Re: Security followup

Subject: Re: Security followup
From: "Decker F. Wong-Godfrey" <dfgodfrey -at- milmanco -dot- com>
To: "TECHWR-L" <techwr-l -at- lists -dot- raycomm -dot- com>
Date: Wed, 15 Jan 2003 11:25:04 -0800


Andrew Plato wrote:

This is highly dependent on what version & flavor of Linux you're using.
Nevertheless, Linux machines need securing as well.
No doubt, there's always a way to raise the bar a little higher, make it a little harder, but the point is that Linux comes with a clean, easy to configure means to install with minimal services. The old problem of unneeded or unwanted services being installed is a non-issue. The services installed by default on a "desktop" system are minimal and usually run out of a wrapper anyway.

Remember, most hackers use Linux. Hence, they know how to hack Linux boxes
really well.

How many attacks are done by "Hackers" compared to the number done by "script kiddies?" Script kiddies don't need to know anything about the system they are breaking (and often don't), they just need to be able to run a program. Script kiddies are the ones who have the time and the inclination to break boxes, to make a name for themselves. The "Hacker" is a relative anomaly.

And the fact that the Hacker decides to run Linux says something about the relative security of a Linux system, doesn't it?

If your statement was in fact true, then we'd see a lot more rootkits for Linux systems, we'd see more script kiddies out there breaking through back doors--but we don't.

The reason that there aren't many virus scanners for Linux is that there aren't viruses for Linux.

That isn't true. Many viruses are platform independent. This includes worms,
trojans, and all sorts of other nasty things that run quite nicely on RedHat
and Mandrake Linux.

There are not "many" viruses that are platform independent. And the few that are, can do little if any damage to a Linux box compared to the damage they can do a Windows machine.

Worms, trojans and other nasty things that run quite nicely on Red Hat or Mandrake Linux are usually running on machines that were poorly configured or just mismanaged. Even so, the damage done is more often annoying than debilitating.

I think you've done a great service to people who are stuck running Windows machines. The more secure they are, the better off we all are. I just don't think it's fair to assume that Linux can be heaped into the same category as Windows. There's many many things that make Linux a more attractive choice for people concerned about security. Antivirus scanners and "securing" a system are things to think about--but most people don't want to become security experts, along with everything else they've got to do. With Linux, they don't have to become a security expert. They don't need to be terrified of clicking the wrong link on the Internet. They don't need to worry about clicking on every attachment in the In-Box. With Linux, people can concentrate on getting things done rather than concentrate on keeping their system safe.

Of course, Prudence is always in order, no matter what system you're running. You've given some great advice. I hope no matter what OS people are running, they listen to it.





^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Help Authoring Seminar 2003, coming soon to a city near you! Attend this
educational and affordable one-day seminar covering existing and emerging
trends in Help authoring technology. See http://www.ehelp.com/techwr-l2.

A new book on Single Sourcing has been released by William Andrew
Publishing: _Single Sourcing: Building Modular Documentation_
is now available at: http://www.williamandrew.com/titles/1491.html.

---
You are currently subscribed to techwr-l as:
archive -at- raycomm -dot- com
To unsubscribe send a blank email to leave-techwr-l-obscured -at- lists -dot- raycomm -dot- com
Send administrative questions to ejray -at- raycomm -dot- com -dot- Visit
http://www.raycomm.com/techwhirl/ for more resources and info.



Follow-Ups:

References:
Re: Security followup: From: Andrew Plato

Previous by Author: Re: Security followup
Next by Author: Re: Security followup
Previous by Thread: Re: Security followup
Next by Thread: Re: Security followup


What this post helpful? Share it with friends and colleagues:


Sponsored Ads