It’s not to beginners to “dictate” how computering and why early computering scientist have designed the system this way.ue and can go to any workstation without a difference. I mean that those users who ask for root permission (I don’t really know why) should have worked a little bit in a administrated company. And they should have estimate how many times administrators lost there time for these people who install forbidden software.

Running as root would be really dangerous in the case of the program is not well written. Running as root and even looking a jpeg would be more dangerous. There was a security breach in jpeg some times ago… Running as root and even a crafted URL or website could be dangerous… If you don’t run as root, you’ll be happy if your kid goes on this URL and YOU don’t loose your data.

Also with all this system you’re absolutly sure that an update will work (on good distro) and that your system will be patched exactly the way it should. Think about problem of SP2… Why? Because you didn’t have any way to mess up this OS!

Running as root would be dangerous in most enterprise config when using NFS for example. On a real network, each user is unique.

For teh example about the clock time setting. Changing the clock will change the clock for any user that are working on the system, so this clock is not only for you, but also for any users logged on the system. And on Linux, there’re plenty of virtual users which launch process in the backgroud. All those processes could be disturb while changing the date. Also, setting the good time on a computer is not a day to day action. And this example is not a good example at all, because the date is set by the network on current distribution. There’s only Windows which doesn’t set it directly out of the box. Why? Because the time is not set to GMT… It’s exactly a demo why the begginer should not interfere with the choices made by computering engeneers… When you receive mail outdated on your box, they doesn’t sort correctly. So, the computers HAVE to be on time, and it’s not to the user to change the time.

Also, for the program which are really usefull for day to day use, there’s the SUID bit. Also, on Ubuntu/OSXTiger, this root user doesn’t even exist and the user is asked his own password… So he doesn’t even now that there’s a root user! It’s just a question of PAM configuration.

So, please see pam and sudo and you’ll see how running as a privileged user is really cool! When you’re asked for your password : you can ask yourself : “Am I dooing something wrong?” “Did I made an error”… Have a look at Ubuntu (I’m sure there are other distrib that come with sudo confiigured but this one is very integrated) and see how security can meet ease of use…

Linux is different in design from Windows : You rarely have to download a program yourself, there’re package management such as urpmi or dpkg to do that. If the user have to install a program himself or compile it, he’ll know what he is doing… And he’ll know why using a Linux day after day program as root is not allowed.

Running as root is like use your new home DVD player without the plastic protection… To sum up!

Linux is about security and stability. That’s the big difference with windows : It’s thought by all.
If Lindows no, Linspire, is made with this kind of breach in security, I prefer Windows… Because at least after the fighting against spywares… I can play a lot of games in Windows! lol!

Now, whether it will be able to execute enough in order to start the propogation is another story.

Pure speculation….

There are lots of ways to pass viruses, email is just one of them. I’m not even sure that it’s accurate to say that ‘most’ viruses are passed via email. Many worms and zombie applications spread through the network without using email.

You can run as a limited user in windows, making it very similar to using linux. By right clicking on a program, you will be prompted to enter a password and get administrator rights. However, windows defaults to administrator during the install process for ease of use.

As far as linux computers giving windows computers viruses, that is unlikely since most viruses are passed by opening suspicious emails. Why would a linux user pass a suspicious email to a windows user?

In either case, you’ve covered off both areas in your three points.

Oh, and technically I don’t think Linspire actually tells people run as root. They just don’t ‘guide’ people to not do so.

Kyle: No, I think you’re right. As I wrote above to Ben, I’m concerned about more than just my data though.

Assuming my noobish understanding isn’t failing me here.

– deleting system files (accidently or not)
– having software silently install on your PC without your knowledge
– accidently change system settings that might cause instability

In each of these cases you would be prompted for the root password.

I think of it this way: If you have a PC in your family home which is logged in as a ‘normal’ user, you can let your kids or little brother loose on it, and the worst they could do is mess up your desktop settings which should be easy enough to recover from. Would you leave it logged in as root (as Linspire say)? It could get trashed quite quickly!

True, it does go against best security practices. However, MR seems to be right – nobody so far in this discussion (or the one on the board – link in the entry) has been able to give a compelling reason *why* it’s more secure to run as root on a home system.

I’ve come up with one scenario, but nobody else has