[Off Topic] Re: Linux security

[Alan McKinnon]

On Thursday 04 May 2006 11:33, Daniel Carrera wrote:
> > If you're getting hit by worms, trojans and viruses I'm sorry,
> > but you're doing something positively, absolutely */_WRONG_/*.
> >  And you'll do all those very same things wrong if you use Linux
> > and Linux is the target of worms, trojans and viruses.
>
> Well, I'm reasonably knowledgeable of computers, and I'm paranoid
> about security. And I can't think of anything else to do besides
> dumping Windows. Look, I've given you an example of a group of
> people who are *not* clueless, do all the right things I can think
> of, are conscious computer users, and have a healthy level of
> paranoia and still get hit by viruses. Sure, they get hit less
> often than their friends do, but they still get hit.

I'll side with Daniel in the main here. It's really hard to protect 
yourself against a threat that isn't known - case in point: if I was 
running Windows last Christmas Day and happened to browse a site that 
was compromised with the .wmf hole, I would almost certainly have 
been exploited. I'm not daft and I know the rules as well as anyone 
else here, but there's no way I could have known about that one, or 
even protected myself on an unpatched box. I know the hole wasn't 
used in the wild worth a damn, but I'm describing a mechanism here.

If Daniel's family are getting 0wned, then either there is a family 
member that isn't following the rules and infecting everyone else or 
there is a hole out there that he hasn't taken into account. Hiw next 
step is obviously to track down how the exploits are coming in and 
fix that. Meanwhile, my money's on pebcak

-- 
If only you and dead people understand hex, 
how many people understand hex?

Alan McKinnon
alan at linuxholdings dot co dot za
+27 82, double three seven, one nine three five