MAR
11
2004

Savanna Says: KDE 3.2 - A Quick Review

Right on the heels of the KDE 3.2.1 release, Savanna is back with an article about her latest upgrade to the KDE 3.2 desktop. After being on 3.2 beta for several months, she wasn't expecting too much of this upgrade.

KDE 3.2 - A Quick Review

by Savanna

Last week, I finally took the time to upgrade to the fully released KDE 3.2
desktop system. I was a little nervous at first because, as many of the devs
online can tell you, I really don't know Linux that well. That means that if
something goes wrong, I usually freak out, go "Oh my God", and panic like
never before. Then they usually have to help me get through the crisis and it
always ends up being something fairly simple and stupid that I did myself.

Needless to say, however, I've been learning. So I took the big step myself
and, happily, I can say that it went off without a single problem. I'm
running KDE 3.2 on Debian - just so you know, and apt-get is a wonderful
tool.

Anyway, after being on the beta release of 3.2 for a few months, I wasn't
expecting much of an upgrade. But, of course, I was wrong.

Beta CVS heads are nice, but they have all sorts of minor quirky problems. At
least that's what it always seems like to me. You know the type: your memory
going off the charts at random moments, memory leaks making you restart your
desktop every few days (unless you know what you're doing and can shut down
the appropriate processes, but we're talking about me here), little programs
that don't work *quite* right all the time. You know - buggy things. I don't
mean Microsoft buggy, but quirky enough to make you realize that you're still
not on a full release.

Well, all that is gone. So far, I haven't seen a single application do
anything weird. In fact, it's been as stable as ever.

Okay, if you've never run or seen KDE, there are a few things to know:

1) It's stable.

This is my work computer. I write columns, essays, articles, etc... And this
is my computer on which I do all that work. I browse, email, organize, read,
write, spellcheck and even entertain myself with music all from this
computer. It doesn't crash or give me weird errors. I can leave it on all day
and night (and I do), and I know that nothing will be lost when I get back to
it.

2) It's convenient.

KDE is nice because it has all these integrated packages that work with it
seamlessly. For example, when I blog something and enter the text into the
browser window (Konqueror), I can spellcheck it right there in the writing
box. In fact, it even spellchecks for me while I type (live spellchecking).
No more copy/pasting posts in forums and blogs to see if you made a typo. It
will do it right there. It also has a nice little dictionary I use all the
time on the Kicker (the applications bar on your desktop), and lots of other
things which integrate so nicely that you never have to really maneuver
around one application to the next to get something done. It's like your
whole desktop is one big application that you use in various ways.

3) It's easy to use.

As I said, I don't know Linux very well at all. But I don't have to. I've
written about this last year in another column, but it bears repeating again.
And since KDE isn't only for Linux, it bears remembering as well. Just like
many of my friends don't know what the heck a .DAT file is for, I don't have
to know what all sorts of techy Linux files are for either. The reason is
that KDE is all I deal with when I'm on the computer, and that makes it easy
to use. Instead of cryptic command lines, I just have very nice icons
everywhere, and I can customize it any way I like. If the Kicker bar is too
long, I can make it shorter. If I want more desktop space, I can have it with
3 clicks of the mouse. I usually use about 10 virtual desktops on my system
so nothing is ever crowded at all - I always know just where everything is
and I don't have to figure out what goes where because I never run out of
real estate space.

4) It's got everything you need.

Unless you play lots of games, you just don't need Windows anymore. If you're
like me and you use your computer for
writing/browsing/emailing/organizing/listening to music, etc... then you've
got everything you want in KDE and more. And I don't mean really hard to
understand applications with no style at all, but friendly and nice looking
stuff. In fact, some of the applications I use are easier than the ones I use
on Windows (I have two machines, but I use my Windows one mostly for a few
games. If I didn't play games, I'd put KDE on that too without blinking).
100% of the applications I use in KDE are friendlier and easier to use than
Windows ones. They never crash and I can customize whatever they look like
without even downloading weird shareware which might, or might not, have a
virus or do something strange to a .DLL file and mess up my system for good.
I have no worries like that. In fact, I have so many options that I now think
of Windows as being very limited and clunky and (gasp) techy to use. That's
right. KDE is that friendly.

5) It's secure.

I just mentioned viruses, and I don't get them. Well actually, that's not
true: people send me viruses from their Outlook mail, and I giggle. I mean
it! I giggle. I don't even have a virus checker. Why? Because I don't have to
worry about it with KDE. They won't run on KDE so I don't even have to think
about it. No Norton subscriptions, no worries about strange .EXE files being
sent to you. To me, viruses are a thing of the past. I read about how others
get their hard drives trashed, and I smile. Beat that.

6) It's pretty.

KDE is pretty. Hands down, it's just beautiful. Actually it's gorgeous too.
I've got some nice set themes that come installed with the KDE default, and
they are all so amazingly nice that I have a hard time deciding which to
choose from. I've used Windows themes on my XP box, and it's such a pain in
the butt to customize and make it look nice. Not so with KDE. Every part of
the system looks like you can customize the look with different types of
widgets. You just go into the control panels and click around to suit your
taste and apply. That's it. It can even do desktop slide shows with fade-ins
and other things to make your desktop really come alive and to make it
unique. The icon sets that I have so far are some of the nicest and prettiest
things I've ever seen. And when I get bored of one set, I just choose another
and apply. Even my Kicker bar can have wallpaper (and it does). I'm glad KDE
is this pretty because it makes it look even more friendly, which is exactly
what I want.

7) It's fun.

You want AIM? ICQ? MSN Messenger? No problem. Kopete on KDE gives you access
to all that and more. It's got a beautiful user interface, awesome icon sets,
and it's all integrated into one window and in your Kicker dock panel. It
works flawlessly as far as I can see, and I love it. Chat to your heart's
content.

I also have a nice little weather updater on my Kicker bar with pretty icons
telling me the temperature and what the conditions are outside. Of course I
can look out the window but if I click on this, I get a nice little window
with more info.

I always have music playing with Juk. It's integrated with a small applet in
my Kicker as well (MediaControl) which lets me control everything from the
kicker, even when I'm not on the desktop where Juk is. I just love that. And
if you don't know what Juk is, you can read my review here.

I said that if you play a lot of games, then maybe KDE isn't for you, but I
wasn't exactly right on that score. KDE does have games included. And while
they aren't the latest shoot-em-up type of games, they are a heck of a lot
nicer than the windows games. You have tons of fun ones starting with
solitaire, backgammon, mahjong, and then even the best tetris-like game ever
called Frozen Bubble (you have to try this), and some other nice games as
well. That just makes you realize that Windows, as it is, is just a
little...boring and stale by now. I love my KDE games and I do actually play
them sometimes to relax.

So all in all, I have to give KDE 3.2 a big thumbs up. It's about as nice as I
ever imagined, stable, easy to use, and practical as well. If you're
completely new to the idea of running something like this, you really
shouldn't worry about it because you'll be up and running in no time. If you
know windows, you can run KDE. After a day, you'll never want to go back.

So congrats to the KDE Dev team and many thanks. I hope to see even more
surprising refinements in the near future.

Comments

Thank you Savanna!

It was a really nice read!

I hope game makers start to make KDE versions of their games, so you can ditch Windows completely...


By Henrique Pinto at Wed, 2004/03/10 - 6:00am

Wow this review is over the top.
The only thing that's missing is a picture of a scanlty cled sweety.

Either that or KDE 4.0 can be cancelled because perfection has been achieved.


By C Neal at Thu, 2004/03/11 - 6:00am

i know it's shocking that some of our users are truly happy and satisfied, but it happens ;-)


By Aaron J. Seigo at Thu, 2004/03/11 - 6:00am

This review is great and realistic (in fact I use Windows only to play and KDE for more... let's say, serious things). But Ive got a word about exporting games from Windows as Henrique said. OK, it's true, some games have been reprogrammed to fit Linux kernel, but I think that Windows is faster for 3d apps, and, of course, programming in DirectX is much easier than programming in OpenGL. Perhaps Microsoft will release a Linux version for DirectX? Will Microsoft ruin itself? I think we'll see a famous game running on Linux only in a lot of time, but not in recent times. Unfortunately, Windows is too good for that. I'm sorry for my poor english...


By Daniele at Thu, 2004/03/11 - 6:00am

But we already have native versions of UT, UT2003, UT2004, Quake3, Enemy Territory , Neverwinter Nights to name but a few very famous games.


By mrew at Fri, 2004/03/12 - 6:00am

>of course, programming in DirectX is much easier than programming in OpenGL

I bet you're not a programmer.....


By Anonymous at Sat, 2004/03/13 - 6:00am

Did you ever write programs for DirectX AND OpenGL ???
1.) When you've never done anything with 3D graphics, OGL is more comprehensive than DX.
2.) We can't actually compare DX to OGL. Direct3D vs OpenGL would be better.
3.) DX has advantages because u get everything you need out of one hand (another reason why some people get the impression M$ Windoze is more organised than GNU/Linux) (API for Graphics, Input, Networking, Sound,...) We'd rather compare it to SDL (which makes use of OGL)

Linux is doing ok with graphics, but I think it could be doing better. The X Window approach is so "Mainframe-Era" thinking of terminals etc. Who needs all this overhead on a desktop machine ? What Desktop-Linux needs is a efficient, cleanly implemented, industrially supported (graphics hardware manufacturers), module based (if u really need network transparency), ACCELERATED frame buffer.
sorry, if that was a bit OT >:-)=


By markd at Mon, 2004/03/15 - 6:00am

Yep. I'm running KDE 3.2.1 on Gentoo - joy :). Portage, like apt is a very nice tool. Running Qt 3.3.1 just make sure that you have FontConfig up and configured properly.

I really am loving Kontact, but it took me a while to get the weather and RSS newsfeed stuff up and running. I never use IMAP so I haven't been affected by the bugs that have afflicted some. What we need now is a good integrated Office suite that can take advantage of the spell checking, printing and other kool KDE components. KDE OpenOffice will be good, but I really, really like Kivio and other parts of KOffice. Nothing in OpenOffice can match them.

I really like Plastik, but there is perhaps some more work to come on it, so the devs are right about it not being the default theme. Creating a cool-looking but totally usable theme is pretty damn near impossible. I hope Plastik can achieve it.

"3) It's easy to use."

Damn right. The usability wobblers people have been throwing are unecessary, and the criticisms are way, way over the mark. If you know Windows, you can do KDE. I know, I've tried it with people. The problems KDE have are mainly to do with the organisation of certain dialogues and components. Konqueror is a good example. However, everything is there, nothing should be removed and everything is totally fixable. As soon as I get this server and wireless network sorted I'm straight over to the KDE Quality website and I'm doing some reading.

People like me respect Macs and Mac usability totally, but the way they do that is part of Apple's target market and speciality. The vast majority of people, especially business users, do not want their desktop looking like a Mac. Believe me, I know.

"I said that if you play a lot of games, then maybe KDE isn't for you, but I wasn't exactly right on that score."

Holy crap Savannah! Don't say that. My nicely configured Gentoo machine runs Return to Castle Wolfenstein and it is eagerly awaiting Doom 3 any week now (slavouring and drooling and wondering just how much work I'm going to get done)! To while away the time though, KDE's games are nice.

"You want AIM? ICQ? MSN Messenger? No problem. Kopete on KDE gives you access to all that and more. It's got a beautiful user interface, awesome icon sets, and it's all integrated into one window and in your Kicker dock panel. It works flawlessly as far as I can see, and I love it. Chat to your heart's content."

I've never used chat programs. I'm an IT person, used everything under the sun, but have never seen the point in chat programs. Now that I have always-on internet access and Kopete I suppose I'll have to try it now.

"I always have music playing with Juk. It's integrated with a small applet in my Kicker as well (MediaControl) which lets me control everything from the kicker, even when I'm not on the desktop where Juk is. I just love that."

Juk is pretty darn cool. I've heard it compared to iTunes, but iTunes is a bit different. I've waved goodbye to XMMS as I've realised I can live without the visualisations. I just want my music - preferably organised :).

Additionally, I am now using Konqueror full-time as my web browser, and Mozilla has gone totally. Konqueror renders the vast majority of pages brilliantly, and with the partnership with Apple and Safari and improvements still to come I see nothing but a very, very, very bright future. I've seen some sniping at Konqueror, mainly that it still cannot render most web pages. It just isn't true. Web pages that I've seen that stump Konqueror also stump Mozilla. KWallet integration is very welcome also. When people talk about an integrated desktop, this is what people want to see.

The most underrated app has to be KDict, although there are probably more gems like this so I need to do more exploring. I brought my laptop back home yesterday and my Mum and her crosswords loved this program. Kudos!


By David at Wed, 2004/03/10 - 6:00am

> I've seen some sniping at Konqueror, mainly that it still cannot render most web pages. It just isn't true.

Actually it is true, it just depends how you build your web pages. Semantic HTML, CSS, and W3C DOM are very much in vogue nowadays. Sites that make heavy use of these technolgies tend to break badly in Konqueror. Since the vast majority of the web is tables based with a sprinkling of CSS and Netscape DOM, you see very few problems. The people complaining are often web developers who want all the benefits of the current standards, or those who use newer sites.

When I was using KDE 3.1 not a single one of the web sites I created was even remotely usable in Konqueror, in KDE 3.2 they are just badly broken. I never used to bother trying to fix stuff for KDE 3.1 because it was impossible; now it is just a pain, but I do bother, and report all the problems to bugs.kde.org with testcases so the problems can be fixed.

I hope very much that KDE 3.3 will ship with a Konqueror that has support for modern standards equal to, or in excess of, IE 6.


By Dominic Chambers at Thu, 2004/03/11 - 6:00am

I have to say I totally disagree with this. I very rarely find a page I can't view properly in konqueror. I also create a lot of pages, and I don't really have much trouble with konqueror - I have had lots of problems with Mozilla's loss of colspan info when the display attribute of a page is changed though. If you really have that much trouble with the pages you create, I'd consider that you might be designing pages that are IE specific.


By Richard Moore at Thu, 2004/03/11 - 6:00am

As I said it depends whether your a big CSS user or not.


By Dominic Chambers at Thu, 2004/03/11 - 6:00am

I do not agree. Konqueror have had some CSS bugs in various versions, and possibly still have some. So does IE (a lot more actually), and all the other browsers. But it's been a long time since Konqueror was the least CSS compliant browser. I do a lot of heavy CSS programming, and Konqueror shows it very well.


By Niels at Thu, 2004/03/11 - 6:00am

In my opinion IE6 has more reliable support for CSS than Konqueror; Konqueror has more breadth, but IE6 has fewer bugs.

I develop my sites in Mozilla (avoiding CSS-2 features IE doesn't support), then I test my pages in the other browsers. Of those browsers, I would rate their CSS-2 support, as defined by the amount of crap I have to do to get them to work, as:

1. Opera 7
2. IE6
3. Konqueror (KDE 3.2)
4. MacIE 5.1
5. IE5
6. Konqueror (KDE 3.1)

IE6 and Opera7 are easy. Konqueror on the other hand always gives me trouble. The latest site I did was unusable on Konqueror. I filed 4 bug reports in connection with it (#77048, #76982, #77057, and #76948), and made fixes to the web page to deal with those issues. These are just my experiences.


By Dominic Chambers at Thu, 2004/03/11 - 6:00am

The above statement is totally, completely, inconcievably WRONG. Konqueror has ALWAYS been the absolutely worst at rendering CSS, regardless of version or spec.

I was at LinuxWorld here in NYC right when 3.2 was coming out, and I wandered over to the KDE booth to see what was going on. The first thing I did - when presented with konqueror - was open http://www.csszengarden.com/, a brilliant collection of pure CSS layouts contributed by many different artists. A good majority of them failed to render properly (even though IE/mozilla/firefox did).

So I immediately gave up on konqueror, because I just can't work with a browser that is that handicapped regarding CSS. No complaints, but no hope either.

Then comes 3.2.1, and I go ahead and slap the RPMs on my FC1 box. Hey, CSS works in konqueror! And note that I didn't even complain, just pointed out the site to the folks at the booth!

Man, if I could get that kind of service with other things...


By mitchy at Thu, 2004/03/11 - 6:00am

Considering that I'm running 3.2.1 and you've said things now work then my statement is right. I didn't do as much browsing with 3.2.0 as I'm doing now, but it was clear that Konqueror had way, way improved.

Unfortunately I do not do selective experiments on Konqueror - I browse the web every day with it. Result? Very, very few problems. Qt and KDE also combine to create a damn nice looking app.


By David at Thu, 2004/03/11 - 6:00am

That's what we get for having hundreds of developers on the project :) Looks great, runs great and has even better user support ;) And yup, as you said 3.2.0 had horrible CSS support (it even broke some of my own, more simple pages), while 3.2.1 has well, wow :)


By Dan Leinir Turt... at Sun, 2004/03/14 - 6:00am

> I have to say I totally disagree with this. I very rarely find a page

Yeah, but when it happens it tends to annoy a lot. Especially if you
were trying to pay your bills at 23:54 on its due day ;)

https://www511.sampo.fi/A56/sampo_representation/RepresentationApp
http://www.autohus.de/search/form.php?lang=English
..


By foo at Thu, 2004/03/11 - 6:00am

The Konqueror developers know where most of these issues are, but not all. So everytime you encounter something that Konq doesn't get right, go to bugs.kde.org, and drop it in so they can fix it.


By bluGill at Thu, 2004/03/11 - 6:00am

Yes, I'm doing just that, and I'm sure 3.3 will be golden.


By Dominic Chambers at Thu, 2004/03/11 - 6:00am

Bug number 40383. Broken in 2.x, fixed in 3.0, broken again in 3.1 and continues. It has been reopened for almost a year - and nobody seems to care.


By Alex at Thu, 2004/03/11 - 6:00am

let me make a suggestion, which you can ignore if you wish: if you are cordial and nice, people will work with you; if you're not people tend to start ignoring you.

konq has ... *checks* ... 1400 bugs open right now. it's a huge app that tackles some of the hardest areas of mordern desktop computing: file management and web browsing. given the large number of bugs and difficult nature of the tasks, the developers try and prioritize the bugs they deal with as they certainly can't deal with them all at once.

now, when someone accuses them of not caring (esp. when they are in the process of trying to help), of being incompetent, etc and rants on about irrelevant bugs and uses snide remarks, that person is likely to get less attention than the person with an equally important bug but who is helpful and professional.

does that make sense to you?


By Aaron J. Seigo at Thu, 2004/03/11 - 6:00am

I've been reading your bug report and it seems you show a real attitude problem throughout.


By ac at Thu, 2004/03/11 - 6:00am

Wow, I don't see that that bad an attitude problem often. Not only that, but it appears to work fine if the id is set to IE. (So complain to the site please, konqueror is not going to change it's default id globally for you.) Unless the image shown in konqueror & firefox is an illusion, it works. (I admittedly can't read hebrew, so I can't tell if it's showing the right text.)

Please be curtious when reporting bugs, Alex.


By James L at Sat, 2004/03/13 - 6:00am

I agree. There's a reason why I use Firefox as my primary browser. And that's cause it handles 99.9% of the pages I view while konqi is NICE but... it still fails miserably on certain sites.


By Jeff Stuart at Fri, 2004/03/12 - 6:00am

I thought the PIM people had silently dropped support for that since I couldn't find out where to configure it, and I looked all over the place. Can you tell us how it's done?


By Dominic Chambers at Thu, 2004/03/11 - 6:00am

You have to install kdetoys for kweather, kdenetwork for dcoprss and kdeaddons for the news summary.


By Anonymous at Thu, 2004/03/11 - 6:00am

Wow... that's a bit all over the place isn't it?


By ac at Thu, 2004/03/11 - 6:00am

with the exception of the news summary plugin which is in the addons package where it belongs, they are generic components which kontact is capable of tapping into. if they were kontact specific, i'd agree with you, but they aren't =)


By Aaron J. Seigo at Thu, 2004/03/11 - 6:00am

Perhaps you'll like this type of theme:

Window style: System++
Icons: Footprint (for IT person; I find the default set cool yet girlish)
Kicker: no wallpaper
Style: Ceramic
Desktop Wallpaper: according to taste, I use Suzuki motorcycle racing wallpers
Colours: MacOS (modified KDE default - see attached file from KDE 3.1.4)
White background and no wallpaper in konqueror file browser.

Simple yet elegant, and do not distract me from work.


By Lex Ross at Sat, 2004/03/13 - 6:00am

Yeah, most of the stuff the Gnome people have been talking about are, um, crap. I find GNOME to be more feature-free these days than MacOS. That a pro-UNIX crowd could make a system that, IMHO (and I administer such machines, so I don't feel like I'm too far off the mark :D) is more opaque, lacking in features, and assumes more stupidity on my part than both Windows and MacOS Classic, is surprising.

I gave the GNOME 2.6 beta a try. Heck, I tried using one of the neato Nautilus features: CD burning! I wanted to burn a disc with some OGGs on it; I ripped them at home, and wanted to listen at work, and since I lack a good, fast connection at home, "Sneakernet" is the only option available. As far as I can tell, Nautilus first tried to burn an audio CD. I could be wrong about that, but I couldn't mount the CD and my DVD player attempted to play it :D Then I tried to erase it (using an option on the dialog box) and as far as I can tell Nautilus instead assumed all along that I was using the CD-RW to write multi-session CDs (and didn't erase the CD.) I know I'm not the brightest person in the world, but I was pretty sure that I wanted a single-session data CD! Thanks, Nautilus, for setting me straight! I are too dumb to make these tough decisions on me own! ;-D Not even OS X insults my intelligence to this extent.

GNOME is getting better (taking the Right Approach(TM) and hiding the more complex features from the casual user, among other things) but I see it as a long uphill battle. Also, with people like Miguel wanting to largely abandon the C/C++/other apps for C# apps (not that that's necessarily bad, mind you) the future looks rocky for the GNOME project.

I don't care if KDE, GNOME, or some other environment is dominant. Let me stress that. I just want what works.

At one point I had been a GNOME convert, and then even advocated environments such as GNUstep and ROX in the past. For better or for worse, nowadays I'm firmly in the KDE camp. I'm even eagerly awaiting RangerRick/others' port of KDE apps over to OS X; the boss has been bugging me about groupware, and at some point we'll be an OS X house. It'd kick ass if I could get everyone using Kontact and use Kroupware to coordinate everything. ;-D


By regeya at Sun, 2004/03/14 - 6:00am

Thanks for the nice review, but there is one point I'd like to get into. One of the main reasons that there are so many virusses for Windows nowadays, is that there are so many windows users. It just makes no sence to write a Linux virus, because there aren't enough users to actually spread it around. That does not mean that it is impossible to do. In fact, I'm pretty confident dat it is, and also that KMail is vunerable in some way (no, I don't know how, but I'm sure someone will find out...).
As more and more people are starting to use Linux with KDE, the changes of virusses are also getting bigger. We should not underestimate this, and while I still lauch about the stupid virusses (in my view, most of the modern virusses shouldn't even be called like that as they rely soley on click-happy users), I fear the day will come that I need to install anti virus measures on my linux system as well.


By André Somers at Wed, 2004/03/10 - 6:00am

I think Savanah implies that that is the reason. She says I don't have to worry because they don't run on KDE.

As to whether KDE/Linux is inherently more secure than Windows, I think you would have to agree that it is. The default policy in KDE is to treat HTML as a security problem, KMail doesn't allow you to accidentally start programs, and unlike Windows, you don't have to run your mail client as root.


By Dominic Chambers at Thu, 2004/03/11 - 6:00am

There seems to be a big push to make HTML composition in KMail the default. How much longer after that until "Prefer HTML to Plain Text" becomes the default as well? Then the automatic execution of binaries just to save a few mouse clicks? Don't let the camel's nose in the tent!


By David Johnson at Thu, 2004/03/11 - 6:00am

Hi David,

There are no plans to make HTML composition in KMail the default. I wonder what made you think otherwise. I mean considering sending HTML mails on KDE mailing lists is a no no, having KMail send HTML mails by default is pretty much unthinkable. (At least not in KDE cvs, since KMail is free software distributors can always make their own changes, that's beyond our control.)

HTML mail support is being worked on. I realize many people would prefer to see no HTML composition support at all, but still far more do want to see it supported, (and they have valid reasons like intra organizational mail).

BTW HTML mails sent by KMail will be multipart/alternative messages so they can still be viewed by mail clients that don't support viewing HTML mails.

Don.


By Don at Thu, 2004/03/11 - 6:00am

OK, you are right, unices are probably inherently more secure than Windows. However, most modern virusses just ask politely to open the attached file. I think that could hit a KDE user too, even if the attached program or script doesn't run as root, it can still do damage and/or spread itself.


By André Somers at Thu, 2004/03/11 - 6:00am

Uhm, I'm not running Outlook using root (Administrator). You can do that, you know.


By rajan r at Thu, 2004/03/11 - 6:00am

That's good. Unfortunately running Windows in a networked office environment is not that simple. Permissions in Windows are a joke, and many essential services, like printing, sometimes just don't work unless you are an administrator. Recent viruses, worryingly, have proved that Windows permissions are so easy to get around it is as if they aren't even there. Sometimes IT people have no choice to log people in as administrators. It is either that or things don't work.


By David at Fri, 2004/03/12 - 6:00am

... Of course, Linux is more secure than windows. Anyway if an Linux virus is trashing my personal data, which is possible running as the user I'm logged in, its doesn't matter that the system itself is secure. My Data is lost !!!
So it does matter to take care of the email you get, a firewall up and runnin (of couse right configured) and have an antivir programm running in the background. There are some free out there for Linux.
Don't behave like an "normal" Windows user - being blind to things that are so obvious.

uwe


By Uwe Liebrenz at Fri, 2004/03/12 - 6:00am

Use the source, Uwe!

Install unison.

Then, as root, create a batch job that nightly syncs your home folder to a folder owned by root, and keep, say, a week of changes tar.bzip'ed somewhere.

That way, if you get virus'd, you have a backup. The nature of a multiuser system makes this *almost* as good as a real backup (if the computer is hit by a meteorite, the backup does no good).

I really should write a recipe to do this.


By Roberto Alsina at Fri, 2004/03/12 - 6:00am

Argh. I meant rdiff-backup, not unison.

And I did write the recipe for this. I will publish it tomorrow at http://pycs.net/lateral :-)


By Roberto Alsina at Sat, 2004/03/13 - 6:00am

And here it is: http://pycs.net/lateral/stories/26.html

Someone should give rdiff-backup a GUI, though :-)


By Roberto Alsina at Sat, 2004/03/13 - 6:00am

Thanks for the nice review, but there is one point I'd like to get into. One of the main reasons that there are so many virusses for Windows nowadays, is that there are so many windows users. It just makes no sence to write a Linux virus, because there aren't enough users to actually spread it around.

That is not true on so many levels with dozens of different proofs. I suppose that it is just a FUD spread by MS or avirus companies...

OK, here we go:

1. If what you're saying is true, if the number of viruses depended on the number of machines to infect, than we'd have legions of worms infecting these 60% WWW servers run by Apache. But you know what? The only worms that infect WWW servers are those infecting MS offerings.

2. There was a computer called Amiga. It had multitasking OS, harddrive, network interface and absolutelly no security. At the peak of its popularity it had smaller market share than Macs or Linux desktops have now. And you know what? There were dozens if not hundreds viruses on Amiga.

3. There was similar machine: Atari ST. It had even smaller market share and still had lots of viruses.

Please, don't spread the FUD.

Robert


By Robert R. Wal at Thu, 2004/03/11 - 6:00am

1) Most modern virusses spread using "social engineering": they just ask the user to open the file. Since servers running apache arn't likely to open these messages all on their own, and administrators operating these systems can be assumed to be smart enough not to, this isn't an issue. Apache may (is? I certainly hope so!) a very save webserver, much better than MS'servers. I'm not arguing against that. We're talking about the linux desktop here. And yes, for that you do need actual users that are click-happy.

2) I am not familiar with the Amiga scene. I do know there were virusses going around in my C64 time (at least, I think there were).

I'm not saying that it is impossible to spread virusses on less used computers, I'm saying that I think (and I don't need MS or the antivirus companies to think for me, thank you very much) that:
a) a spreading of Linux/KDE systems to the more mainstream desktop market (as many people here would like to see, and as slowly seems to happen) will generate a group of users more likely to do less smart things, like open attachments they were not expecting.
b) a bigger userbase will make the platform better known, more interesting for virus writers and will bring to light more vunerabilities.

I am not running antivirus software myself. I still think I'm save. I just fear that that won't be the case for ever, and that we need to be carefull about saying that it could not happen to us. Call it spreading FUD if you want, I just think it would be a good idea to keep alert about potential security problems that might be exploited by virus/worm/trojan/whatever writers.


By André Somers at Thu, 2004/03/11 - 6:00am

None of your above points make any sense, wether you have users that are click-happy or a group of users more likely to do less smart things, like open attachments they were not expecting. Nothing of this will spread any viruses as the design of *nix, to run a program the exec bit have to be set. No sane *nix mailer sets the exec bit on attachments and none ever will. A clueless user will not know how to make the file executeable and a cluefull user will know not to.


By Morty at Thu, 2004/03/11 - 6:00am

That is a good point, and it's well taken. This does make it significantly harder to execute scripts.


By André Somers at Thu, 2004/03/11 - 6:00am

Then just be quiet and let the adults speak?


By Joe at Thu, 2004/03/11 - 6:00am

And this is inherently at the root of why you should not connect to the internet with windows but use a *nix client. DOS is NOT a network operating system and as such doesn't have such safety measures. Note also problems with the FAT file system being designed for 360K floppies and needing to be defragged. Sure they are making improvments, but their roots are a stand alone toy and it's pretty much a lot of patching it and selectively continuing the same thinking in many areas, like default enabling macros that can erase the file system and not building in confirmation for first time execution of destructive or foreign scripts.

Let's face facts. Middle schoolers can bring the internet to it's knees because MS hands out the tools to do it like candy, refuses to allow the least inconvenience by insecure defaults and still considers it a low priority. Witness their past errors. If they have a concern with data loss they sue you into oblivion. Their defensive barrier is the lawsuit, not technology. Otherwise they would have been more concerned about Russian hackers cruising the Redmond campus for six months with free reign. MS is the quintessential computing toy software company. System failure and compromise only matter if they hurt revenue and they're a monopoly. Cased closed.

In the final analysis it is the user who eventually makes something secure or unsecure, however between *nix and Windows there is no real way to say they are on equal footing. In 2000 I was told at an ISP sponsored user conference that there are 4000 new Windoze exploits a month introduced.

As a side note I played with confirmed XSS scripting exploits that could reliably be reproduced in IE and found only a small percentage success in KHTML. Also I have seen security fixes issued in KHTML the day after the exploit was announced that affected most browsers and MS said it would not issue a fix as it was not a critical flaw. IE and outlook also download "fixes" without user confirmation from sites that offer validation with their request. This is another potential exploit. Add the fact that admins are afriad to apply Windows fixpacks because they usually break other things and the picture is very clear indeed.


By Eric Laffoon at Fri, 2004/03/12 - 6:00am

Ya, this is a common view that consistently pops-up from time to time. Unfortunately any half-intelligent security analysis proves it entirely wrong. If your statement were true, then Apache would be responsible for twice as many http vulnerabilities as any other http server. But IIS is actually responsible for more http vulnerabilities than any httpd service. And Apache is only the most striking example. There are literally dozens of examples of software that is/was more popular than the Microsoft's version (from video games to personal finance software to mail servers...) that had fewer vulnerabilities.

I have wrote about this before: http://www.rockerssoft.com/brockers/archives/000077.html

brockers


By brockers at Thu, 2004/03/11 - 6:00am

I don't think this is true to be honest. No one except Microsoft writes software that takes in external scripts and runs them as if it's going out of fashion. A virus writer would have to work 100 times as hard to get a good virus up and running, and 1000 times as hard to make it spread from machine to machine on a Linux desktop. The latter is what really kills Windows.

Microsoft people like to play the popularity game. Unfortunately Outlook and other bits of Microsoft software are just total crap.


By David at Fri, 2004/03/12 - 6:00am

Well, you're not 100% safe on linux:

Try the following:
Take one of those MyDoom mails (I'm sure you have one) and click the attachment as the mail tells you too.

Then ignore the two warnings kmail pops up, and bingo! You have MyDoom installed and running on your Linux box. And it works very good there.

(Of course you need to have Wine installed, and have wine integrated in KDE like kappfinder does)

So with good social engineering, Windows Viruses are a threat on unix.


By Anonymous Coward at Fri, 2004/03/12 - 6:00am

Pages