Re: [Full-Disclosure] Re: January 15 is Personal Firewall Day,help the cause

["Exibar" <exibar@thelair.com>]

>
> I fail to see how "phishing" (not fishing?) type emails relate to
> viruses. Those are two totally different types of attack methods. A
> virus aims for the weakness in a technical system. Sometimes, it may be
> needing a little social engineering though.
> Asking somebody to cut his own throat and smile while doing so is
> genuine social engineering and has nothing to do with the need for a
> virus scanner or technical defencive measures.
>
I agree, it looked like I was melding the two together into "threats" and
not keeping Viruses/worms separate.  Phishing's a new term that's cropped up
for these types of e-mail's.

> While you are right that there is the principal threat of "viruses" to
> Linux too, a virus scanner is not the way to protect against such
> attacks using Linux.
>
> Minimum usage (only deploy services you use)
       ---can be done on a windows box
> File Integrity Checking
       Would have to run Trip-wire or similliar.
> Rootkit Detectors (this comes closest to virus scanning)
        A/V scanner will do the job
> Firewalling
        Windows XP's builti in ICF, or zonelabs, etc
> Rigid Management Of User Rights
        windows can get pretty granular with user rights and permissions.
> Encryption
        Windows has built in file Encryption.

> These are the concepts for protecting a Linux machine.
>
> Most of them are missing in Windows. Just adding a personal firewall
> won't improve matters if the rest of these principles is absent.
>
Not really missing from Windows, just a bit more cumbersome to do.  I agree
that just adding a firewall is not the sole answer, neither is just adding
A/V software.

 Exibar

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html