Full Disclosure mailing list archives
Re: Re: January 15 is Personal Firewall Day, help the cause
From: "David F. Skoll" <dfs () roaringpenguin com>
Date: Fri, 16 Jan 2004 17:04:39 -0500 (EST)
On Fri, 16 Jan 2004, Exibar wrote:
yes, Mcafee has one, I'm sure there are others as well.
Really?? I'm amazed. Do you have a URL? I don't know anyone who runs A/V software on Linux unless it's to scan for Windows viruses.
Always a smart thing to do, but it's basically the same as not allowing users to be local admin of their windows box.
Except that running as non-root on Linux isn't quite as constraining as not having admin privileges on a Windows box.
Joe users off the street isn't going to run the Linux install like that though, they'll want to run as root because it's their box and they want to be God on it.
Well, I hope Joe User won't run as root more than necessary, but you're right; education is required. The modern Linux distros are pretty good about forcing you to create a non-root account and recommending that you use it. [...]
In stiving for 100% you'll reach a point around 98% secure that you can no longer use the computer because the restrictions are too tight.
A 98%-secure Linux box is a lot less restrictive than a 98%-secure Windows box, because Linux has fewer design flaws that need working around.
You just have to accept that risk, such as you are accepting that risk when you don't run A/V software.
Not running A/V software on a Linux box is no risk at all. Even the McAffee A/V software wouldn't detect a worm in time to do any good. You can take the following simple precautions (which I do): Mount /tmp noexec, and if you're really paranoid, mount /home noexec also. That pretty much kills any propagation vector for viruses. Regards, David. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Re: January 15 is Personal Firewall Day, help the cause, (continued)
- Re: Re: January 15 is Personal Firewall Day, help the cause David F. Skoll (Jan 15)
- Re: Re: January 15 is Personal Firewall Day, help the cause Tobias Weisserth (Jan 15)
- Re: Re: January 15 is Personal Firewall Day, help the cause Exibar (Jan 16)
- Re: Re: January 15 is Personal Firewall Day, help the cause David F. Skoll (Jan 16)
- Re: Re: January 15 is Personal Firewall Day, help the cause Exibar (Jan 16)
- Re: Re: January 15 is Personal Firewall Day, help the cause David F. Skoll (Jan 16)
- Re: Re: January 15 is Personal Firewall Day, help the cause Exibar (Jan 16)
- Re: Re: January 15 is Personal Firewall Day, help the cause Tobias Weisserth (Jan 16)
- Re: Re: January 15 is Personal Firewall Day, help the cause David F. Skoll (Jan 16)
- Re: Re: January 15 is Personal Firewall Day, help the cause Exibar (Jan 16)
- Re: Re: January 15 is Personal Firewall Day, help the cause David F. Skoll (Jan 16)
- Re: Re: January 15 is Personal Firewall Day, help the cause Bruce Ediger (Jan 17)
- Re: Re: January 15 is Personal Firewall Day, help the cause Valdis . Kletnieks (Jan 17)
- Re: Re: January 15 is Personal Firewall Day, help the cause Tobias Weisserth (Jan 17)
- RE: Re: January 15 is Personal Firewall Day, help the cause Wes Noonan (Jan 16)
- RE: Re: January 15 is Personal Firewall Day, help the cause Ron DuFresne (Jan 16)
- RE: Re: January 15 is Personal Firewall Day, help the cause Ron DuFresne (Jan 16)
- RE: Re: January 15 is Personal Firewall Day, help the cause David F. Skoll (Jan 18)
- Religion... was RE: Re: January 15 is Personal Firewall Day, help the cause Wes Noonan (Jan 18)
- Re: Religion... was RE: Re: January 15 is Personal Firewall Day, help the cause David F. Skoll (Jan 18)
- RE: Religion... was RE: Re: January 15 is Personal Firewall Day, help the cause Wes Noonan (Jan 18)