[ale] Linux Distributions
Michael B. Trausch
fd0man at gmail.com
Wed May 18 16:14:42 EDT 2005
ChangingLINKS.com wrote:
>
> I run as root all of the time, and with my system:
>
> You cannot spread malware effectively. I have several firewalls setup
> and other security features. I realize that I am not perfect, so my
> system allows for my fumble fingers. I would casually bet $20 that my
> system is more secure than yours is.
>
> And yet, ironically your entire position seems centered on security.
>
You're damn right my entire position is centered on security. The more
software you're running, the more lines of code there are to fail. The
more that there is to fail, the higher the likelihood that something
along the way *will* fail. If you haven't figured that much out, then
you haven't bothered to think for more then a couple of minutes about
the issue. My system doesn't require multiple firewalls to be set-up or
configured and in place to be secure.
My system doesn't require several additional bloatware security features
because they're all implemented in the kernel and trusted programs. And
as problems are found, upgrades are warranted, which is why I have
friends that allow me the use of their systems for kernel building that
have quad P4 CPUs so that I can perform my entire kernel upgrade within
minutes of any given exploit's exposure.
While I have one firewall, and I find it useful for many reasons, I also
have my systems setup so that they could be on the public Internet
without my needing to be paranoid enough to lose sleep over them. My
systems experience their share of regular attacks from others on the
Internet, and it has yet to be compromised. Once every quarter, I audit
systems that I have that live on the Internet in grotesque detail,
including verifying that the binaries have remained unchanged in every
way possible.
None of my systems, to date, have failed these consistancy audits.
So, if my solutions are so "insecure," as you have put it, since you'd
like to resort to a personal attack (seemingly because you can't prove
your point any other way), then why do they withstand attacks from the
Internet and still result in 99.9% uptime without compromise?
You, sir, have no validity to your arguments that I can find. Nor do
your arguments deserve any respect whatsoever. You can't even find a
segment of source code in a program you want to run in your "secure"
configuration to modify it to not check to see if you're running as root
or not!
>
> It all seems "elementary" to you, but as Jim has pointed out several
> times, you overlook MANY solutions WHILE celebrating to the problems
> you pose. Fortunately, Linux is better than you make it out to be.
>
> The problem here is that your thinking is very limited. You can only
> see your system in your house, which apparently cannot prevent these
> problems. It really sounds like your system sucks. I suggest you
> never run as root. ;)
>
You're the one who is adding additional software to it and the like.
When I say Linux, I'm talking about the operating system. Fortunately,
the kernel is more versatile then you have the imagination to cover.
The associated tools that come with it, are what really give the
flexibility and the power to do the things that you can with it. It's a
wonderful system, and doesn't need the support of bloatware as you so
desire to shame it down to.
Unlike yourself, I use the system's built-in functionality to prevent
the problems which you mention. It sounds to me like my system is the
winner, in the long run. Not to mention, there isn't a soul in the
world that has enough time to crack my root password, let alone attempt
to get access at the console. That would mean they'd have to crack my
user's password, first. And eventually, that will even go away and
password access to my system will be disabled, after I verify the
strength of a system wholly reliant upon SSH keys for myself.
- Mike
--
Michael B. Trausch <fd0man at gmail.com>
Website: http://fd0man.chadeux.net/ Jabber: mtrausch at jabber.com
Phone: +1-(678)-522-7934 FAX (US Only): 1-866-806-4647
===================================================================
Do you have PGP or GPG? Key at pgp.mit.edu, Please Encrypt E-Mail!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
More information about the Ale
mailing list