[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Do we really need to worry about viruses (was Re: Anyone else notice that Swen is slowing down?)

On Fri, Oct 03, 2003 at 01:42:28AM +0100, Karsten M. Self wrote:
> E.g.:  there are _good_, _solid_ reasons Debian doesn't allow Mozilla to
> run as root, why X11 TCP connections are disabled by default, and why
> SSH is strongly recommended.  Yes, it's possible to override or ignore
> these settings, but that's not information I share, particularly not
> with newbies, on the simple principle that learning how to shoot
> yourself in the foot _might_ just provide you with some clue as to why
> this is a bad idea.

I agree that security is generally a good thing, but some people turn it
into some sort of cult. Once upon a time I tried running FreeBSD (or was
it NetBSD) and some script I had died, because I didn't have permission
to write to /dev/null. That really made me laugh.

One thing I really like to do is disable passwords for local logins. But
I'm sure there are people who will tell me that the CIA is going to come
to my house, tie me up, log into my computer and steal all my mp3s or
something :) I really like doing this because it saves me from typing my
password 300 times a day, and it doesn't make my computer any easier to
hack over the network. 

So I think there should be a proper balance between convenience and
security. For instance the current version of Outlook Express (aka
outhouse excess, etc.) defaults to preventing users from opening any
attachments: "Sorry this attachment could be a virus.". It does this
even with "plain/text" attachments. I've had to fix this on any number
of people. Even worse is the fact that Outlook's GPG/Mime handling is
broken and it actually doesn't show the message but shows it as an
attachment, which if the user clicks on it, gives them a warning saying
that it may be a virus. I mean this prevents legitimate attachments like
jpegs, etc. So users simply disable it, and you're back to square one.

P.S. It might have been a security upgrade or something that added this
"feature" to OE, but still I've seen people struggling to open plain/text
attachments because of it.

Bijan Soleymani <bijan@psq.com>

Attachment: signature.asc
Description: Digital signature

Reply to: