I love IP Tables....

Les Mikesell lesmikesell at gmail.com
Wed May 30 01:38:43 UTC 2007


jdow wrote:

>>>> Are you saying vulnerability to viruses is acceptable and end users 
>>>> are supposed to be smarter then the OS vendors in working around it?
>>>
>>> Good anti-virus protection, regular updates, and good malware protection
>>> for malicious scripts are all important for all operating systems.
>>
>> Agreed on updates.
>>
>>> AV
>>> for Linux is pretty much lacking.
>>
>> There's no reason to expect a 3rd party to be able to improve it.
> 
> Do you understand how AV software functions? One mode checks file
> signatures for known virus signatures and prevents them from running.

I know how it's supposed to function - and in the places it is really 
needed you can't afford the overhead.

> The cycle from discovering a virus to developing a signature for
> catching it is MUCH faster than the usual bug report or even security
> bug report to update cycle. Your period of vulnerability is reduced.
> That is "a good thing." (tm)

That hasn't been my experience.  I've been through 2 zero-day Windows 
exploits where we were the first to report the offending file to two 
popular AV companies that we used plus clam.  One wasn't that bad and 
I've forgotten the details.  The other one was something that blasted 
the network to a point where a few infected PCs would overload 100M 
router interfaces making both the primary and failover routers try to 
become active.  It wasn't fun and it was 3 days before either commercial 
vendor responded with a new signature from the file we sent them and 5 
for clam.   By contrast it is rare for a critical remote vulnerability 
to be known for more than 3 days in Linux distributions without having 
the update to fix it released.

>> Yes, you need to keep up with the updates.  What's "too many" daemons? 
>> The point of having a computer is the services and often the remote 
>> access it provides.
> 
> If you do not need a web server on your desktop do not install it let
> alone run it. If you need to run it (for documentation) limit its access
> from off the machine. If you must access it remotely don't enable
> scripting facilities. And so forth.
> 
> If you do not need to run smtpd on your machine, then don't. If you do
> not need to run a POP3 tool on your machine, then don't.

But I do need all of those things (and imap and http too). Not all of 
them on all machines, but if it isn't vulnerable in the places I need 
it, then it won't be other places either. The great thing about free 
software is that when someone gets it right, it doesn't matter how many 
copies of it you run.  And if it is vulnerable, I want it reported and 
fixed, not just avoided so the machine where I need it will be the first 
to be exploited.

> Worse yet if you don't need to run a geewizzilator daemon on your
> system, then don't. (That is to say a "gee I wonder what's that"
> daemon.)

Same there - if there is a vulnerability, find it and fix it and it 
won't matter how many of them people run.

>> There may be undiscovered bugs in Linux distros, but as they are 
>> discovered there is no excuse for not fixing them in the product 
>> itself. What possible good can come from a third party product (just 
>> as likely to contain even more unknown vulnerabilities) being used as 
>> a band-aid solution instead of just fixing issues as they are 
>> discovered?  And that applies to all services - someone needs to run 
>> them and they should not make their system any easier to crack beyond 
>> adding passwords that might be guessed.
> 
> How many different "products" exist in the Red Hat and Fedora Core Linux
> distributions?

A lot - but I'm not sure that's a relevant question.  If they have bugs 
they need to be found and fixed.

-- 
    Les Mikesell
     lesmikesell at gmail.com




More information about the fedora-list mailing list