| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20040116222147.GA4910@ergo.nruns.com> From: jan.muenther at nruns.com (jan.muenther@...ns.com) Subject: Re: January 15 is Personal Firewall Day, help the cause I couldn't help but comment on this (quickly, because these discussions tend to turn into a point- and endless ping-pong match). It can actually drive me mad to see how many Linux users entirely trust in their assumption that they're more secure by default simply because they don't run a Windows system. Sure, the average Linux user might be more tech savvy and common with the internals of his/her system than your typical Win32 home user. However, there are *plenty* incredibly vulnerable Linux boxes exposed to the Internet and I know for a fact that quite a few people simply download and install binary packages from any given source without a second thought. Even more ironically, a lot of people just compile and install anything with the usual ./configure / make /make install stupor. ELF infectors do exist, and just because it's not quite so common, doesn't mean it doesn't happen. Also - wild theory - I'd say that people are less likely to notice a malware infected Linux box than a Win32 one, simply because of blind trust. I also disagree on the note that a single system exposed to the Internet doesn't form any type of threat at all. You can always beautifully serve as a hop or become a friendly member of a botnet or whatever. I'm not saying Linux sucks security-wise, I'm not saying Win32 sucks security-wise. It's what you do with it, how you handle it, and how much you assume. Cheers, J.
Powered by blists - more mailing lists