Linux security
Alan McKinnon
alan at linuxholdings.co.za
Sat Apr 29 23:07:17 UTC 2006
On Saturday 29 April 2006 20:29, Daniel Carrera wrote:
> Alan McKinnon wrote:
> > The hard part with a Linux virus is not writing it, it's
> > *deploying* it.
>
> Okay, why are they harder to deploy? You're just nit-picking on
> terms. The point is trying to figure out if Linux is less
> vulnerable to malware.
We discussed this elsewhere, no need to do it again here :-)
> > A possible solution is to overhaul the OS in such a way that data
> > files can be tagged as writable only by specified apps i.e. only
> > *this* signed copy of OO.o can write to *that* .odt file. I
> > really don't think this is workable, the admin burden and
> > inconvenience will be large.
>
> SELinux to the rescue?
I'm always reluctant to recommend solutions like that, simply because
of the admin burden that tends to develop. I appreciate the
technicalities of the solution but I do find in practice that if a
solution becomes a burden and it can be disabled (or everything
switched off) then users will do just that. Heck, I even do it myself
from time to time on my own personal machines.
There's this fine balancing act between security and ease of use. I
don't have the magic bullet that let's us divine where that balance
is for case X :-)
--
If only you and dead people understand hex,
how many people understand hex?
Alan McKinnon
alan at linuxholdings dot co dot za
+27 82, double three seven, one nine three five
More information about the ubuntu-users
mailing list