Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: [Full-Disclosure] Re: January 15 is Personal Firewall Day, help the cause
From: David F. Skoll (dfsroaringpenguin.com)
Date: Fri Jan 16 2004 - 16:04:39 CST
On Fri, 16 Jan 2004, Exibar wrote:
> yes, Mcafee has one, I'm sure there are others as well.
Really?? I'm amazed. Do you have a URL? I don't know anyone who
runs A/V software on Linux unless it's to scan for Windows viruses.
> Always a smart thing to do, but it's basically the same as not allowing
> users to be local admin of their windows box.
Except that running as non-root on Linux isn't quite as constraining as
not having admin privileges on a Windows box.
> Joe users off the street
> isn't going to run the Linux install like that though, they'll want to run
> as root because it's their box and they want to be God on it.
Well, I hope Joe User won't run as root more than necessary, but
you're right; education is required. The modern Linux distros are
pretty good about forcing you to create a non-root account and
recommending that you use it.
> In stiving for 100% you'll reach a point around 98% secure that you can
> no longer use the computer because the restrictions are too tight.
A 98%-secure Linux box is a lot less restrictive than a 98%-secure Windows
box, because Linux has fewer design flaws that need working around.
> You just
> have to accept that risk, such as you are accepting that risk when you don't
> run A/V software.
Not running A/V software on a Linux box is no risk at all. Even the
McAffee A/V software wouldn't detect a worm in time to do any good.
You can take the following simple precautions (which I do): Mount /tmp
noexec, and if you're really paranoid, mount /home noexec also. That
pretty much kills any propagation vector for viruses.
Full-Disclosure - We believe in it.