[AntiVirus + Ubuntu] was - Re: And another Ubuntu convert!
Brian McKee
brian.mckee at gmail.com
Thu Jan 22 14:23:22 UTC 2009
On Wed, Jan 21, 2009 at 11:50 PM, NoOp <glgxg at sbcglobal.net> wrote:
Hey NoOp,
I promised I wouldn't comment on the last thread but you started a new
one, so... :-)
Let me put it this way.
1 - There is no such thing as a completely secure system.
2 - Computer security is process, not a destination.
2.1 - Determine acceptable risk level (e.g. does this control
nuculear warheads? or is it a throwaway VM?)
2.2 - Determine risk level of each part of the system (is gedit more
likely to cause security issues than Firefox?)
2.3 - Apply effort in the areas that will most likely to reduce risk.
Lather, rinse, repeat until level is below that determined in 2.1
2.4 - Return to 2.1 - things change constantly
The system in question was an out of the box desktop in the hands of
an inexperienced user with a few typical internet apps added. In my
mind and the the mind of the OP, installing an AV product *ON THAT
SYSTEM* would be wasting the time of the user and the installer. If
the acceptable risk level was too high for the user or installer,
they'd get a lot better return of security for time spent by working
on user training and automating system updates.
Does this more formal statement make any more sense to you? I liked
the asteroid shield comment better :-)
Brian
More information about the ubuntu-users
mailing list