On Mon, 27 Jan 2003, technomage wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Monday 27 January 2003 02:19 pm, you wrote: > > > > Maybe in the ideal case, but even most professional > > sys-admins don't get even the basics (security patches) > > done, so I think it is counter-productive to suggest to > > linux newbies that they spend time on activities with > > virtually no payback. > ... your generalization about "most professional > sys-admins" is a fallicy. What's the matter with you -- are you determined to find fault in the most rude way? Perhaps I should have said "many" instead of "most", but research has nevertheless shown that failure to install updates is the most important reason for security breaches, even among professionals, and you would know that if you read CERT advisories and summaries regularly -- it's fairly common knowledge, and doesn't even imply that the sysadmins are not conciencious or competent, also well known (hint, time and priorities, and PHMs). > > And how would such get relayed (distributed) from a > > linux client system, when they are not active there > > (cannot do their normal self remailing)? Even on > > MS-Win clients, most such broken behavior can be > > disabled simply by junking Outlook and possibly IE, and > > using alternative client programs, such as pc-pine or > > Eudora, which will also take care of much future virii > > not covered by the current scanners. > pardon again? do you have any idea how easy it is to > misconfigure a deamon such as sendmail? in fact, > there is a relaying capability in sendmail/procmail > that is ordinarily turned off. anyone who doesn't > know what they are doing can turn that one without > too much thought and become a spam relay Of course, but how is that relevant to what I said, or to a newbie, who won't know anything about such advanced configuration? Configuring an MTA (mail transfer agent, or server) has little to do with a newbies use of his MUA, and the virii that misuse and abuse them. Take that chip on your shoulder to a more appropriate forum. We try to help users here, on their level, not conduct debates. But your answer also implies that you recognize the validity of what I said concerning the MUAs (mail reading clients). Why not say so directly, so that new users will not misunderstand? > ...in as many as 10 keystrokes and 3 clicks of the > mouse! Lest the newbies here get intimidated by this last, let me state that I think that is perhaps a bit overstated, and in any event, would primarily apply to some distribution specific GUI system administration front end, which I don't try to track. From a text based angle, such configuration will likely force you use some more arcane documentation, which will also inform you of the risks, which are not really that great, unless you are an ISP or something similar. The Red Hat default configuration for the sendmail MTA, for instance, prevents such behavior. An exception to this might be the broken, insecure, and now discontinued linuxconf utility Red Hat used to ship (old RH versions) -- if you have that, I recommend you remove the package entirely (the broken help, confusing menus, etc, will drive you crazy anyway). > as for MS products, well, those have exploits, so no > matter how secure you make your windows box, there's > always some hole or another that can be used to make > your machine a relay... I should know this, a big > part of what I earn is troubleshooting windows OS > systems for this very problem. So perhaps your aggravation has more to do with having to deal with M$ systems? Many of us here can certainly sympathize with that, but remember also that many of us don't have to deal with such broken behavior at all.... <grin> > > To recap, for newbies, it's best to focus security > > advice where the effort will do the most good, and > > that is not on email virus scanners; such > > discussions belong on another forum anyway. > I'm sorry, but security is a matter for EVERYONE (not > just newbies). No one has suggested otherwise. > Still, it is wise to take care of the most obvious > problems first, and then work on the more esoteric > ones that follow. Does that mean that you actually do agree that for a newbie, virii might fall in the "esoteric" category? Not speaking of other vulnerabilities? If you feel you must, list again what you consider to be the appropriate security priorities, as I and others have already done, but some civility might go a long way toward.... LCR -- L. C. Robinson reply to no_spam+munged_lcr@onewest.net.invalid People buy MicroShaft for compatibility, but get incompatibility and instability instead. This is award winning "innovation". Find out how MS holds your data hostage with "The *Lens*"; see "CyberSnare" at http://www.netaction.org/msoft/cybersnare.html