Correcting Common Linux Misconceptions? 44
abolishPenguinPhobia asks: "I am a teacher at a comm. college and
was looking to install Linux on a couple machines for students to
use. I figured since the students have to learn *nix anyway they
might as well have access to some Linux machines. Anyhoo...I was
told by the network administrator that the linux machines were not to
be connected to the network for fear of viri, DoS attacks, and so on.
My question for the /. community: Why do people fear Linux? It
seems to me that people are misinformed that Linux is only a
'hackers' OS. How can we change this?" This is only one of the
common Linux "myths", and there are several more where these came from.
Is there a central clearing house of such myths and intelligent
efforts at debunking them somewhere online?
Re:FOr EXample (Score:1)
It's not entirely uncorrect (Score:1)
Re:It's not entirely uncorrect (Score:1)
Maybe he read a very informative article (Score:1, Offtopic)
BSD, Lunix, Debian and Mandrake are all versions of an illegal hacker operation system, invented by a Soviet computer hacker named Linyos Torovoltos, before the Russians lost the Cold War. It is based on a program called "xenix", which was written by Microsoft for the US government. These programs are used by hackers to break into other people's computer systems to steal credit card numbers. They may also be used to break into people's stereos to steal their music, using the "mp3" program. Torovoltos is a notorious hacker, responsible for writing many hacker programs, such as "telnet", which is used by hackers to connect to machines on the internet without using a telephone.
Re:Maybe he read a very informative article (Score:1)
Re:Maybe he read a very informative article (Score:1)
For their own protection... (Score:2, Funny)
It's nice of him to try to keep the Linux boxes safe - but he shouldn't worry. They're strong enough to surive even in such a dangerous environment.
Reasoning? (Score:4, Insightful)
I know my company often denies requests like this not out of fear of something, but of fear of _another_ something.
Re:Reasoning? (Score:1)
Computers (or anything else connected to a network) should be actively maintained by someone who knows what they are doing.
Of course the network admins would not want more port scanning eating at the bandwidth (or anything making their lives more difficult than it has to be).
Some orgs have a policy of disconnecting misbehaving computers and charging (interdepartmentally) for reconnection (AKA lart).
Re:Reasoning? (Score:1)
Security will not be better when every PCs are the same and use the same software, system administration will be easier.
Re:Reasoning? (Score:2)
Security isn't necessarily going to be worse when you add a mix of systems. Security may get better, if you add a more secure box in place of a less secure one - and you have the resources to administer all the types of systems you have.
However, because it's harder to administer, there's good odds it will be less secure in the end.
Misconceptions? Here's my take: (Score:1)
With Linux, it's a bit scarier. Not so much with the kernel as with desktop environments and applications. With WordPerfect for Linux, I felt like I was just being used as a pawn by Corel to get a foothold in a new market, and the quality of the software was secondary. Miguel, of Gnome fame, often sounds an overly idealistic college student. It makes me stop and think "Should I really be letting this guy determine the direction of the software my company uses?" Sure, you can pick and choose different products, but with Windows you don't have to. If you go with Windows 2000 or XP and Microsoft Office (or just Word) then you don't have to worry about making the wrong choice. There's often too much personal agenda behind open source software for Linux.
"Life simply cannot exist in the solar system" - Dan Quayle
Re:Misconceptions? Here's my take: (Score:2, Interesting)
I can even go find Star Office (from Sun), or KOffice (from KDE), or Gnome Office (from Gnome) for free.
And being a System Administrator for many years, I know how to secure a system, either a Linux/Unix system or a Windows system. Unfortunately neither Microsoft nor most of the Linux distributions (until recently) came very secure. Both have gotten a little better with recent releases. Unfortunately, it takes several years to get the older machine out of the loop. Given the fact that you can go to CompUSA or Best Buy or many other stores and get a new Linux distribution for under fifty dollars while a Microsoft OS will cost several hundred dollars, more folks are likely to upgrade their linux distributions. This doesn't totally fix security problems, but it does help get rid of some of the issues.
While there may be personal agenda behind some open source software, there is a much worse agenda (IMO) behind Microsoft. Have you tried to find a competitive office suite recently? What has happened to web browsers? Where are the email programs that used to be out there? What about development tools? It is beginning to be like a song I remember from way back when "I owe my soul to the company store".
Someone from Mircosoft once called Linux a virus, it seems to me that Microsoft is more of a virus as it is killing off everything else. At least with Linux you have choices. They may not all be good and they may not have all the features, but there is usually a choice.
Expensive = important, cheap = insecure: (Score:1)
Somewhat true, but still is a myth (Score:1)
Re:Somewhat true, but still is a myth (Score:2, Interesting)
While the standard permissions set on Linux/Unix isn't as rich as the ACLs on some other OSes, the capabilities are much more versatile. For instance, most Unix systems have rsh (restricted shell) that will completely lock down the programs to which the user has access. With rsh as their shell, they can't even execute a command if they know the full path to it.
On most Unix systems, services can be locked down with limited access. On all Unix systems, services can easily be turned off. With no services running, you don't have to worry about being attacked nearly as much as you have no doors or windows (no pun intended).
Watch your $PATH (Score:1)
"With rsh as their shell, they can't even execute a command if they know the full path to it."
My community college set rksh to run with a path of /rbin, which gave access to random things like hostname, passwd, write, ls, and pine, but they didn't alter .login, so the final path ended up being /rbin:/home/$USER/bin, with the latter being user-writable. They used Win95 PCs to mimic the real world, so I used vim and the Explorer to write a shell script and set proper permissions on it; thanks to the magic #!, it ran the script unrestricted.
That exploit is still open. Too bad their policy wouldn't let people report holes without getting in trouble.
Linux Anywhere (Score:1)
Either he's a Bastard or a moron. (Score:1, Funny)
Yea he could be moron and really belive that, but here the quetions:
Does anything get installed HW or SW that he doesnt approve? no=bastard, yes=moron.
Are all of the schools servers running windows? yes=probably moron.
Is he pissed about the servers running windows?
yes=he's OK, no=deffinately moron.
There's really only two ways to go, he's either protecting his territory, making sure no one encroaches, or he's a moron.
Ask Forgiveness, not Permission (Score:1)
Might not be that easy. (Score:2)
Hows this Win machine supposed to route packets? Win 9.x doesnt do that, I dont know about ME or XP.
Assumming he has a NT Workstation: how to find a subnet range that wouldnt conflict with the rest of the campus? How to tell other routers about the new subnet without the netadmins consent? And he would need at least Windows NT *Server* 4.0 to do DHCP relay to the small net.
Unless you know something I dont, in which case Id be more than happy to learn!
Re:Might not be that easy. (Score:2)
Beginning with Win98SE, there is an "Internet connection sharing" component available in Windows that is a crude version of a routed/NAT protocol.
Assumming he has a NT Workstation: how to find a subnet range that wouldnt conflict with the rest of the campus?
Assuming this network is a typical university network, all the machines probably use public IP addresses. Pick a subnet from those allocated for private networks (e.g. 192.168.*.*) and use NAT on the gateway.
How to tell other routers about the new subnet without the netadmins consent?
With NAT, all your admin will see is a single IP address
This is basic TCP/IP networking.
Re:Might not be that easy. (Score:2)
This is basic TCP/IP networking.
OK. Im not a network engineer, rather a do-it-yoursefer. Not that the netadmin wouldnt help me, hes fine, just that he is absurdly overloaded and I dont think its nice to ask him to spend any of his time so as I can browse in my Linux notebook because my NT machine swaps too much.
We have more than 30 LANs, all in a private address scheme. But now that you mention NAT, that shouldnt be a problem... Ill check tomorrow if the service is running.
But I just came accross this:
"IP addresses are not permitted to have the value 0 or -1 for any of the , , or fields (except in the special cases listed above [relating to broadcast or network addresses]). This implies that each of these fields will be at least two bits long." [RFC 1716, Almquist & Kastenholz, p.45]In one of my early attempts I tried to sub-subnet and used 255.255.255.64 as a subnet mask. The NT machine didnt complain (no surprise) so I left it that way but I dindt pay much attention to the output of ifup in the notebook. That may be part of the problem.
Reasons (Score:4, Funny)
It's funny, you'd like gov't defense contractors dealing with classified information would WANT a more secure OS...
Re:Reasons (Score:1)
Fear of student unix systems is not unrealistic (Score:1)
Also they installed things like eggdrop that drew attention from people on IRC. Because of all this miss-use these servers are now limited to internal university traffic.
In practise the network admin will be better of with some windows boxes that get their states restored after each reboot from an image. Give students anything more powerful and they can do a lot more damage.
liars and scoundrels and idiots... (Score:1)
them as such, and be sure to inform their bosses
that they are such, since otherwise they will
harm many other people. One day they may change.
Have you thought about a seperate network? (Score:1, Interesting)
This way you can do anything you need to do, but, it won't affect the network at school.
He'll either come to understand, and let you play with the rest of the network, or he won't.
You win either way.
Fear of Viri and Dos Attacks ? Please! (Score:1)
For one thing, because of the popularity of windows, windows bases systems are a prime platform for virus writers.
Windows products such as Outlook, Word and Excel have been a nightmare security wise - have we forgotten about the love bug & melissa ?
The biggest factor of all is the user who allows these malicous programs to run on their systems. Keep in mind that windows was designed for the less-sophisticated end user.
Install and forget (Score:1)
Re: (Score:1)
Common Linux Misconceptions: (Score:4, Interesting)
Rebuttal: There are more well-known, well-*cough*-exploited security holes in *cough* Microsoft Windows *cough* than in any *nix. This makes it appear that *cough* hackers *cough* no, crackers, *cough* are more interested in cracking *cough* Microsoft Windows *cough* than Linux. (Please excuse my *cough* hacking, I have junk in my *cough* throat.)
Myth: Linux is hard to set up.
Rebuttal: No harder than setting up multiple simultaneous users and desktops under Windows 95.
Myth: Linux has no support.
Rebuttal: On the contrary, my Linux server is sitting on a concrete block as we speak. I set my Win2K server on the edge of my beanbag chair and it crashed immediately. On to the floor, I mean.
Myth: Linux is not ready for the desktop.
Rebuttal: In my new office, I will have a Linux box sitting on the floor on each side of me. A large sheet of plywood will lay across the tower cases, on which I will set my monitor and keyboard.
Myth: Linux is hard to use.
Rebuttal: Bicycles are hard to use, too, if you've never ridden one before. Windows probably was the first time you used it. It's just a matter of having patience, learning, trying, experimenting, and falling over a few times, getting up, dusting off, a couple of stiches here and there, you'll be good as new. And you'll have learned something.
Myth: I don't have time to learn Linux.
Rebuttal: You have time to wait for your Winows box to restart 10 times a day.
Myth: Most Linux advocates are zealots.
Rebuttal: All. (Just kidding)
Myth: The command shell is obsolete.
Rebuttal: The command shell is ugly. It's also extremely useful when you screw up your window manager or need to administer the system remotely. vi from the command line, you can change the configuration very much more efficiently than from a pretty window. You've also got access to every configuration parameter this way. Nothing beats the command shell for a quick connection to your mailserver to check your mail when you don't have time to wait for Outlook Express to open, download all your messages, render and display the HTML, ad nauseum.
Myth: Linux is hard to configure.
Rebuttal: Learn how to use a vi. In Linux, every option can be changed with a text editor. In Windows, you might get lucky in the Registry Editor -- if the option is there, if it's documented, etc.
Responding to the ignorant (Score:2)
There are over 15,000 viruses documented that are active in the Windows environment. I am only aware of two that can infect a Linux box, and the damage they can do is minimal if users aren't permitted to install executables in their $HOME directories. Linux boxen ARE popular targets for crackers because they have a fully implemented IP stack that allows forging packet headers for DoS attacks against other computers, but a little thought given to the job of locking the box down can prevent that. Of course, this particular "advantage" to cracking Linux boxes is going to disappear as the home version of Windows XP becomes more common, since Windows boxen are MUCH easier targets than ANY flavor of n*x is. As for the "and so one," all I can say is "etc."
Why do people fear Linux?
Because it's easier to say "No" than it is to learn something new.
It seems to me that people are misinformed that Linux is only a 'hackers' OS.
But, but, but
How can we change this?
Hit 'em with a clue-by-four? I don't know the answer to this
This is only one of the common Linux "myths", and there are several more where these came from. Is there a central clearing house of such myths and intelligent efforts at debunking them somewhere online?
Although the comments are really aimed at the embedded OS space, a lot of what was said in the responses by Lineo and LynuxWorks to Microsoft's white paper on the subject of Windows XP Embedded also applies to the desktop.
Here's a bright, although somewhat backwards way to subvert your admin's thinking process. Get a handful of PCs and install Linux on them, then connect them to the network through a Win2K box configured as a gateway. That way you can point out how the Win2K box is "protecting" (teeheeheehee) his network from those "renegade Linux boxen. I would submit to you that after about six months go by without ONE of the Linux boxes being cracked, he/she might have to develop a sudden appetite for crow.
Here's a suggestion (Score:1)
I would also suggest making a gateway server or requesting them to give you a router to lock down offending ports. (good for shutting down port 80 during lectures)
DRACO-
My lab... (Score:1)
Basically, I convinced the admin. by setting up Redhat and KDE, and showing it to him. First words out of his mouth where "That looks like a mac!" I said how would you like to save 250$ a computer on licenses? How would you like Word for free? How would you like almost everything for free? So, he let me set it up.
My lab is now running with 30 p1 200's with 32 megs of Ram, running Redhat 7.1 XFS +IceWM +netscape. They just use them for webbrowsing, which is a shame, BUT, hopefully by next year, they can see the beauty of it, and let me install KDE or Gnome and Openoffice or Applixware.
I made it impossible for them to turn them off without logging in as root, and impossible to logout of X, or just about anything. I can't waite to see if any get hacked.
...some compiled information (Score:1)
The New Linux Myth Dispeller [eruditum.org]
BTW: Google [google.com] is your friend...