On Fri, 2010-04-16 at 19:43 -0700, jdow wrote: > From: "Patrick O'Callaghan" <pocallaghan@xxxxxxxxx> > Sent: Friday, 2010/April/16 16:51 > > > > On Fri, 2010-04-16 at 13:47 -0700, jdow wrote: > >> From: "Patrick O'Callaghan" <pocallaghan@xxxxxxxxx> > >> Sent: Thursday, 2010/April/15 13:31 > >> > >> > >> > On Thu, 2010-04-15 at 13:02 -0700, Michael Miles wrote: > >> >> Is Fedora really that secure? > >> > > >> > Even if we limit the discussion to email viruses, that's a very complex > >> > and difficult question (to which the answer is "yes" :-). It's not an > >> > attribute exclusive to Fedora as such, but to all Unix-based systems, > >> > mainly for three reasons: > >> > > >> > 1) The mail client isn't running as root. > >> > 2) Even when running as root, Linux mail clients won't blindly execute > >> > attachments. > >> > 3) Even for executable attachments, the virus is written for Windows > >> > and > >> > won't run on Linux. > >> > > >> > Of course it's in principle possible to get past all the above > >> > barriers, > >> > so *in theory* you can have a Linux virus, assuming the user is stupid > >> > enough to run an unknown executable. As I say, I've never seen one in > >> > the wild. > >> > > >> >> I come from windows and I am amazed at how not secure windows is. > >> > > >> > See (3) above. Most viruses are written for Windows as it's the most > >> > popular platform. MS likes to pretend that's the only reason it gets > >> > all > >> > the grief, but there are other factors. > >> > >> Patrick, the best AV tool of all is a savvy user given the number of > >> social engineering attacks of late. And, at least historically, 'ix users > >> have been quite savvy about security. That makes a huge difference. A > >> single mistake running something you should not have because it looks > >> important can bust your whole day. Based on the security forums I read > >> I'd not consider Linux bullet-proof "today" - kernel null pointer > >> dereferences and mmap are your enemy du jour. > > > > Again, you're answering the wrong question. This thread is not about the > > general security or otherwise of Linux. It's about vulnerability to > > viruses. > > If you are being picky regarding "virus", "trojan", etc then begone little > boy, you bother me. It does not matter one bit the means of transmission > if the system is compromised in a manner than a piece of what is > conventionally called "anti-virus software" would have prevented the > problem? Which of the vulnerabilities discussed on the kernel list is communicable via an email message in such a way as to compromise the security of the target system without manual intervention on the part of its user? Please be specific. poc -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
