Roy Schestowitz wrote:
> How well do you know PC security?
> ,----[ Quote ]
> | I quite liked:
> | Windows is nagging you to update the operating system. What do you do?
> | A: Ignore it, the updates will just slow down your machine
> | B: Install the updates as soon as they become available
> | C: Update every six months. Just to keep Microsoft happy
> | [...]
> | What is a DDoS attack?
> | A: Guerilla activism by open source software advocates in which
> | they uninstall Windows on a PC and replace it with Linux
> | [...]
> This questionnaire proves that Windows security has become very complex
> and it requires a lot of 'knowledge' from its users.
It always amuses me when the Winvocates/wintrolls go on about how supposedly
difficult Linux is for newbies to use and maintain, and then you see what
newbies are supposed to cope with and understand in order to have some
degree of safety using Windows on the 'net.
Quiz might be OK for Windows newbies, it doesn't really work for a Linux
user, in particular:
Query 4: If you had a zombie in your house, what would you do?
Answer: Clean up your PC with an anti-virus scanner - a zombie is a computer
hijacked by malicious hackers.
Query 7: After downloading a new screensaver you get bothered with lots of
pop-up ads, your web browser's start page has changed and any search is
re-directed. What do you do?
Answer: Run an anti-spyware package to see if your computer has contracted
however, AIUI anti-virus scanners for Linux (as opposed to Windows file
scanners running on Linux) are basically snake-oil at present, and in any
case my attitude to a compromised computer, no less than when I used
Windows, is to format and install a clean system and secure it better, not
to try and run third-party software to recover after the fact (I'd never
feel "clean" again when I used the computer, if not).
At least with Linux I'd have the option of just wiping a user and recreating
it, if that really was all that was compromised, though even then I'd be
concerned whether the nasty might have escalated itself warranting a system
refresh as well. And at least with Linux (almost) all my software is
downloaded from central repositories I've already decided I'm going to
trust (and which could compromise me if the maintainers of it wanted to),
so no question arises of downloading a screensaver, or for that matter
(with very rare exceptions) anything else, from some random website.
Query 4: Windows is nagging you to update the operating system. What do you
Answer: Install the updates as soon as they become available
All very well, except that with Windows you never quite know what might be
lurking in there, as with WGA which IIRC came in as an "important" update
to apply. Which is worse, the third-party malware, or the stuff that comes
from the vendor, with Vista by all accounts to be delivered on computers
with spyware and a tamper-resistant root-kit component pre-installed
courtesy of Microsoft? You won't easily be able to get a virus-scanner
which can remove *that* for you!
I suppose it's true that I would be equally vulnerable to compromise if
Canonical decided to slip something nasty into the updates for Ubuntu. On
the other hand if they did that it would be the end of them, as with Linux
there are always a range of alternatives to choose from, and it's trivial
Plus, since Canonical release source code for Ubuntu, they themselves would
know that they could be caught bang to rights at any time. If they ever
stopped providing source code anyone downstream using that source code, for
example for a derivative distro like Mepis, would be likely to notice
immediately and raise the alarm. There's nothing like the probability of
being caught at it to dissuade miscreants.