It is also a fairly major distro. Read what he has to say here:
http://info.linspire.com/askmichael/question9.htm
-----------------
More on my arguments;
Argument 1
- What do I want to protect? For the most part I want to protect user files. If I value my user files I should have regular back-up procedures in place. Meaning, methods of protecting my important documents and files.
I'm not particularly worried about losing system files. I have the Puppy, Suse, and Vector CD-ROMS within arms reach.
- It is not necessarily easier to intrude on root than it is a user. For example, suppose there were a way of gaining control over my computer through Firefox. The exploit would be just as successful on root as it would be a user.
The hacker, if he gained my level of permissions and access, could read, write and execute anything I can read, write and execute. My user documents, the most important documents are at his mercy.
- If my computer was intruded on, I would consider it compromised. I'd want to clean house and figure out how it took place and put the preventive measures in place.
Regardless of if the computer was compromised with me a user or root, it is still a compromised system.
- It is not happening. Personal computers running Linux and not running services such as proxies, ftp, http are simply not being exploited to any significant degree, although the services they run are targets.
My computer gets hit often several times an hour. Fully 90% of the hits are on ports 1026 and 1027. Many of them are from China and Japan. There is a big exploit there on XP - the DCOM services for people who have not applied the patches.
DCOM doesn't exist in Linux and it is not bound to these ports. There is nobody home to answer the door for the hackers.
Reference: http://grc.com/port_1026.htm
Other ports are 21, 80, 8080, 22 and a range of ports for known Windows trojans. I've never seen a scanner scan 65535 ports. They go for known ports with exploits and those are almost without exception, known Windows trojans, robots, and other Windows exploits. Of course non OS specific common service ports.
We are not running this software, and that is the primary reason there is not much to concern ourselves with.
Sort of like having a cabin in the wilderness and no one ever has come around to bother you.
Also, gaining access to an open port doesn't mean a successful hack. Port 8 the ping port is software written to respond to ping requests. It is not going to edit a graphic file, hand over root's password or allow entry to the system.
- I used to run an unprotected HTTP server for the public. It was specially written to always say yes to the hackers and give them an error code of 200 and hand them a clear 1x1 Gif file. Plus log all their activities.
The hacker script would sends requists like ../../cmd.exe and all kinds and combinations of CGI scripts exploits. My HTTP server would always say OK and immediately hand them the GIF image. That is all it was programmed to do, say yes to everything and give it an invisible GIF image.
Not to mention, keep precise and detailed logs of everything the hacker would do. This way I could tell with precision what was being done. The hacker getting good feedback on his end would go the whole nine yards with his scripts and techniques.
The point being that even have the software bound to the port and servicing the hacking industry, it was safe because it wasn't actually going to let someone in. It wasn't programmed that way.