[DLSLUG-Discuss] Interesting security piece

Lloyd Kvam e-mail addresses are not shown in archives
Fri Dec 16 08:03:52 EST 2005


On Thu, 2005-12-15 at 23:42 -0800, Roger wrote:
> Yeah...
> 
> I didn't want to say this in my first book review (these points sound a bit dogmatic and
> controversial), but that is why Leo Laporte and Robin Miller are promoting Linux (especially their
> distro: Simply MEMPIS).
> 
> These authors argue that if a few more Windows users become Linux users, then malware authors
> would need to write for Linux as well as Windows in order to stay effective. For hobbyist such as
> me, that's okay. I bet that's a tough sell in the corporate world. Try advocating that to
> overworked and unbudgeted IT departments. They don't want variety; they want simplicity.
> 
> Some Linux advocates would also argue that malware authors would need to contend with Linux where
> MOST applications are designed to work reasonably well w/o admin or root access. That minimizes
> the threat that bugs in Konqueror or bash would pose if those programs don't run as root. 
> 
> (I confess, I'm kinda fond of the Windows XP "system restore" feature. I kinda wish that Fedora
> had a similar feature that I could use before and after I do something important as "root". That
> way if I misconfigure my system, I could reverse the process w/o reinstalling Fedora.
The components are very modular so RPM should be able to get you back
where you started, though I have trouble doing downgrades with RPM.  A
reinstall should not be necessary.

Use subversion (or CVS) to take snapshots of etc.  Just double check the
permissions on the files in the snapshot.  You do not want a world
readable copy of shadow or your private encryption keys in the snapshot.
I run subversion as a nightly cron job to capture the etc tree changes.

>  I guess the
> RPM uninstall feature is okay and I can't expect Linus, GNU, and RedHat to protect me against
> MYSELF. I guess I just need to read the man pages carefully and backup all important documents
> including config files. lol...)
> 
> Sincerely,
> Roger
> 
> 
> --- Python <[e-mail addresses are not shown in archives]> wrote:
> 
> > http://www.usenix.org/publications/login/2005-12/openpdfs/geer.pdf
> > 
> > It was mentioned in Bruce Schneier's monthly newsletter.
> > 
> > -- 
> > Lloyd Kvam
> > Venix Corp
> > 
> > _______________________________________________
> > DLSLUG-Discuss mailing list
> > [e-mail addresses are not shown in archives]
> > http://dlslug.org/mailman/listinfo/dlslug-discuss
> > 
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around 
> http://mail.yahoo.com 
> _______________________________________________
> DLSLUG-Discuss mailing list
> [e-mail addresses are not shown in archives]
> http://dlslug.org/mailman/listinfo/dlslug-discuss
-- 
Lloyd Kvam
Venix Corp.
1 Court Street, Suite 378
Lebanon, NH 03766-1358

voice:  603-653-8139
fax:    320-210-3409




More information about the DLSLUG-Discuss mailing list