lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <04c001c3dc79$6432f300$1214dd80@corp.emc.com>
From: exibar at thelair.com (Exibar)
Subject: Re: January 15 is Personal Firewall Day,help the cause

>
> I fail to see how "phishing" (not fishing?) type emails relate to
> viruses. Those are two totally different types of attack methods. A
> virus aims for the weakness in a technical system. Sometimes, it may be
> needing a little social engineering though.
> Asking somebody to cut his own throat and smile while doing so is
> genuine social engineering and has nothing to do with the need for a
> virus scanner or technical defencive measures.
>
I agree, it looked like I was melding the two together into "threats" and
not keeping Viruses/worms separate.  Phishing's a new term that's cropped up
for these types of e-mail's.

> While you are right that there is the principal threat of "viruses" to
> Linux too, a virus scanner is not the way to protect against such
> attacks using Linux.
>
> Minimum usage (only deploy services you use)
       ---can be done on a windows box
> File Integrity Checking
       Would have to run Trip-wire or similliar.
> Rootkit Detectors (this comes closest to virus scanning)
        A/V scanner will do the job
> Firewalling
        Windows XP's builti in ICF, or zonelabs, etc
> Rigid Management Of User Rights
        windows can get pretty granular with user rights and permissions.
> Encryption
        Windows has built in file Encryption.

> These are the concepts for protecting a Linux machine.
>
> Most of them are missing in Windows. Just adding a personal firewall
> won't improve matters if the rest of these principles is absent.
>
Not really missing from Windows, just a bit more cumbersome to do.  I agree
that just adding a firewall is not the sole answer, neither is just adding
A/V software.

 Exibar

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ