-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
A word (or two) about Linux desktop security
,----[ Quote ]
| All things considered, I still believe that
| Linux desktop security is superior to that of
| Windows in a home environment. Here's why:
|
| - The default firewall setup offers a very
| safe configuration off the bat.
|
| - The software repository model is safer.
|
| - Viruses are no concern.
|
| - Social engineering is definitely a threat,
| but following a few simple guidelines should
| keep it safe.
|
| Some have raised a very valid concern about
| the lack of reactive security in the Linux
| Desktop. Unlike Windows users, we have nothing
| to fix or even detect the situation once
| security is compromised. While I agree with
| such concerns, in my opinion all that means is
| that Linux users need to approach security
| differently to Windows users. Windows users
| have grown accostumed to a reactive model.
| They have a wide variety of tools to detect a
| security threat and kill it. The key to Linux
| desktop security is to take a proactive
| approach: Preventing over healing.
|
| To me, it boils down to this: Linux desktop
| users are safe as long as they follow a few
| best practices, which is more than what
| Windows users can say today, even with the
| help of an antivirus. In addition, in the
| event of security being compromised, the
| severity of damage is generally much more
| limited.
`----
http://cristalinux.blogspot.com/2010/04/word-or-two-about-linux-desktop.html
Recent:
Becoming a "Linux Security Artist"
,----[ Quote ]
| As I mentioned before, the architecture of
| Linux follows closely the architecture of the
| Unix systems. A relatively small monolithic
| kernel with libraries and utilities that add
| functionality to it.
|
| This alone adds security value, since it
| allows the end user to turn off a lot of
| services (both hosted and network services)
| that they do not need, and if left to run on
| the system would create more avenues and
| possibilities for attacks.
|
| For example, the average desktop system acts
| as a client for services, not as a server.
| Turning off these services means that other
| people across the network cannot attach to
| them. In the early days of Linux a lot of
| distributions would be distributed with the
| services turned on when you installed and
| booted them the first time. This was under the
| mistaken impression that having the services
| running would make them easier to administer,
| but security people quickly pointed out that
| having the services running at installation
| time (before needed patches could be applied)
| also left the systems, however briefly, open
| to attack. Now most, if not all, distributions
| install with these services turned off and you
| are instructed to turn them on at the proper
| time, hopefully after you have applied needed
| patches.
`----
http://www.linux.com/learn/tutorials/299241:becoming-a-qlinux-security-artistq-
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkvCKdQACgkQU4xAY3RXLo4D7wCfc71cS0aD0ehaAAOFTsdISKGq
MVAAn0ObJYSkN+Wl+Y/IYc4nvbR6+N0Z
=GHjk
-----END PGP SIGNATURE-----
|
|
