Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 2 Jan 2002 21:04:14 +0530
From:      Devdas Bhagat <devdas@worldgatein.net>
To:        freebsd-questions@freebsd.org
Subject:   Securing systems (was Re: Teaching parents UNIX)
Message-ID:  <20020102210414.D569@rivendell.worldgatein.net>
In-Reply-To: <20011229220904.A493@starpower.net>; from rjhalljr@starpower.net on Sat, Dec 29, 2001 at 10:09:05PM -0500
References:  <1DA741CA6767A144BAA4F10012536C27A97C@LKLDDC01.GARGANTUAN.COM> <20011230000519.GB7709@raggedclown.net> <20011229220904.A493@starpower.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On 29/12/01 22:09 -0500, Bob Hall wrote:
<snip>
> As the level of knowledge necessary to operate a computer decreases, 
> people who were previously unable or unwilling to use computers 
> start using them, and the average level of competence of computer 
> users decreases. Any specific system is only as secure as the 
> person using it makes it. For most users, improvements in MS 
This is perfectly correct. Howeve, I will blame MS for one thing. they
always value convinience over security. Convinience is a good thing, but
sometimes lack of convinience forces the user to assume responsibility.
Having everything enabled by default is a bad thing. Not making it easy
to turn off is even worse. Breaking stuff from working because of secure
systems is even worse.

> software aren't going to make their computers any safer because the 
> users are still going to leave the machines wide open to infection.
> And now that DSL and cable are becoming popular, people leave their 
> computers on and connected to the internet 24/7. Virii that scan for 
> hosts to infect are going to start hitting client machines.
Right. Simple minimal solutions:
Disable Javascript in the system by default.
Disable automatic file sharing by default (ADMIN$ and C$).
Disable automatic parsing of HTML email, and scripting in email. Email
doesn't need scripting.

> MS contributes by selling their software at the beta stage, but 
> that contribution is small compared to the other factors. Even 
> if MS bundled anti-virus with their software, they can't force 
> users to use it or update the virus signatures.   
The solution is not an antivirus. The solution is a software that
doesn't default to insecurity. I think that OpenBSD is on the right
route (though they have sendmail enabled by default). I believe immunix
also has the same philosophy. To enable anything, the user has to take
specific action, and thus assume responsibility for it.
Securing NT is hard precisely because you have to make is secure from
insecure defaults, and there is no choice of that in the install
process.

Devdas Bhagat

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020102210414.D569>