And another Ubuntu convert!

Thu Jan 22 21:08:50 UTC 2009

On Fri, Jan 23, 2009 at 3:08 AM, Mark Haney <mhaney at ercbroadband.org> wrote:
> Karl F. Larsen wrote:
>>     Alright I have never seen a virus sent to me or anyone else I have
>> talked to from 1996 to the present day. Why worry?
>>
>
> Indeed, why worry?  Since you are so up to date on your security
> practices and are so very comfortable with your settings, feel free not
> to worry.  I mean, it's only a matter of time before that attitude will
> make you careless.

I personally read stuff like:
http://linuxmafia.com/~rick/faq/index.php?page=virus

It's written by a sysadmin whom I have followed for years.

>
> Besides, without AV software how would you KNOW you've not been sent a
> virus?

Not being a complete idiot I would have trashed all executable
attachments I'd been sent by untrusted sources without knowing or
caring whether they were virused or not. Were I curious enough to run
something like that I'd do it in a throw away user account, after
checking perms etc.

If I did run something untrusted as root user I'd deserve everything
that happened to me.
But I'm not silly enough to to spend my day as root. If I was all of
the AV stuff in the world would not protect me.

> Sadly, it is that very 'Why worry' attitude that is killing this
> country.  90% of the time, those who say that and get bit by it, always
> whine and are always a victim and NEVER take responsibility for the fact
> that they dropped the ball.

>
> Those of us who DO take responsibility for their actions and their
> equipment and data take every precaution necessary to prevent any
> incursion into our systems.
>
> This again is my point.  Neither you, nor anyone else is sufficiently
> versed enough in every single applications security vulnerabilities to
> be able to say 'my system won't be affected'.  It's simply not possible.
>  Sure, updates will patch some holes, but others, maybe not.
>
> But, do you KNOW your system is as safe as you think it is?  Have you
> done penetration testing?  Do you check your log files every day for
> unusual behaviour?  Do you keep a baseline look at system performance to
> determine what might be out of the ordinary?
>
> I bet you don't.

I run a desk top box. Were I running a server I would need to do more
stringent stuff than keeping my system up to date.
As it is the regular software updates will do.

>
> So, how can you say you're system is virus/malware free?  Juse 'because
> it's linux'?  That's like saying, there's no crime in my neighborhood so
> I'll not lock my doors at night.    Doing that often enough is just an
> open invitation to get robbed.
>
> I've talked all I'm going to about this.  None of you naysayers will
> listen regardless, so I'm wasting my breath.  Be warned, it WILL happen.
>  I'd much rather not be you when it does.
>

Whose AV package are you selling anyway?

Bob
-- 
In a world without walls who needs Windows (or Gates)? Try Linux instead!