[AntiVirus + Ubuntu] was - Re: And another Ubuntu convert!

Brian McKee brian.mckee at gmail.com
Thu Jan 22 14:23:22 UTC 2009

On Wed, Jan 21, 2009 at 11:50 PM, NoOp <glgxg at sbcglobal.net> wrote:

Hey NoOp,

I promised I wouldn't comment on the last thread but you started a new
one, so... :-)

Let me put it this way.

1 - There is no such thing as a completely secure system.

2 - Computer security is process, not a destination.

2.1 - Determine acceptable risk level  (e.g. does this control
nuculear warheads? or is it a throwaway VM?)

2.2 - Determine risk level of each part of the system (is gedit more
likely to cause security issues than Firefox?)

2.3 - Apply effort in the areas that will most likely to reduce risk.
Lather, rinse, repeat until level is below that determined in 2.1

2.4 - Return to 2.1 - things change constantly

The system in question was an out of the box desktop in the hands of
an inexperienced user with a few typical internet apps added.   In my
mind and the the mind of the OP, installing an AV product *ON THAT
SYSTEM* would be wasting the time of the user and the installer.  If
the acceptable risk level was too high for the user or installer,
they'd get a lot better return of security for time spent by working
on user training and automating system updates.

Does this more formal statement make any more sense to you?  I liked
the asteroid shield comment better :-)


More information about the ubuntu-users mailing list