__/ [ BearItAll ] on Tuesday 06 June 2006 10:56 \__
> Roy Schestowitz wrote:
>
>> ,----[ Quote ]
>> | People keep having this delusion that security is a product. That,
>> | if you just buy some magic box, you'll have a program or an operating
>> | system that's as secure as Fort Knox.
>> |
>> | [...]
>> |
>> | Some systems are more secure than others. Linux, as anyone who pays
>> | any attention to security news knows, is a lot more secure than Windows.
>> | If we were talking cars, Linux would be a Volvo S80 and Windows would
>> | be a Ford "Hit here to blow up" Pinto.
>> |
>> | [...]
>> |
>> | The same is true for applications. Are Firefox and Thunderbird safer
>> | than Internet Explorer and Outlook? Of course, they are. Does that
>> | mean you're safe using them without their latest patches? I don't
>> | think so!
>> `----
>>
>> http://www.linux-watch.com/news/NS4575571479.html
>
> No I don't go along with this train of thought, we have had similar posts
> in the news groups.
>
> When we say that Linux is secure, we mean (I think) that it is the most
> secure of what is currently available, but also the most secure because of
> the actions that we take.
>
> I don't think anyone is really blase, rather, we are secure because we take
> it seriously, deal with the insecure as it comes to light. Most users are
> on automatic updates, others will schedule or manually update security when
> they can. The speed of discovery-to-fix alone is an indication of how
> seriously the Linux community takes a security breach.
>
> We all have our Firewalls setup well, because security is taken seriously
> the tools to help those that struggled with chains have be made extreemly
> easy to use, a simple matter of 'select what you want, leave off what you
> don't want'.
>
> Users have taken to application caging as a logical next step. We are
> hardly hearing any moans or of problems caused by caging. But then it is so
> well implemented in both SELinux and AppArmour, that just as with the
> Firewall it is a simple matter of enabling those things we want that are
> off by default. In both of those I found that the defaults were fine with
> only samba needing to be 'allowed'.
For me, it has always been SSH. Rightfully, access and control from the
outside are prevented until you prove that you are aware of the consequences
and have chosen decent passwords.
> We've had posts in here of users wanting to run as 'root', but the
> responses they get from all levels of Linux users is a good indication that
> even those new to Linux are already on the side of security.
SUSE, if not KDE in general, is wise enough to discourage that. Not only does
it prompt the user, encouraging a logout, but it also lets the user
understand that s/he is working in a mine field (desktop wallpaper). Less
usefully (call it 'customisability' in KDE), the wallpaper can be changed. I
am not sure that permitting this is a wise idea because a user can totally
forget that s/he is working as superuser.
> There is the other side too, lets say that all things in Linux are fully in
> place, that we are doing so well in the market that software and driver
> vendors all release both an MS Win and a Linux version of their software.
> Then what do we have that seperates us from MS Win, both can do everything
> that a computer is meant to do. We have the price advantage, but that wont
> make a difference from a commercial software point of view. The real thing
> that we have is our security and that is why we must all take it seriously.
>
> No lessons are needed because as far as I can see the vast majority of
> Linux users take that on as part of the kit, as if in the Linux box you get
> a DVD a book and a responsibility to ensure your security up to date and
> correctly setup.
>
> Why? Why do we do this, we could sit at our computers day after day being
> as blase as we like, because even with our systems as they are today, the
> chances of being hacked or virus'ed are so slim we could sit on our laurals
> and forget all about that side of things.
>
> Well for me the reason is very simple. I don't like that those things I
> would like to do with my computer should be inhibited because it might not
> be safe, from a security point of view. I don't believe in lessoning the
> capabilities of Linux in order to compensate for the weaknesses in other
> OS's. If I want to trade online, play music streams, chat, anything you can
> think of, I can do it because I know that my system is safe.
Yes, exactly. The freedom to have a peaceful computing experience. Eternal
Sunshine of the Spotless O/S.
> I don't want a system that loses half its power because a third party
> security system needs to take up so much of the resources just to keep the
> hackers out.
I'll raise a glass to that. I have always argues that an already-encumbered
O/S was further slowed down due to its /flaws/, not its design (e.g.
efficiency, or lack thereof).
> I don't want to have to limit my emails to certain content, because on
> other OS's that content might be software that can run automatically.
See my notes below. Many of us are skipping real, genuine E-mail messages,
primarily due to the suspicion that any E-mail message is potentially SPAM
or is malicious. I know that several messages have escaped my attention due
to 'noise', which is attributed to Windows boxes on the network. I knows
how much genuine messages I have been missing without becoming aware of
it...
> Basically I like my Linux to be secure so that I can use it without worry
> and that is exactly what I have got. I never limit my computing to
> compensate for others, I do what I want to do, MS users can pay their own
> price for their OS's weaknesses, I'm not paying it.
Sadly, we /all/ do. If you receive SPAM, for example, be aware that roughly
80% of it is being sent from Windows boxes that were compromised.
Best wishes,
Roy
--
Roy S. Schestowitz | Data lacking semantics is currency in an island
http://Schestowitz.com | SuSE GNU/Linux ¦ PGP-Key: 0x74572E8E
2:00pm up 39 days 19:33, 11 users, load average: 2.14, 1.89, 2.35
http://iuron.com - help build a non-profit search engine
|
|
