Encouraging people to educate themselves about these issues is a no brainer. I’m betting everybody posting here is pretty much self educated about these issues.

At some point someone exposed you to the concept of security in IT environments and you decided to find out more. People should be encouraged to tackle security head on and not avoid it.

If we all lived in bubbles we’d never develop healthy immune systems to protect us. Unfortunately bubbles tend to burst. Risk is all a part of the game. People need to learn how to weigh up the risks. That way we all benefit. Linux users, Windows users, Mac users and UNIX users. We’re all in it together.

Oh yes it does, its just less justifiable. It is that casual trust that has made propagation so much easier. Perhaps it could be better explained as unknowing, or unbelieving, but it is ultimately trust.

Otherwise, good job. Since I usually end any discussion of malware avoidance with noting that the best avoidance to be had–short of unplugging–is an OS OS like Ubuntu, I always tell prospective users that staying within the main repositories is the best way to avoid issues. And that should be the mantra whenever one promotes any Linux distro to the uninitiated as a more secure OS.

In the Linux world we try to prevent infection rather than simply cure it. Security to Linux is an integral part of the development strategy. Not a bolt on extra.

@LinuxCanuck: Repositories are indeed maintained. So well maintained the Debian project recently accidentally introduced a critical flaw to some code vital for security. Even if people don’t have any malicious intent we need to know they can be trusted before we sign up to their repo.

We also have to remember anybody can create a repository. All people with malicious intent need to do is setup a bogus FOSS project and start getting people to add the repo to their sources list for automatic updates. Once you have a decent user base you introduce the rouge code and trigger it before anybody notices it’s there.

Many Linux users would be caught with their pants down with such a scheme. It’s not difficult to con your way past peoples defences. The social engineering Christopher Tozzi talks about used to be known as blagging.

Another example is if you are just learning how to mess with your machine and want to fix things on your own. You will hit up the forums or google, the site you come upon could be some a*hole that included in his step by step instructions on lets say point #7 in the middle of the tutorial puts something like . #7. In the terminal type “sudo rm -rf /” or “sudo rm -rf ~” just to be a prick. Just because right now its not happening (as often) does not mean when Linux has 80% market share, it won’t. There will be a lot more reasons to do it, and a lot more idiots (or regular Joes) to try it out. The biggest cure is to not let my cousin administer her own system and tell her to call me when she needs a new app or something, ssh into her machine from home or the G1 and “sudo apt-get install”.

These users will not switch to Linux because it is not point and click so much. Still a lot of the fixes are CLI driven. This will keep most dumb users away form Linux any way.

In life there are 3 types of people. Those that drive a manual. Those that drive an automatic. Those that drive an automatic, but know how to drive a manual but are lazy. Of these 3, only 2 would be considered good computer users. The 1, no matter what system they are on, they will be stupid and not really know how anything works, because they enjoy the bliss to much.

Secondly, it is a crock. Unlike in the Windows world, repositories are maintained. Package maintainers are carefully screened and they must be invited to do the job. It is quite a privilege, as it is an exclusive group.

Thirdly, the behaviour that you are fearful of is strictly Windows behaviour and does not apply to Linux users. Most Linux users do not install DEBs or RPMs willy nilly from the internet. Most users, rely on only the repositories and sites such as GETDEB.net which again are maintained. Any linux user who deviates from this practice is more likely to break their package manager than invite disaster from malware and other Windows problems.

This column underscores the difference between Linux users and also shows the danger in trying to apply the habits of one group of user to another. Your argument is based on the false premise that Linux users have Windows habits. They don’t.

What I have thought about is the source of that software. Where did it come from? Which company is behind it? Who’s backing it? Have I heard of it before? Asking these questions helps me determine it’s trustworthyness. Not the price tag.

Social engineering is more of a problem on the web rather than a specific OS or platform. It’s something that technology can’t really protect us from. It’s something that we as users must be aware of and try to avoid. As the old saying goes “if it’s too good to be true, it probably is”.

So don’t open e-mails from Nigerian business men trying to shift their lottery winnings out of the country. And if you win any competitions you should never need to stump up a fee to collect your prize. Your bank will also never ever ask for your full account or even partial details via e-mail.

Quote:
On Windows, I’m always cautious about installing free applications, because I know that in the Windows world, developers generally work for money. If they don’t make money by selling their software, they probably do it some other, potentially destructive way. I thus think twice before running an installer that I downloaded for free, and for which no source code is available.
End Quote

You are the first Windows user I’ve encountered that acts and thinks in this way
Generally Windows users have the tendency to install everything they find on the internet without checking what they are installing…think about cracks of software and games…Oh, and I don’t think Win free software developers are so that evil and money obsessed