[plug] security of linux desktops re mail viri

craig at postnewspapers.com.au craig at postnewspapers.com.au
Wed Dec 12 15:44:14 WST 2001 

> Yes but you can subscribe to the debian security announcement mailing list. 
> Is there a Win-doze security announcement mailing list?
Actually, I seem to remember that there is, somewhere in the back of
MS's site, well hidden... perhaps its just a security bulletin page.

I've been told it exists but never bothered looking myself as I just
don't care. Our 9x boxes have no floppy or CD-ROM drives, paranoid
security settings, are kept up to date, and all eMail is virus-scanned
at the mail server.

> > Except that the people installing Red Hat on their desktops will _never_
> > run up2date, makdrake users won't use mandrake update, etc. Hell, even
> > windows can auto-update but nobody uses it, if they did the outlook
> > virus problems would be smaller than they are.
> 
> I tried Windows Update feature - it didn't actually do anything useful. I 
> think it's just a decoration.
I've found it to be the only way of actually *finding* the f**ing
patches. mirror.aarnet.edu.au has a patch archive, but its not too
useful.

> > So in the end we face a similar problem to MS in that regard - how to
> > get the users to F**ING APPLY THE PATCHES!!!
> 
> You are still better if you don't start with a lemon.
Hee hee hee... I'll second that.

> If course I wouldn't log out. I would use 'sudo' to change to the appropriate 
> user and attach this up to the menus so that it was seamless. You're clearly 
> thinking like a Win-doze user "Must log out to change user id", "Must be in 
> front of the machine to be running things on it", "The people who make my OS 
> don't care about security so I won't either".
Good point about sudo.
As for not caring about security, I do take exception to that. I think
I think my systems are fairly secure. No paranoidly so, but secured
within reasonable limits. And as for the "Must log out to change user
id", I did suggest dual xservers on different vc. "Must be in
front of the machine to be running things on it" I never even
suggested - I run remote X apps sometimes, use vnc to access the nt
server sometimes, ssh between home and work a lot, and make extensive
use of ssh tunneling. I don't know where you got the "thinking like a
windows user" bit. If I was doing that, it was only to show what _the
average user_ will do.

> In fact I don't know why this isn't the default behaviour. Perhaps I should 
> suggest that to the Mozilla package maintainers.
If there's anything I'd like to see run in an isolated uid, its mozilla.
Perhaps evolution, too, for those that use it.

> > It is much harder for a virus on linux to nuke the system. Nigh
> > impossible, in fact, without an exploit of an suid tool (pretty sysadmin
> > tools for desktops come to mind) or tricking the user into entering the
> > root password, which is easy - if they have it. Which, on a desktop for
> > home use, they do.
> 
> All you need to do is:
> 
> alias su=~/.steal_password_script
> 
> And next time they try to 'su' it will snaffle the password and they'd be 
> none the wiser. This is another reason why stupid users shouldn't be given 
> the root password.
But if the stupid user installed the desktop, and is the only one using
it, there really is no alternative. Think about a world where most
people have to pay someone to install and maintain their home PC. No
thanks, I'd prefer stupid users!

> > I'm not talking about _now_. I don't see viri as a problem for linux
> > yet.
> > But if / when adopted widely, esp. for stand-alone systems without
> > dedicated sysadmins, that's what I'm concerned about.
> 
> The way I look at it is that running Linux is like installing a lock in your 
> front door. Running Windows is like writing a sign "do not enter" on your 
> front door. Neither helps if you just leave the door wide open.
Actually, I'd say that windows is "do not enter" with a thin glass door and
gold behind it...

> Linux does have built in user accounts. This means that if dad doesn't give 
> Timmy the root password then Timmy probably won't bugger up dad's machine or 
> interfere with dad's work.
Yep. But if Timmy and Dad use mail client X and it has an auto-exec
vunrability or both Timmy and Dad want to see anna naked and are stupid,
it doesn't protect them much.

In other words - user accounts are an effective, but not insurmountable,
barrier. Anything that can hop machine to machine can also hop uid to
uid. It does largely prevent passive viri from infecting the whole
machine, though - you need an active mail worm or something.
 
> Win-doze *in general* does not offer this kind of protection. Of course this 
> is not why I don't use Win-doze. I don't use Win-doze because Linux is simply 
> much easier to use.
Yeah. I have to admin NT4 at work because our dratted classified
pagination system only runs on nt and 2k with sql anywhere. It might
_run_ on linux since there is sql anywhere for linux, but it isn't
officially supported and as it's mission critical I can't risk that.

-- 
Craig Ringer
IT Manager
POST Newspapers
http://www.postnewspapers.com.au/
GPG Key Fingerprint: AF1C ABFE 7E64 E9C8 FC27  C16E D3CE CDC0 0E93 380D

More information about the plug mailing list