Re: What is wrong with schools these days?

[Peter Besenbruch <prb () lava net>]

Paul Schmehl wrote:
> That's hilarious.  The number one defaced website OS is Linux.  (See 
> Zone-H.org if you don't believe me.)

No, their data shows Windows has the lead there, at least on page one.

> Ask them what that little red ball with the X in it is - you know - the 
> one flashing up there in the taskbar- and they'll say I dunno.

As a Debian user, I don't get those flashing, red balls. That means I'm 
safe. ;)

> No OS is secure by default.  No OS can remain secure if it's not 
> properly configured and maintained.  Look at your box right now.  How 
> many of you have inetd or xinetd running?  Why?  What services does it 
> provide that you need?  Do you even know what chargen or rpc.statd is? 
> If not, why are they running (if they are)?  How many of you have a 
> workstation running with more than just ssh enabled and *no* firewall 
> running?

Here is the real reason for my post. Inetd runs when it is told to 
listen for connections. In my case, it ran to listen on behalf of VMware 
Server, which I no longer have installed. The program that inetd would 
have invoked was no longer there. I commented out the line in 
/etc/inetd.conf and killed inetd. Thanks for mentioning that; you made 
me look.

> You name the OS, and I can tell you of at least one incident of hacking. 
>  We haven't had a Windows box hacked in a long time.  The last five were 
> two Macs and three RedHat boxes.  Does that mean Macs and RedHat are 
> insecure?  NO!  It means, until the general public understands the 
> problem and knows what the solution is, hacking will continue apace with 
> no sign of letting up.

Agreed, yet I would have a bone or two to pick.

I have a neighbor who has hosed two Windows systems through infections. 
He tried hard to hose the Linux side of things, but, as he was clueless, 
he couldn't make the worms he saved to disk executable.

I have sent my daughter to school with a laptop and no firewall on it (I 
don't have the network details for what to allow). Instead, I used 
Synaptic to do an in depth search for the word "server" and removed a 
bunch of packages. Is ssh installed? Sure, but just the client. Is 
Samba? Just enough to query her school's system, no server. KDE file 
sharing? It has to be installed before you can configure it. You get the 
idea.

My daughter's computer runs cleanly, and nothing strange has shown up. 
Her friends complain a lot about pop-ups that they didn't used to get.

Another neighbor had two daughters that kept getting their Windows 
machines infected. They didn't know how it happened. I switched them to 
Linux, and the infections stopped. I got a clue when one of them called, 
asking how to install "free" software from some Web site.

Clueless people will always be with us. No OS is going to keep them 
safe, but some may do a better job than others. You seem successful in 
managing Windows boxes, but my experience is the opposite. Those 
daughters who kept getting their computer infected? They never were told 
the root password. It also meant a lot that they couldn't just double 
click something and have it run. Such a simple difference in design can 
mean the world.

I have relatives who switched to a Mac. They never questioned why it 
took 45 minutes to check their e-mail with their old computer over a 
broadband connection, and were amazed that it took a couple of seconds 
with the new one. So far, it still takes a couple of seconds.

Linux can be hacked, but the vectors differ from Windows, and are 
narrower. E-mail worms will never take off. Web site remote exploits may 
work somewhat better. The big vulnerability on Linux comes when you run 
servers that allow external connections. My experience with Redhat is 
limited, but it struck me as a distribution that installed the kitchen 
sink. That can lead to trouble in inexperienced hands. Redhat isn't that 
easy to set up, either, yet I am amazed that someone installed it, and 
didn't know what that flashing, red, thingy was down in the task bar.

> The real problem is ignorance.

Along with bad design.

--
Hawaiian Astronomical Society: http://www.hawastsoc.org
HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/