know my company often denies requests like this not out of fear of something, but of fear of _another_ something.
    • Hear, hear!
      Computers (or anything else connected to a network) should be actively maintained by someone who knows what they are doing.
      Of course the network admins would not want more port scanning eating at the bandwidth (or anything making their lives more difficult than it has to be).
      Some orgs have a policy of disconnecting misbehaving computers and charging (interdepartmentally) for reconnection (AKA lart).

    • ... but security is also better when you have multiple servers/OS/hardware architectures.

      Security will not be better when every PCs are the same and use the same software, system administration will be easier.
      • Security is better with multiple servers, simply because there are some exploits that require multiple services on the same machine. I'm not sure why you think multiple OS/hardware setups will make things more secure. There's plenty of ISP's that had one Solaris install, and that was the machine that got broken by sadmind exploits a year ago. That doesn't mean the Solaris box was less secure than the NT machines in the rest of their building - it means that sys admin time/knowledge was focused on another architecture and this left a hole.

        Security isn't necessarily going to be worse when you add a mix of systems. Security may get better, if you add a more secure box in place of a less secure one - and you have the resources to administer all the types of systems you have.

        However, because it's harder to administer, there's good odds it will be less secure in the end.
  • Well, going out on a limb here, I sincerely do not mean this as a troll. I am both a user of Windows and Linux, and I don't lean zealously in either direction. But, if nothing else, at least with Windows there's a large company with financial interest behind it all. Sure, Windows sucks in lots of ways, but at least you won't find them generally working toward what customers want.

    With Linux, it's a bit scarier. Not so much with the kernel as with desktop environments and applications. With WordPerfect for Linux, I felt like I was just being used as a pawn by Corel to get a foothold in a new market, and the quality of the software was secondary. Miguel, of Gnome fame, often sounds an overly idealistic college student. It makes me stop and think "Should I really be letting this guy determine the direction of the software my company uses?" Sure, you can pick and choose different products, but with Windows you don't have to. If you go with Windows 2000 or XP and Microsoft Office (or just Word) then you don't have to worry about making the wrong choice. There's often too much personal agenda behind open source software for Linux.



    "Life simply cannot exist in the solar system" - Dan Quayle
    • I disagree with your take. I use both Windows (unfortunately) and Linux (fortunately). I have less trouble deciding what to use on Linux than on Windows. With Windows I can't afford to make a mistake due to the cost of everything. When you are talking about spending several hundred dollars for Office versus one hundred dollars for Anyware 2.0 Desktop for Linux (from Vistasource) the decision is much easier. I can buy several different packages for Linux to find the parts that work for me.

      I can even go find Star Office (from Sun), or KOffice (from KDE), or Gnome Office (from Gnome) for free.

      And being a System Administrator for many years, I know how to secure a system, either a Linux/Unix system or a Windows system. Unfortunately neither Microsoft nor most of the Linux distributions (until recently) came very secure. Both have gotten a little better with recent releases. Unfortunately, it takes several years to get the older machine out of the loop. Given the fact that you can go to CompUSA or Best Buy or many other stores and get a new Linux distribution for under fifty dollars while a Microsoft OS will cost several hundred dollars, more folks are likely to upgrade their linux distributions. This doesn't totally fix security problems, but it does help get rid of some of the issues.

      While there may be personal agenda behind some open source software, there is a much worse agenda (IMO) behind Microsoft. Have you tried to find a competitive office suite recently? What has happened to web browsers? Where are the email programs that used to be out there? What about development tools? It is beginning to be like a song I remember from way back when "I owe my soul to the company store".

      Someone from Mircosoft once called Linux a virus, it seems to me that Microsoft is more of a virus as it is killing off everything else. At least with Linux you have choices. They may not all be good and they may not have all the features, but there is usually a choice.

  • Depending on your definition of a 'hacker', your results will vary -- if you mean someone who loves learning how things work, Linux is perfect for those types. Linux simply gives more control to the user, not the other way around. This also gives more control to the admin of the system. With a good admin, you can have a good system, even with malicious users on the machine. Connecting a Linux box to a network poses no threats unless that network is unsecure. Of course, even secure systems can be broken into, but thats ussually through social engineering or newly found exploits in the target OS. Seems that the admin fears that hes got an unsecure network, and doesnt know what can/can't hurt it.
    • Yes, the word 'hacker' is usually used when 'cracker' would be better. With a properly configured Linux/Unix machine, you can really restrict users. In the past, I have seen some that were locked down almost as tight as an IBM mainframe using RACF.

      While the standard permissions set on Linux/Unix isn't as rich as the ACLs on some other OSes, the capabilities are much more versatile. For instance, most Unix systems have rsh (restricted shell) that will completely lock down the programs to which the user has access. With rsh as their shell, they can't even execute a command if they know the full path to it.

      On most Unix systems, services can be locked down with limited access. On all Unix systems, services can easily be turned off. With no services running, you don't have to worry about being attacked nearly as much as you have no doors or windows (no pun intended).

      • "With rsh as their shell, they can't even execute a command if they know the full path to it."

        My community college set rksh to run with a path of /rbin, which gave access to random things like hostname, passwd, write, ls, and pine, but they didn't alter .login, so the final path ended up being /rbin:/home/$USER/bin, with the latter being user-writable. They used Win95 PCs to mimic the real world, so I used vim and the Explorer to write a shell script and set proper permissions on it; thanks to the magic #!, it ran the script unrestricted.

        That exploit is still open. Too bad their policy wouldn't let people report holes without getting in trouble.

  • I've spent most of my career as a technician dual booting Linux and Winblows. I'd run linux if I could but many of the places I've worked seem to think about linux in the same fashion as these folks. They believe it is some special secret tool to destroy networks. I've had my network priveleges taken away from me at 3 previous jobs because I was running linux. Sux. But finally I'm in a job where they recognize the beauty of open source. Most times its because the Network Admin is terrified about something he/she doesn't know (this is the case in ALL my situations). Instead of reading up on it they just assume that you are attempting to corrupt the entire network (what kind of network admin blieves this sh*t anyway?)
  • My bet is, he's a Bastard.
    Yea he could be moron and really belive that, but here the quetions:

    Does anything get installed HW or SW that he doesnt approve? no=bastard, yes=moron.

    Are all of the schools servers running windows? yes=probably moron.

    Is he pissed about the servers running windows?
    yes=he's OK, no=deffinately moron.

    There's really only two ways to go, he's either protecting his territory, making sure no one encroaches, or he's a moron.
  • I grew up in a world where we had Linux/Unix before Windows. I would recommend a Mandrake install with High/Paranoid security setting. To me this is much tighter than the old Win95/98 do nothing password. I would set the systems up stand alone in a local subnet perhaps using IP Forwarding such as the Cable Modem HOWTO for a home network. Then either get a static IP from your IT folks for a WIN computer or run a DHCP client on the single node that connects through to your University LAN. (i.e. to make it easier for your IT people... have only ONE node tied to the IT network, and manage your subnetwork in your classroom yourself). My opinion of any WIN only sys admin type is VERY LOW. This would be the difference between an auto mechanic (Linux Sys admin), and the guy who does oil changes only at QuickLube (WIN sys admin). All fear of Linux is based on ignorance. It is truly a superior and more elegent solution and a MUCH better way to teach students how computers actually work, than the Win XX platform. I'm reminded of an Isacc Asimov story (I believe) where the main character actually read books and learn, and was an outcast because he didn't conform to the pre-programmed training syllabus of computer learning machines in use in his future world. Turns out this individual was recruited to the secret cadre' of people who wrote the computer learning packages at the end of the story. A Linux user can live in a Windows world and be successful, however a Windows user cannot do the same. -- Regards Ross
    • Ive been trying that for 2 weeks now. Not that our netadmin wont let me hook up a Linux box, just that the hub in our location is all taken up!

      Hows this Win machine supposed to route packets? Win 9.x doesnt do that, I dont know about ME or XP.

      Assumming he has a NT Workstation: how to find a subnet range that wouldnt conflict with the rest of the campus? How to tell other routers about the new subnet without the netadmins consent? And he would need at least Windows NT *Server* 4.0 to do DHCP relay to the small net.

      Unless you know something I dont, in which case Id be more than happy to learn! ;)
      • Hows this Win machine supposed to route packets? Win 9.x doesnt do that, I dont know about ME or XP.

        Beginning with Win98SE, there is an "Internet connection sharing" component available in Windows that is a crude version of a routed/NAT protocol.

        Assumming he has a NT Workstation: how to find a subnet range that wouldnt conflict with the rest of the campus?
        Assuming this network is a typical university network, all the machines probably use public IP addresses. Pick a subnet from those allocated for private networks (e.g. 192.168.*.*) and use NAT on the gateway.

        How to tell other routers about the new subnet without the netadmins consent?

        With NAT, all your admin will see is a single IP address ... that of the gateway box. The address translation will be done in that one machine.

        This is basic TCP/IP networking.
        • This is basic TCP/IP networking.

          OK. Im not a network engineer, rather a do-it-yoursefer. Not that the netadmin wouldnt help me, hes fine, just that he is absurdly overloaded and I dont think its nice to ask him to spend any of his time so as I can browse in my Linux notebook because my NT machine swaps too much.

          We have more than 30 LANs, all in a private address scheme. But now that you mention NAT, that shouldnt be a problem... Ill check tomorrow if the service is running.

          But I just came accross this:

          "IP addresses are not permitted to have the value 0 or -1 for any of the , , or fields (except in the special cases listed above [relating to broadcast or network addresses]). This implies that each of these fields will be at least two bits long." [RFC 1716, Almquist & Kastenholz, p.45]

          In one of my early attempts I tried to sub-subnet and used 255.255.255.64 as a subnet mask. The NT machine didnt complain (no surprise) so I left it that way but I dindt pay much attention to the output of ifup in the notebook. That may be part of the problem.

  • Reasons (Score:4, Funny)

    by uslinux.net (152591) on Wednesday December 19, 2001 @04:04PM (#2727965) Homepage
    My old employer used to be the same way. They didn't want non-NT systems on their network because those systems allowed "too much control and access of the network and its resources". Essentially, they were afraid Linux was too powerful, and that users might be able to compromise an NT system by using a Linux system. Yes, as bizarre as it sounds, that was their reasoning. I suppose it was more than NT, as insecure, bug ridden, and exploit prone as it is was at least a known quantity - something they could patch the hell out of and continue on their way.


    It's funny, you'd like gov't defense contractors dealing with classified information would WANT a more secure OS...

    • My school told me the *exact* same thing when I asked about running Linux on my *personal* laptop. They said they had no way to stop me runing it at school, but if they caught me connecting it to the network that I would lose my network privileges. I asked why, and they said that they have "found that the only reason people want to use Linux on the network it to try to break in." It's a case of once-bitten, forever shy until the last syllable of recorded time.
  • On the university where i study all students got access to a number of unix systems (SunOS not Linux) and what happend was a huge number of hack attacks from those machines. Simply because students downloaded DoS and other 'hacker' tools.

    Also they installed things like eggdrop that drew attention from people on IRC. Because of all this miss-use these servers are now limited to internal university traffic.

    In practise the network admin will be better of with some windows boxes that get their states restored after each reboot from an image. Give students anything more powerful and they can do a lot more damage.
  • .. will always be with us. Let's just accept
    them as such, and be sure to inform their bosses
    that they are such, since otherwise they will
    harm many other people. One day they may change.
  • Some old PC's, a old hub, and some wires.

    This way you can do anything you need to do, but, it won't affect the network at school.

    He'll either come to understand, and let you play with the rest of the network, or he won't.

    You win either way.
  • Hello ? I am assuming that this admin thinks that his Microsoft based computers are less vulnerable to viruses and dos attacks ?

    For one thing, because of the popularity of windows, windows bases systems are a prime platform for virus writers.

    Windows products such as Outlook, Word and Excel have been a nightmare security wise - have we forgotten about the love bug & melissa ?

    The biggest factor of all is the user who allows these malicous programs to run on their systems. Keep in mind that windows was designed for the less-sophisticated end user.
  • IMHO, one of the most dangerous myths out there is people thinking Linuxen as "install-and-forget" -type of solutions to eg. Windows securityholes. Linux installation, as any other operating system, needs constant administration and security auditting. With new serious holes like the recent one in wuftpd, this gets more and more meaning. This does not imply Linux being a 'hacker' OS, but it's security being as low as it's administrators recklessness.
  • Say they'll be dual boot or some similar hooey to get the ip's and whatever else you may need to connect these computers. If you get yelled at later, say you couldn't get the windows partition to work well, so you deleted it.
  • by Webmoth (75878) on Wednesday December 19, 2001 @06:49PM (#2729075) Homepage
    Myth: Linux is a "hacker's OS"
    Rebuttal: There are more well-known, well-*cough*-exploited security holes in *cough* Microsoft Windows *cough* than in any *nix. This makes it appear that *cough* hackers *cough* no, crackers, *cough* are more interested in cracking *cough* Microsoft Windows *cough* than Linux. (Please excuse my *cough* hacking, I have junk in my *cough* throat.)

    Myth: Linux is hard to set up.
    Rebuttal: No harder than setting up multiple simultaneous users and desktops under Windows 95.

    Myth: Linux has no support.
    Rebuttal: On the contrary, my Linux server is sitting on a concrete block as we speak. I set my Win2K server on the edge of my beanbag chair and it crashed immediately. On to the floor, I mean.

    Myth: Linux is not ready for the desktop.
    Rebuttal: In my new office, I will have a Linux box sitting on the floor on each side of me. A large sheet of plywood will lay across the tower cases, on which I will set my monitor and keyboard.

    Myth: Linux is hard to use.
    Rebuttal: Bicycles are hard to use, too, if you've never ridden one before. Windows probably was the first time you used it. It's just a matter of having patience, learning, trying, experimenting, and falling over a few times, getting up, dusting off, a couple of stiches here and there, you'll be good as new. And you'll have learned something.

    Myth: I don't have time to learn Linux.
    Rebuttal: You have time to wait for your Winows box to restart 10 times a day.

    Myth: Most Linux advocates are zealots.
    Rebuttal: All. (Just kidding)

    Myth: The command shell is obsolete.
    Rebuttal: The command shell is ugly. It's also extremely useful when you screw up your window manager or need to administer the system remotely. vi from the command line, you can change the configuration very much more efficiently than from a pretty window. You've also got access to every configuration parameter this way. Nothing beats the command shell for a quick connection to your mailserver to check your mail when you don't have time to wait for Outlook Express to open, download all your messages, render and display the HTML, ad nauseum.

    Myth: Linux is hard to configure.
    Rebuttal: Learn how to use a vi. In Linux, every option can be changed with a text editor. In Windows, you might get lucky in the Registry Editor -- if the option is there, if it's documented, etc.
  • ...I was told by the network administrator that the linux machines were not to be connected to the network for fear of viri, DoS attacks, and so on.

    There are over 15,000 viruses documented that are active in the Windows environment. I am only aware of two that can infect a Linux box, and the damage they can do is minimal if users aren't permitted to install executables in their $HOME directories. Linux boxen ARE popular targets for crackers because they have a fully implemented IP stack that allows forging packet headers for DoS attacks against other computers, but a little thought given to the job of locking the box down can prevent that. Of course, this particular "advantage" to cracking Linux boxes is going to disappear as the home version of Windows XP becomes more common, since Windows boxen are MUCH easier targets than ANY flavor of n*x is. As for the "and so one," all I can say is "etc."

    Why do people fear Linux?

    Because it's easier to say "No" than it is to learn something new.

    It seems to me that people are misinformed that Linux is only a 'hackers' OS.

    But, but, but ... this is true. Linux users eventually become hackers ... however, they almost always become white-hat hackers.

    How can we change this?

    Hit 'em with a clue-by-four? I don't know the answer to this ...

    This is only one of the common Linux "myths", and there are several more where these came from. Is there a central clearing house of such myths and intelligent efforts at debunking them somewhere online?
    Although the comments are really aimed at the embedded OS space, a lot of what was said in the responses by Lineo and LynuxWorks to Microsoft's white paper on the subject of Windows XP Embedded also applies to the desktop.

    Here's a bright, although somewhat backwards way to subvert your admin's thinking process. Get a handful of PCs and install Linux on them, then connect them to the network through a Win2K box configured as a gateway. That way you can point out how the Win2K box is "protecting" (teeheeheehee) his network from those "renegade Linux boxen. I would submit to you that after about six months go by without ONE of the Linux boxes being cracked, he/she might have to develop a sudden appetite for crow.
  • Hit them with this idea. Get them to install your own line to the internet. If they say the costs are too prohivitive then tell them to allow you to get network access. They probably have an extra t1 around anyways.. they could probably just drop you a line to the linux lab.. and have you be the network admin for the linux lab.

    I would also suggest making a gateway server or requesting them to give you a router to lock down offending ports. (good for shutting down port 80 during lectures)

    DRACO-
  • My school got some used computers, and wanted me to setup them up with with windows for 2 labs. One lab needed it, because some of the computers already there had linux, but for the other lab, I got to use Linux.
    Basically, I convinced the admin. by setting up Redhat and KDE, and showing it to him. First words out of his mouth where "That looks like a mac!" I said how would you like to save 250$ a computer on licenses? How would you like Word for free? How would you like almost everything for free? So, he let me set it up.
    My lab is now running with 30 p1 200's with 32 megs of Ram, running Redhat 7.1 XFS +IceWM +netscape. They just use them for webbrowsing, which is a shame, BUT, hopefully by next year, they can see the beauty of it, and let me install KDE or Gnome and Openoffice or Applixware.
    I made it impossible for them to turn them off without logging in as root, and impossible to logout of X, or just about anything. I can't waite to see if any get hacked.

  • The New Linux Myth Dispeller [eruditum.org]

    BTW: Google [google.com] is your friend...

Information is the inverse of entropy.

Working...