... but with the security built from the ground up with security in mind, you
have to actually make some pretty serious changes to the security of your
standard* Linux computer before it becomes reasonably friendly to
Let's say you want to set up a Linux Computer to "operate like
Microsoft" from the perspective of downloading and installing software without
requiring knowledge of the administrative aspects of the computer. But... at
the same time you want to maintain the hightened security sacrificing as little
of it as possible.
You could do that.... setting it up so a person could
just click on an .exe and run it as themselves.
1: Install WINE
Map the WINE drives to reflect the normal structure of the Linux OS - but not to
3: Grant usage of WINE to the user
the extension recognition to automatically run WINE when the user clicks on an
That's a pretty easy setup to put in place. It doesn't take much
knowledge at all and one doesn't have to put much effort into hacking around the
core Unix/Linux security.
Voila! What's the worst that could
A: The user becomes a spam bot that is running - but only when the
user is logged into Linux
B: The virus trashes the users home
What's most likely to happen?
The virus thinks it's on a
windows machine - it is running within WINE after all with the similar C: D:
As a result, it modifies the system files in "windows"
rather then the system files in "linux".... or more appropriately, it attempts
After the user has "viewed" the results of the virus, the virus
gets shut down and doesn't restart until the next time the user explicitly runs
You've still got all the rest of the underlying security protecting the
system... including the halting of the user processes - back-end or otherwise -
when the user logs out.
So you're absolutely right - a user can download
and run malicious software.
But unless you take some serious efforts to
decrease the security in Unix/Linux - it's a really hostile environment to
* Obviously someone with enough security knowledge can hack
around all the defaults of the standard Unix/Linux installation and make a
Windows-like Linux box. They could even set it up so it automatically logs in
as Root for the unwitting user.
Caveat: the discussion is around the
"operator error" aspect - which means the user is unwittingly executing
malicious code. Such a user doesn't have a good understanding of security or
system administration and would not be in the position of making the appropriate
de-security modifications themselves.
[ Reply to This | Parent | # ]