From: David F. Skoll (dfsroaringpenguin.com)
Date: Fri Jan 16 2004 - 16:04:39 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 16 Jan 2004, Exibar wrote:

> yes, Mcafee has one, I'm sure there are others as well.

Really?? I'm amazed. Do you have a URL? I don't know anyone who
runs A/V software on Linux unless it's to scan for Windows viruses.

> Always a smart thing to do, but it's basically the same as not allowing
> users to be local admin of their windows box.

Except that running as non-root on Linux isn't quite as constraining as
not having admin privileges on a Windows box.

> Joe users off the street
> isn't going to run the Linux install like that though, they'll want to run
> as root because it's their box and they want to be God on it.

Well, I hope Joe User won't run as root more than necessary, but
you're right; education is required. The modern Linux distros are
pretty good about forcing you to create a non-root account and
recommending that you use it.

[...]
> In stiving for 100% you'll reach a point around 98% secure that you can
> no longer use the computer because the restrictions are too tight.

A 98%-secure Linux box is a lot less restrictive than a 98%-secure Windows
box, because Linux has fewer design flaws that need working around.

> You just
> have to accept that risk, such as you are accepting that risk when you don't
> run A/V software.

Not running A/V software on a Linux box is no risk at all. Even the
McAffee A/V software wouldn't detect a worm in time to do any good.
You can take the following simple precautions (which I do): Mount /tmp
noexec, and if you're really paranoid, mount /home noexec also. That
pretty much kills any propagation vector for viruses.

Regards,

David.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]