todbot88 at gmail.com
Thu Sep 7 19:06:49 UTC 2006
On 9/7/06, David Fletcher <fc at fletchersweb.net> wrote:
> At 02:39 07/09/2006, you wrote:
> >On Wed, 2006-09-06 at 19:49 -0500, Michael Yep wrote:
> > > Users should run as restricted users
> So, if we the Linux community can manage to persuade computer users
> to switch from windows to Linux we've then got a problem with people
> who don't understand security. If they've always run windows in
> supervisor mode then they'll just run Linux as root user because they
> don't know or understand the reasons why that is A BAD THING.
I think it goes beyond this and is in process as we speak! We enjoy
not being the flagship here. If I were the richest man in the world,
I would need a lot of security. He is (one of them) and he does. So
if we become more like him (have more people using our OS) we also
inherit the need for more security - we will be more of a target!!
We do appear to be a bit more popular - may God help us!
> It all boils down to education. If a Linux user can manage to turn a
> windows user away from the Dark Side then that's very good. But with
> that power comes responsibility - the responsibility to educate new
> users to run the operating system correctly and safely.
What I would like to see is:
1. Education for the developers. Secure code, I am suspicious,
happens when you know how to build it.
2. Evaluation of the "new" and "old" code. I would love to see some
"security testing and evaluation" teams out there. Sort of an
organized "gauntlet" we could put our code through to make it more
secure in an iterative process.
3. Certification (sort of a UL label or something) of code thus processed.
4. A way to solve the "zero day" problem. As soon as you make the
vulnerability public hostile people start writing attacks! We need to
be able to find vulnerabilities, make and release a patch, and then
make the vulnerability public.
> Dave F
May we find a way!
More information about the ubuntu-users