I work in some situations where "users" have essentially LESS than zero need to access "root" And their use of the systems is it at a level where even if they were "trusted" to, there is no sane reason to make root access even possible for their workstation. Let alone granting them SERVER "root access" I've been tossing around a re-thinking of the server-client models for home/small office use. That's only on topic here as the "Bulletproof" metaphor has multiple paths to the goal.
The only comment beyond my lead in for rethinking client/server security is an admonition of ethics.
If we lived in a world like RMS envisioned we'd need no passwords.
On Fri, Sep 26, 2008 at 12:58 AM, Leo Mauler webgiant@yahoo.com wrote:
--- On Wed, 9/24/08, Adrian Griffis adriang63@gmail.com wrote:
On Wed, Sep 24, 2008 at 11:41 AM, James Sissel jimsissel@yahoo.com wrote:
Bulletproof Linux: Fact or Fiction?
http://www.esecurityplanet.com/views/article.php/3389291
The author, in that article, argues against something of a strawman. The real issues are discussed in something I've written before. It is entited "Virus Scanners Are the Dung Beatles of the Computer World", and you can find it at:
http://adriang.livejournal.com/1288.htmlThe "Bulletproof Linux" article seems to describe two worthwhile, Linux-specific basic points-of-entry for viruses:
Users using the root account.
Users losing their private data when a virus gains access to a user-level account that has no administrator privileges.
While your points about virus scanners and Linux are quite correct, that Linux patches happen so frequently that a Linux virus scanner would have virtually nothing to do, some distributions, especially the ones which purport to seamlessly replace Windows (*cough*Linspire*cough*), do drop the end user into the root account without much warning.
A large part of modern malware delivery these days is social engineering. Linux could benefit from a *Trojan* scanner, to help prevent end users from being duped into running applications in their user accounts because the website promises free stuff, especially free naughty stuff. The modern Windows virus scanner is often that little angel on your shoulder, reminding you that there is never a free lunch when the social engineer hands you a lunchbox full of malware.
No amount of hardening can protect a home system from the noob at the keyboard, but a little background app saying, for example, "do you really want your modem to dial a Russian 1-900 number?" can be helpful for the end user who has expressed a sudden need for "free" photo collections of the divine female form undraped, but not expressed a need for the eradication of their disposable income.
Kclug mailing list Kclug@kclug.org http://kclug.org/mailman/listinfo/kclug