Re: [Full-Disclosure] Re: January 15 is Personal Firewall Day, help the cause

["David F. Skoll" <dfs@roaringpenguin.com>]

On Fri, 16 Jan 2004, Exibar wrote:

> yes, Mcafee has one, I'm sure there are others as well.

Really??  I'm amazed.  Do you have a URL?  I don't know anyone who
runs A/V software on Linux unless it's to scan for Windows viruses.

> Always a smart thing to do, but it's basically the same as not allowing
> users to be local admin of their windows box.

Except that running as non-root on Linux isn't quite as constraining as
not having admin privileges on a Windows box.

> Joe users off the street
> isn't going to run the Linux install like that though, they'll want to run
> as root because it's their box and they want to be God on it.

Well, I hope Joe User won't run as root more than necessary, but
you're right; education is required.  The modern Linux distros are
pretty good about forcing you to create a non-root account and
recommending that you use it.

[...]
>    In stiving for 100% you'll reach a point around 98% secure that you can
> no longer use the computer because the restrictions are too tight.

A 98%-secure Linux box is a lot less restrictive than a 98%-secure Windows
box, because Linux has fewer design flaws that need working around.

> You just
> have to accept that risk, such as you are accepting that risk when you don't
> run A/V software.

Not running A/V software on a Linux box is no risk at all.  Even the
McAffee A/V software wouldn't detect a worm in time to do any good.
You can take the following simple precautions (which I do):  Mount /tmp
noexec, and if you're really paranoid, mount /home noexec also.  That
pretty much kills any propagation vector for viruses.

Regards,

David.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html