Re: Re: January 15 is Personal Firewall Day, help the cause

[Tobias Weisserth <tobias () weisserth de>]

Hi "Exibar" (no realname?!),

Am Fre, den 16.01.2004 schrieb Exibar um 20:57:
...
> Ahhh, now there we go.  That might just be the case.  Off the top of my head
> I can't think of a Linux specific e-mail spreading virus.  Unless you count
> "phishing" type e-mails that are completely OS independant and basically
> want the user to head out to a web site and enter all their personal info
> (ss#, CC#'s etc).

I fail to see how "phishing" (not fishing?) type emails relate to
viruses. Those are two totally different types of attack methods. A
virus aims for the weakness in a technical system. Sometimes, it may be
needing a little social engineering though.
Asking somebody to cut his own throat and smile while doing so is
genuine social engineering and has nothing to do with the need for a
virus scanner or technical defencive measures.

While you are right that there is the principal threat of "viruses" to
Linux too, a virus scanner is not the way to protect against such
attacks using Linux.

Minimum usage (only deploy services you use)
File Integrity Checking
Rootkit Detectors (this comes closest to virus scanning)
Firewalling
Rigid Management Of User Rights
Encryption

These are the concepts for protecting a Linux machine.

Most of them are missing in Windows. Just adding a personal firewall
won't improve matters if the rest of these principles is absent.

cheers,
Tobias W.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html