[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.58.0401181056270.2431@shishi.roaringpenguin.com>
From: dfs at roaringpenguin.com (David F. Skoll)
Subject: Religion... was RE: Re: January 15 is Personal
Firewall Day, help the cause
On Sun, 18 Jan 2004, Wes Noonan wrote:
> > (I know that someone recently released code to do a "user-space" exec,
> > so mounting /tmp noexec is not 100% foolproof, but it's pretty good
> > protection.)
> Well then, IMO you might want to invest in virus protection.
Why? Name one virus for Linux that AV software would have protected
against, that a noexec /tmp wouldn't have.
(It's hard enough to name a Linux virus; it's impossible to name a virus
that meets the latter conditions.)
> I'm curious, why is your solution which is not 100% foolproof "pretty good
> protection", but installing virus protection which is not 100% foolproof is
> a sham?
Because mounting /tmp noexec costs me nothing, whereas buying AV software
costs money.
> Really, it seems to me that a number of the "anti-virus scan" positions (and
> indeed most of the anti-microsoft, ant-personal firewall, etc positions)
> seem to have little substance beyond "I don't want to spend money".
That's a good enough reason for me. :-) I'm a tried-and-true
capitalist, and anything legal that decreases the cost of production
is something that will help my business, and something I'll embrace.
We're a 7-person shop with a budget of $0 for software. I'd love to
see a Microsoft shop with a similar software budget.
Why should I spend money, time and energy trying to secure a basically
un-securable system, when I can not spend money, spend a whole lot
less time and energy, and have a more secure system?
One of the reasons Microsoft has such a terrible security record is
that it's a monopoly. All the people who have posted "ah, yes, but
it's impractical to switch" are perpetuating insecure software.
Securing software costs a lot of money; if Microsoft knows it won't
lose market share even if it doesn't bother securing its software,
what possible motivation would it have to secure the software? (As a
tried-and-true capitalist, *I* certainly wouldn't spend money securing
software in that situation.)
So unless you investigate alternative systems seriously, you're just
ensuring a monopoly situation, which guarantees bad software.
Complacency and defeatism have no place in the fight to secure our
computers.
--
David.
Powered by blists - more mailing lists