Bulletproof Linux and Related Issues

Oren Beck orenbeck at gmail.com
Fri Sep 26 11:35:07 CDT 2008 

I work in some situations where "users" have essentially LESS than
zero need to access "root"  And their use of the systems is it at a
level where even if they were "trusted" to, there is no sane reason to
make root access even possible for their workstation. Let alone
granting them SERVER "root access"  I've been tossing around a
re-thinking of the server-client models for home/small office use.
That's only on topic here as the "Bulletproof" metaphor has multiple
paths to the goal.

The only comment beyond my lead in for rethinking client/server
security is an admonition of ethics.

If we lived in a world like RMS envisioned we'd need no passwords.



On Fri, Sep 26, 2008 at 12:58 AM, Leo Mauler <webgiant at yahoo.com> wrote:
> --- On Wed, 9/24/08, Adrian Griffis <adriang63 at gmail.com> wrote:
>
>> On Wed, Sep 24, 2008 at 11:41 AM, James Sissel
>> <jimsissel at yahoo.com> wrote:
>> > Bulletproof Linux: Fact or Fiction?
>>
>> http://www.esecurityplanet.com/views/article.php/3389291
>>
>> The author, in that article, argues against something
>> of a strawman.  The real issues are discussed in
>> something I've written before.  It is entited "Virus
>> Scanners Are the Dung Beatles of the Computer World",
>> and you can find it at:
>>
>>     http://adriang.livejournal.com/1288.html
>
> The "Bulletproof Linux" article seems to describe two worthwhile, Linux-specific basic points-of-entry for viruses:
>
> 1) Users using the root account.
>
> 2) Users losing their private data when a virus gains access to a user-level account that has no administrator privileges.
>
> While your points about virus scanners and Linux are quite correct, that Linux patches happen so frequently that a Linux virus scanner would have virtually nothing to do, some distributions, especially the ones which purport to seamlessly replace Windows (*cough*Linspire*cough*), do drop the end user into the root account without much warning.
>
> A large part of modern malware delivery these days is social engineering.  Linux could benefit from a *Trojan* scanner, to help prevent end users from being duped into running applications in their user accounts because the website promises free stuff, especially free naughty stuff.  The modern Windows virus scanner is often that little angel on your shoulder, reminding you that there is never a free lunch when the social engineer hands you a lunchbox full of malware.
>
> No amount of hardening can protect a home system from the noob at the keyboard, but a little background app saying, for example, "do you really want your modem to dial a Russian 1-900 number?" can be helpful for the end user who has expressed a sudden need for "free" photo collections of the divine female form undraped, but not expressed a need for the eradication of their disposable income.
>
>
>
> _______________________________________________
> Kclug mailing list
> Kclug at kclug.org
> http://kclug.org/mailman/listinfo/kclug
>



-- 
Oren Beck

816.729.3645

More information about the Kclug mailing list