Re: Re: January 15 is Personal Firewall Day, help the cause

[jan.muenther () nruns com]

I couldn't help but comment on this (quickly, because these discussions tend
to turn into a point- and endless ping-pong match). 

It can actually drive me mad to see how many Linux users entirely trust in
their assumption that they're more secure by default simply because they
don't run a Windows system. Sure, the average Linux user might be more tech
savvy and common with the internals of his/her system than your typical
Win32 home user. 

However, there are *plenty* incredibly vulnerable Linux boxes exposed to the
Internet and I know for a fact that quite a few people simply download and
install binary packages from any given source without a second thought. Even
more ironically, a lot of people just compile and install anything with the
usual ./configure / make /make install stupor. 

ELF infectors do exist, and just because it's not quite so common, doesn't
mean it doesn't happen. Also - wild theory - I'd say that people are less
likely to notice a malware infected Linux box than a Win32 one, simply
because of blind trust. 

I also disagree on the note that a single system exposed to the Internet
doesn't form any type of threat at all. You can always beautifully serve as
a hop or become a friendly member of a botnet or whatever. 

I'm not saying Linux sucks security-wise, I'm not saying Win32 sucks
security-wise. It's what you do with it, how you handle it, and how much you
assume. 

Cheers, J.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html