lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040116222147.GA4910@ergo.nruns.com>
From: jan.muenther at nruns.com (jan.muenther@...ns.com)
Subject: Re: January 15 is Personal Firewall Day, help the cause

I couldn't help but comment on this (quickly, because these discussions tend
to turn into a point- and endless ping-pong match). 

It can actually drive me mad to see how many Linux users entirely trust in
their assumption that they're more secure by default simply because they
don't run a Windows system. Sure, the average Linux user might be more tech
savvy and common with the internals of his/her system than your typical
Win32 home user. 

However, there are *plenty* incredibly vulnerable Linux boxes exposed to the
Internet and I know for a fact that quite a few people simply download and
install binary packages from any given source without a second thought. Even
more ironically, a lot of people just compile and install anything with the
usual ./configure / make /make install stupor. 

ELF infectors do exist, and just because it's not quite so common, doesn't
mean it doesn't happen. Also - wild theory - I'd say that people are less
likely to notice a malware infected Linux box than a Win32 one, simply
because of blind trust. 

I also disagree on the note that a single system exposed to the Internet
doesn't form any type of threat at all. You can always beautifully serve as
a hop or become a friendly member of a botnet or whatever. 

I'm not saying Linux sucks security-wise, I'm not saying Win32 sucks
security-wise. It's what you do with it, how you handle it, and how much you
assume. 

Cheers, J.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ