In comp.os.linux.advocacy, Roy Schestowitz
<newsgroups@xxxxxxxxxxxxxxx>
wrote
on Fri, 05 May 2006 18:43:46 +0100
<2311690.X6LcJyQyQh@xxxxxxxxxxxxxxx>:
> __/ [ nessuno@xxxxxxxxxxxxxxxxxxx ] on Friday 05 May 2006 18:29 \__
>
>> "...There's a battle raging on your computer right now -- one that pits
>> you against worms and viruses, Trojans, spyware, automatic update
>> features and digital rights management technologies. It's the battle to
>> determine who owns your computer.
>>
>> "You own your computer, of course. You bought it. You paid for it. But
>> how much control do you really have over what happens on your machine?
>> Technically you might have bought the hardware and software, but you
>> have less control over what it's doing behind the scenes...
>>
>> [... SNIP ...]
>>
>> "You can fight back against this trend by only using software that
>> respects your boundaries. Boycott companies that don't honestly serve
>> their customers, that don't disclose their alliances, that treat users
>> like marketing assets. Use open-source software -- software created and
>> owned by users, with no hidden agendas, no secret alliances and no
>> back-room marketing deals."
>>
>> http://www.schneier.com/blog/
>
> A better (permanent) link would be:
>
> http://www.schneier.com/blog/archives/2006/05/who_owns_your_c.html
>
> This ought to prevail for future readers/lurker/errant Web searchers to
> follow. It is a good item from Schneier -- the same guy who put forward a
> strong and famous argument in:
>
> http://www.schneier.com/blog/archives/2005/01/linux_security.html
He also has a good book on crypto, though I've not read it lately. :-)
However, the real question might very well be: who owns
one's data? It's a multilayer problem in any event;
I have a bunch of hardware on my desk, for example, but
it will sit there unless I know how to interact with it.
Enter the OS, a bridge between my ignorance and its
operation, which includes data storage in the terms of
files and directories -- or directories and folders, if
one prefers Microsoft Office terminology. :-) (I don't.)
That's admittedly a crude way of putting it, but one of the
functions of that hardware is to store and retrieve data,
or perhaps data and communications or just communications.
And then there's the question of someone else's data, such
as movies, songs, and software. At some level, it's all
data (e.g., the code stream going into one's processor).
>
> Alluding to:
>
> http://www.honeynet.org/papers/trends/life-linux.pdf
>
> "Recent data from our honeynet sensor grid reveals
> that the average life expectancy to compromise for
> an unpatched Linux system has increased from 72
> hours to 3 months. This means that a unpatched Linux
> system with commonly used configurations (such as
> server builds of RedHat 9.0 or Suse 6.2 ) have
> an online mean life expectancy of 3 months before
> being successfully compromised."
>
> This is much greater than that of Windows systems, which have
> average life expectancies on the order of a few minutes.
I'm not sure the gulf is as wide now, with the introduction of the XPSP2
firewall. In one test a system survived for about 2 weeks, AIUI.
Still not 3 months, of course, and in any event, a better
characterization (if there's sufficient info) is "time until half the
systems are infected" (akin to the LD_50 lethal dose for such things as
chemicals and radiation, and half-life for radioactive elements).
http://www.zdnet.com.au/news/security/0,2000061744,39200021,00.htm
mentions 12 minutes for XP, but maddeningly doesn't say which version.
--
#191, ewill3@xxxxxxxxxxxxx
Windows Vista. Because it's time to refresh your hardware. Trust us.
|
|
