Re: Clamav

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Apr 16, 2010 at 20:29:25 -0700,
  Craig White <craigwhite@xxxxxxxxxxx> wrote:
> 
> Clearly no OS is safe from exploit. The most effective security method
> employed on Linux is simply not to run as superuser where most Windows
> and Macintosh users are running as superuser and the software leaves it
> to the user to figure out how to run with less privileges (very possible
> but not the typical usage).

I disagree. This can help with restoring a system, but is more useful
for protecting users from each other than users from malware. User
accounts have all of the power needed to replicate malware. User accounts
have valuable data (may be private or hard to recreate), where as data
owned by root typically isn't. There have historically been a lot of local
root exploits on linux systems that allow malware to elevate its
privilieges.

I think selinux is going to of more use in this area than standard unix
file system privileges and having a separate root account. It won't solve
all of the problems, but it can help protect users from processes running
as themselves.
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux