I’ve mentioned Linspire a few times in the last few weeks, and inevitably I gripe about the poor design decision of having the user running root privileges all the time. If you read Slashdot, you may have seen that in a recent interview, Michael Robertson (CEO of Linspire) responds to this precise question.
His response is given so forcefully that one is almost tempted to overlook how ludicrous it is, and to want to admit that he has a point. Resist this temptation; running as root is still a stupid idea. It’s been a stupid idea for thirty-five years with every flavor of Unix, BSD, and now Linux. It will never be a good idea. Ever.
To be fair, Robertson also says, We’re not trying to win ultra-geeks. Ultra-geeks LIKE having to type commands, they think it’s fun to learn the system, and to know the secret codes. That’s just not our customer.
Well, he has that right; having the user run as root pretty much guarantees that the ultra-geek is going to think that your product is a joke.
When the question is finally put to him, here is his first response:
I think, like everything, it’s a question of balance. Ease of use, versus security. I defy anybody to tell me why is it more secure to not run as root.
If this is really what he thinks, I don’t think that he could have asked too many people. On the other hand, with that attitude, who can tell this guy anything?
Robertson is totally ignoring the fact that most compromised Windows XP boxes serve as potential zombies for the computer crackers who are able to store and run their programs (bots) from these boxes; the reason that they are able to do this (and subsequently have the power to use their armies of Windows boxes to launch DOS attacks on servers) is that usually, when the cracker gains access to the box, he already has administrator (Windows equivalent to root) access. If this were not the case, the problem would not be so severe.
To say that it is just as secure to run as root is just plain ludicrous, and is really difficult to comprehend. Robertson tries to argue that it’s an "ease of use" issue, and that Grandma shouldn’t run into permissions errors when trying to change her wallpaper.
I defy Michael Robertson to find me a Linux user at any stage, new user to veteran, who has had a permissions error when trying to change their wallpaper. (Two can play this "I defy anyone…" game.)
By making that statement, if he really means it (I hope that he does not), what Michael Robertson is really saying is: It’s easier for us to give the user root access than it is to design our desktop properly so that the user has permissions to what he or she needs, but nothing else.
Of course, then Robertson closes his defense with, I know the hardcore geeks feel differently, that’s fine. It’s hard to argue with a guy who is admitting that he knows you feel differently, but he’s just so wrong that I can’t help it.
I think Michael’s shooting himself in the foot on this one, and here’s why. Until Linux for the mainstream consumer reaches some sort of "tipping point" (thanks, Gladwell), the primary way that most users will adopt Linux is through the recommendations of these very same hardcore geeks which Robertson says are not his target market. Well, the problem there is that we aren’t going to recommend Linspire; we’ll recommend a distribution, any distribution, which isn’t so base-headed as to have the default user be root. For a brand new user I might recommend Ubuntu, or maybe Fedora or Suse; for a Windows user who is already a geek who wants to learn Linux, Gentoo, Arch, or Debian. Sorry, Michael; Linspire isn’t on the list.
