From owner-freebsd-questions Thu Nov 16 23:49:13 2000 Delivered-To: freebsd-questions@freebsd.org Received: from guru.mired.org (okc-65-26-235-186.mmcable.com [65.26.235.186]) by hub.freebsd.org (Postfix) with SMTP id 07C8E37B479 for ; Thu, 16 Nov 2000 23:49:05 -0800 (PST) Received: (qmail 83032 invoked by uid 100); 17 Nov 2000 07:49:04 -0000 From: Mike Meyer MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <14868.58096.325144.572555@guru.mired.org> Date: Fri, 17 Nov 2000 01:49:04 -0600 (CST) To: Tim McMillen Cc: questions@freebsd.org Subject: Unix and ease of use (Was: Help: Is Sendmail secure?) In-Reply-To: <94146138@toto.iv> X-Mailer: VM 6.75 under 21.1 (patch 10) "Capitol Reef" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Tim McMillen types: > > Is there a tool for configuring sendmail.conf (and whatever else is invol= > ved) > > that would guide a newbie towards having a secure installation, or a lint= > - -like > > checker that will warn of vulnerabilities? I want to see FreeBSD (and Lin= > ux) > > become as popular and widespread as Windows. Whenever I see a phrase like= > "If > > you are a newbie, maybe xxx could be a problem for you" I cringe. Sure > > it's fun being proficient at something as thorny as UNIX, but if we defen= > d it > > on those terms we will not win wide aceptance. > int rant() > { > As much as I would like to see anything other than Windows become popular > and widespread for the masses (just think how much more productive the > world would be if the computers everybody used didn't crash several times > a day like MS products), maybe UNIX should not be run as a desktop OS by > the masses. Your average Joe down the street that only knows how to turn > the computer on and does not care about how it works has neither the > ability nor cares to understand the security implications of running a > unix box. When Redhat has its 80th root exploit of the year does Joe know > how to or care to patch it? I hate to tell you this, but your typical Windows desktop is *much* less secure than a Unix box - no matter which SMTP daemon it's running. And the Windows box doesn't even have an SMTP daemon. Yes, joe user probably can't configure sendmail. Windows solved this by not putting an SMTP system on the desktop. You can use the same solution. I haven't looked through the security levels that FreeBSD lets you isntall, but there should be one that's "don't run any servers". That would solve all your security worries, wouldn't it? And the system would *still* be more useful than a Windows box. > Unix isn't easy--it wasn't designed to be. It was designed by > people that knew how to write compilers in 5 different types of > programming languages. So I'm the opposite: I tend to cringe when people > talk about unix being easy to use. It was desinged to be powerful and > efficient, not easy. Maybe in 5 years enough shell will be built around > the unix core that it will protect the user from themselves. Maybe > MacOSx has already done that. Windows was designed to be easy to use - and isn't. Windows claims to be "friendly", but it's only friendly if you only want to do what it is willing to let you. I think "idiot-proofed" is a better term than "user-friendly". I'd consider unix - which gladly gives you enough rope to do whatever you want, including hang yourself - friendlier. The trick is realizing that Windows isn't any easier or friendlier than Unix; it's simply that MS has leveraged their near-monopoly to simplify things and get everyone else in the world to do Windows support and training for them. > But lets be honest. We recompile our kernels to include sound > support, patch source code to get programs installed, and the entire > thing can be destroyed with a mistyped rm -r / hello. The base system > has enough functionality to run the entire internet. Any time you have > that much functionality it will never be easy Actually, 4.2 should work with most supported sound cards out of the box, as pcm has been added to generic (and you're welcome). I don't know about you, but I seldom patch source code to install programs. Yeah, the ports system patches code for me - but so what? Is that really worse than replacing system libraries to make sure an application is going to work? That's what you get with Windows installs. Finally, typos are only dangerous as root. A couple of quick mouse clicks can be just as deadly on Windows - and aren't we always being told how much *easier* those mouse clicks are? So it's easier to destroy your machine - and there's no limited capability mode available to help limit the damage! > So while the FreeBSD team (and the Linux camp) has done a > tremendous job building an OS, I think it may simply be too powerful to > let it out to the masses. Apple doesn't agree with you. It's going to be interesting to see if they figure out how to keep people from using that power to shoot themselves in the foot, while at the same time letting people use it to blow holes in whatever problems they have. > I included it as a codeblock to indicate it should be taken with a > grain of salt, of course. It is a common argument. I think it's false, whether or not you salt it.