[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: red worm amusement

On Sun, Jul 22, 2001 at 12:54:49PM +1000, CaT wrote:
> You know. You're right. We should make it as difficult as possible
> to install software. Right down to removing makefiles from source
> repositories and rot13ing the source code because the harder it is
> to install a piece of software, the more secure a box is.

No, I'm simply saying not to start services immediately.  I mean really,
who in their right mind starts a service without looking at the config
files?  How hard is it to add the links from /etc/rc?.d to /etc/init.d
(isn't there script to do this anyway)?

> And then the computer you just spent a few grand on will be about
> as useful as a toaster without heating elements.

That's better than them getting sued for a hell of a lot more than they
paid for their machine because someone launched an attack from their
machine, and they can't prove they didn't to it.

> The trick is not to make installation of software more difficult. The
> trick is in informing the user about what they just did and what
> consequences it may have for them.

I would settle for better notification.  The point of not doing the
final steps is to force the user to have some understanding about
what their doing.


Reply to: