Re: red worm amusement
On Sat, Jul 21, 2001 at 06:27:00PM -0700 Jacob Meuser wrote:
> Not really what I was getting at. I was saying this is TOO EASY.
> I'm saying that Debian doesn't do a good enough job of warning
> people about doing these things. I'm thinking about first time
> users who are not behind a firewall. I'm thinking about myself two
> years ago, running apache, mysql, exim, telnetd, portmap, and
> who knows what else, all while directly connected to the internet.
> Sure, I had some idea that running servers could be dangerous, but
> as Debian touts itself as "secure", I figured it would tell me if
> I were doing something "dangerous".
<snip>
Jacob,
Maybe some type of "disclaimer/warning" message needs to be
displayed to the user, *along* with a link that would explain
it in more detail. Some services that come with the default
in Debian do NOT need to be started... period.
OTOH, the RTFM does apply in alot of cases. I mean, when
I first fired up Linux eons ago I read so much my head
hurt. ;) Being a recent (6+ month) convert to Debian was
a god send to me, after dealing with RH and SuSE. But
then again, I knew which services to kill and what to
run for my particular application.
IMHO, no distribution is secure out of the box. Hell,
even OpenBSD has had major blunders in their lastest
release. Security is, after all... an ongoing issue
that needs to be dealt with *all* the time.
Dana
Reply to: