In a recent article, UNIX Security: Don’t Believe the Truth, Thom Holwerda attempts to take to task Unix security and falls flat on his face. He argues that a limited user rights environment gives people a false sense of security because their personal files might be at risk during a virus outbreak.

A hypothetical virus or other malware on a UNIX-like system can only, when it is activated by a normal user, wreak havoc inside that user’s /home directory (or whatever other files the user might have access rights to). Say it deletes all those files. That sucks, but: UNIX rocks, the system keeps on running, the server-oriented security has done its work, no system files were affected, uptime is not affected. Great, halleluja, triumph for UNIX.

Yes, triumph for Unix but he continues:

This is the false sense of security I am talking about. UNIX might be more secure than Windows, but that only goes for the system itself. The actual content that matters to normal people is not a single bit safer on any UNIX-like system than it is on any Windows system. In the end, the result of a devastating virus or other malware program can be just as devastating on a UNIX-like system as it can be on a Windows system– without the creator having to circumvent any extra (UNIX-specific) security measures.

Hello? Thom? It is called performing regular backups of personal documents just like you should be doing on any other OS. Let me spell it out to you, real slow like, ok? I run Ubuntu at home on my laptops and on two servers. I also have a disaster recovery plan in place for all those machines. What is that you say? Yes, Thom, I perform daily backups of all the important files and directories (/var/www, /etc/apache2, /home–these are incremental). Why you ask? Gee, Thom, to be covered in case of a disaster like the one you’re writing about. How about on the job? Well, that is a pure Windows environment and we do the same thing for exactly the same reason.

The argument about users having a false sense of security is weak. Backups should be part of the daily maintenance of any computer, sort of like oil changes and tire rotations on a car. It is easy to set up a cron job to take care of it in Linux/Unix and if my 70 year old mom can do it why can’t anyone else? At the end of the day nothing is infallible and your sense of security should be grounded in reality. If it is your job to take care of things than you have no one to blame if you screw it up.

Anyway, keep up the good work, Thom, it’ll keep my side business hopping having more users like you out there.

This entry was posted on Monday, February 6th, 2006 at 4:18 pm and is filed under Linux. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.