Gordon Keehn wrote:
Dotan Cohen wrote:

I think that more people mould move away from WIndows if they read the notices on the microsoft website:
"The simple act of visiting an Internet site can be extremely damaging to the system"

from:
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/windows_security_whynot_admin.mspx

Important to note that the article quoted's purpose is to convince the user to create and use a standard account, and not the system's default Administrator account. What this means is that the system's default beaviour is to make the simple act of visiting an internet site extremely damaging to the system. Why on earth would people use such an OS?

 

   And how does this differ from the warnings against logging into Linux as ROOT?  The only difference that I see is in the fact that most malicious web content is (at the moment) directed at Windows.
   Cheers,
Gordon Keehn

The primary reason for not logging in as root unnecessarily is not due to malicious web activity, but for protection against our own typo's (rm -rf core *; for instance).   But I remember when most web attacks were against unix (before windows even existed).  If linux becomes the dominant OS on the web, we will become the dominant target again.  Much of the current security and safety in linux is because of the uucp and mail attacks agaist unix boxes in the late 70's and early 80's.

What really pisses me off about Microcsoft is that they use all sorts of el-neato web features to sell their system, then once someone buys it, they tell them they have to turn all that neat stuff off to secure their box.

No matter what the operating system, it is always bad to login as root unnecessarily.  I remember back in the early 70's my friends and I in high school all had super-user accounts on MIT's multics system because the administrator left a terminal logged in when he went to get coffee.
--
e. j. branagan
the MUSE
835 4th Ave. South
Nashville, TN  37210