Chadley Wilson wrote:
On Tue, 2004-05-11 at 10:06, Ben Stringer wrote:Firewalls are good, but there has to be something open to connect to the internet. Have you heard of the nimda virus? It did not affect linux, but there is always a possibility. And it did not even require one to do anything except be connected to the internet. On a similar note, Many web sites run software that is able to menetrate systems that happen to be vulnerable to those tools. Simply opening up the web page can allow intrusions if the remote site knows how.
What is wrong with just a good firewall and running DR-WEB to protectOn Tue, 2004-05-11 at 16:23, Chadley Wilson wrote:
End-users who are new to Linux easy irritated by passwd prompts,The simple answer to this is that for systems connected to the internet, if they become compromised, they can be used to spread more virus' and spam, so they affect the wider community, not just the owner.
My one customer made a (I think valid ) comment: He said and I quote "I should be given the option to choose whether or not I want a passwd
protected system. Why do other people tell me what I need."
the PC?
Just curious :-}
My linux PC (in the RH 7.3 days) was hacked into (because of a misconfigured firewall) and a root kit installed. Ant that was with passwords, limited services running, and a firewall running. Is your user going to have a *secure* firewall configured.??
Layers of security are much better than one level. Most businesses that have their networks connected to the internet have a firewall -- a DMZ with most of their public servers -- another firewall -- then their intranet network. Each layer helps, and they also run IDS systems.
I realize this is overkill for the home user, but as much as possible is better than nothing.
It is irresponsible to have a PC that is externally accessible poorly secured.
The case where the PC is not network-accessible is increasingly a special case, and a security choice made at installation time may lead to a compromise later on if the PC is connected to a network.
The reasons for not removing separation of privileges is well documented and not specific to Fedora. I'd suggest researching past discussions on this and other lists.
Cheers, Ben