Closure of a previous question and new questions on system security apps...

Jeffrey F. Bloss jbloss at
Fri Jan 12 03:42:54 UTC 2007

Brian Lunergan wrote:

> >> Until then I choose to set av and firewall as perimeter defences to
> >> deal with any windows based intrusion attempts, and select some of
> >> the stronger tools you and Constantine suggested to root out and
> >> deal with those that get through into where they are not wanted
> >> and not welcome. None of them may have very much to do for some
> >> time yet, but I'd rather have them in place to deal with that
> >> something when it arises.
> > 
> > But therein lies the rub... the tools Constantine (great post by the
> > way) and to a lesser degree, I suggested, aren't more or less
> > "powerful" than many of the tools you're use to using on another
> > platform. They're simply a different set of tools because the jobs
> > are different. By neglecting these new tools in favor of old tools
> > that may have served you well for other jobs because you're
> > comfortable with the way they feel in your hand, you are running a
> > very real risk of not getting a bolt tightened down properly or
> > stripping the threads. :)
> Okay, let me rewind and try to phrase it better. I didn't mean to
> suggest I was intending to neglect one over the other. I see a role

Sorry if I misunderstood... :)

> for both. There will be the Windows based troublemakers and crooks
> who show up thinking it's a Windows machine attached to the IP number
> I'm assigned at that moment. I see the AV and firewall programs
> having a role blocking those for the present and being in place to

Blocking them from doing what?? Keeping windows exploits away from a
Linux box is akin to keeping male dogs from getting pregnant. It's a
complete waste of time. Not to mention the fact that every layer of
security you add brings an element of risk with it. Your
Windows-centric antivirus software could turn around and bit you
royally by being the very thing that gives an attacker the exploitable
hole they're looking for. If there's no benefit to running it that's a
100% net loss worst case, and a lesser loss best case. :(

> deal with any future appearance of Linux based trouble makers. I

Nothing you install now is going have the precognitive abilities. If
something new pops up it won't matter either way. That's why it's been
suggested that you give more attention to keeping your system up to
date than relying on third party, superficially proactive, "band
aids". The nice thing about communities like Ubuntu and open source in
general is when something bad is uncovered the hole is almost always
plugged before it can become a problem.

Some other unnamed platforms only release fixes once a month, and have
been known to let serious flaws go unfixed for years at a time. That's
one of the reasons you need all the extra junk. Another is the fact
that *nix operating systems and their relatives are designed to be
multiuser and networking capable from the ground up. They're literally
more at home talking across a network to each other than some other
operating systems.

Again, this really is a completely different world, and that requires a
pretty thorough rework of your though processes if you're at all
serious about it. 

> perhaps skimmed the thought too quickly but I do intend to consider
> Constantine's suggestions very carefully and choose a second (but
> equally important) line of defence team to monitor for and sweep the
> field of any intruders that get through. Both lines of defence
> important and both will be chosen with as much care as possible.

This whole field is a science in itself. But in general you can assume
that your best solution will come after carefully assessing your
*actual* risks, and doesn't include any preconceived notions about what
you may or may not need. 

> I not so trusting that I believe either one set or the other will be
> flawless and catch everything that might turn up, but it will be a
> toolbox that proves to me that they do a reasonable job at catching
> the most possible.

Indeed. And nobody here is trying to blow smoke your way by claiming
Linux is some sort of impervious fortress. It has it's own problems for
sure. But they're completely different problems than Windows for the
most part, and need addressed accordingly. Applying Windows-like
solutions not only solves nothing, it wastes resources and could
conceivably weaken your overall security.

Maybe if you post some more specific information information someone
could help you make an even more informed decision. Like are we talking
about a desktop or laptop. Newer hardware, or older? General machine
specs? Using DSL/Cable? What are your typical usages? Email/web, IRC,
file sharing, blogging, etc... Are you the only user of your system, or
will you be sharing it with others? Are you or anyone else a gamer?
Stuff like that will be what dictates your ultimate best case solution,
not what worked on your Windows box.

     _?_      Outside of a dog, a book is a man's best friend.
    (o o)         Inside of a dog, it's too dark to read.
-oOO-(_)--OOo-------------------------------[ Groucho Marx ]--
    grok!              Registered Linux user #402208
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 892 bytes
Desc: not available
URL: <>

More information about the ubuntu-users mailing list