On Sun, 2012-09-02 at 09:46 -0700, jdow wrote: > My take away from this is that absolutely nothing except a totally > disconnected machine in an impenetrable safe is uncrackable, even > Fedora machines. Some form of "AV" tool is called for as well as > routine checks with the various system check utilities. Even that > won't prevent 100% of all attempts from succeeding. But it will help. Nothing is 100% bulletproof, there will always be some weakness. The current state of play is to try an make sure that /that/ weakness isn't exposed, rather than eliminate all the weaknesses (which isn't really possible). If you have some publicly accessible machine (whether over the net, or a computer where the public can actually touch it), you are at your most vulnerable, and it's next to impossible to completely secure it. Heck, you can create serious problems just by pulling out a cable. On the other hand, a home PC which doesn't act as a server to the public over the net, or to strangers in the room, is a very different situation. Windows has clearly demonstrated that it's vulnerable just by reading an email, and without even having to trick the user into doing anything extra than just reading it. And the common habit of installing software from anywhere, rather than just supervised repositories, makes it even more vulnerable. Whether that be the user installing cute toys they find, or some website asking you to install a *special* plug-in to view the content on this page, and the continual cracked software piracy (do you really expect such a cracker to care about your rights, if they've been happily violating the original software author's?). Hence the need for prophylactic programs to try and intervene with such things. I haven't seen that same sort of situation demonstrated with Linux. It doesn't shoot itself in the foot, you have to get the user to install something, most of what we install comes from our own repos (which we hope the vetting process between testing and release repos helps us, and the rapid turnover of updates to fix software flaws certainly does help us), and the piracy angle is almost non-existent (because we don't need to crack software), hence the need for prophylactic programs is far less. Not that such programs can stop a user from doing something that they're going to do, despite all the warnings, on any OS. -- [tim@localhost ~]$ uname -r 2.6.27.25-78.2.56.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
