Re: another reason to use adblock and noscript... or just use Linux
It actually costs someone far more to follow the advice than the benefit that person should expect to get. *coughairportsecuritycough* --DTVZ On Thu, Mar 25, 2010 at 11:26 AM, Ben Eisenbraun b...@klatsch.org wrote: On Wed, Mar 24, 2010 at 01:01:02PM -0400, Tom Buskey wrote: This is way beyond the typical user threshold of inconvenience. And maybe it's not actually worth it at all: http://glinden.blogspot.com/2010/03/security-advice-is-wrong.html The surprising conclusion is that some security advice we give to people -- such as inspect URLs carefully, pay attention to https certificate warnings, and use complicated passwords that change frequently -- does more harm than good. It actually costs someone far more to follow the advice than the benefit that person should expect to get. -b -- there is no excellent beauty that hath not some strangeness in the proportion.francis bacon ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: another reason to use adblock and noscript... or just use Linux
On 03/24/2010 01:48 PM, Benjamin Scott wrote: For now. Right now, the attackers go after Windows, because 90% of the users run Windows. (With a higher percentage of easily-duped users.) Have you heard that the Windows malware game now involves various packages each trying to disable and uninstall each other? (sometimes breaking the system while trying). They're competing for resources. Given more than nine competing systems, the economics ought to favor one of them going after the uncontested territory. All things being equal, of course - including both ease of compromise and programmer expertise. Still, lots of these are run by definitely-for-profit enterprises, so they would be expected to hire the relevant resources if the investment were worthwhile. I have to admit, none of the commonly-offered explanations really seem plausible without assuming diligent users (who won't just enter their admin password whenever a dialog appears) on the unmolested platforms, and that doesn't seem plausible either. -Bill -- Bill McGonigle, Owner BFC Computing, LLC http://bfccomputing.com/ Telephone: +1.603.448.4440 Email, IM, VOIP: b...@bfccomputing.com VCard: http://bfccomputing.com/vcard/bill.vcf Social networks: bill_mcgonigle/bill.mcgonigle ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
another reason to use adblock and noscript... or just use Linux
Apparently the ad networks of Fox, Google, and Yahoo have been distributing ads which contain malicious javascript. This means that all you have to do is surf the web to have your system infected with malware... wait, that isn't really new. It's just a sad reminder of how easy it is for regular users to have their systems compromised. Of course, you can just run Linux and you're system won't be vulnerable to most if not all such 'scareware'. But, for those who must use Windows, it's another reminder to use better browsers (e.g. Firefox and Chrome) with additional privacy and security elements (e.g. adblock and noscript). Background and news on the subject: http://www.google.com/search?q=malicious+ad+networks http://news.idg.no/cw/art.cfm?id=2A32DD2B-1A64-6A71-CEBCE1F83973D7CA is a rather long article that does cover some measures that users should take to prevent problems in their computer systems. However, it boils down to way too much work that regular users won't do, it downplays the advantages of switching to Mac, and it certainly doesn't go far enough in that it doesn't even list switching to Linux as an option. Greg Rundlett ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: another reason to use adblock and noscript... or just use Linux
On Wed, Mar 24, 2010 at 12:23 PM, Greg Rundlett (freephile) g...@freephile.com wrote: Apparently the ad networks of Fox, Google, and Yahoo have been distributing ads which contain malicious javascript. This means that all you have to do is surf the web to have your system infected with malware... wait, that isn't really new. It's just a sad reminder of how easy it is for regular users to have their systems compromised. Of course, you can just run Linux and you're system won't be vulnerable to most if not all such 'scareware'. But, for those who must use Windows, it's another reminder to use better browsers (e.g. Firefox and Chrome) with additional privacy and security elements (e.g. adblock and noscript). adblock and noscript can also make browsing faster with firefox because they block the download. chrome's adblock still downloads the ad, but it doesn't display it. I don't think noscript is on chrome yet. When I go to a site that noscript blocks, I might want to allow it. When noscript is allowed, it reloads. Usually this lets me go on my way. Some sites will set some kind of cookie and not allow me to reload. Coupon sites, surveys, polls, webkins are typical. The only way to clear some of them is to flush the history cache of the site and try again. This only happens the 1st time I go to a site. This is way beyond the typical user threshold of inconvenience. Heck, it's a pain to me and I understand and appreciate doing things for security. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: another reason to use adblock and noscript... or just use Linux
On Wed, Mar 24, 2010 at 12:23 PM, Greg Rundlett (freephile) g...@freephile.com wrote: Of course, you can just run Linux and you're system won't be vulnerable to most if not all such 'scareware'. For now. Right now, the attackers go after Windows, because 90% of the users run Windows. (With a higher percentage of easily-duped users.) If Linux or MacOS or AmigaOS had a huge market share, we'd see the same attacks on them. Security is a process, not a product. -- Bruce Schneier One thing we get hit by occasionally at $WORK is fake anti-virus software. This stuff uses an animated GIF that appear as a fake window which says you have a virus, then prompts the user to click to repair. That click downloads an executable which they then track down and run. Which then puts more fake messages on their screen. For us, remediation is at least limited to deleting stuff from their user account, because nobody has admin rights, but it's still a pain. All that could happen just as easily on Linux or MacOS, or Firefox or Chrome or Safari. I like to joke that the executable could be named For God's Sake Don't Fucking Run This.EXE, and people would still click on it. At least, I think I'm joking. True, less restrictive software/settings can make it much worse by adding pop-ups, prompts, hiding the browser toolbars, etc., and needing fewer clicks to get run that executable. And browsing as a privileged user is suicide, of course. We try to block executables from being downloaded, but attackers have started obfuscating URLs and using SSL, so our firewall doesn't see it. My next counter-measure is going to be Software Restriction Policies -- akin to mounting /home and /tmp with noexec. The MS Windows ecosystem, being the steaming mess that it is, makes that a big compatibility headache, but that's nothing new. I've said for years it isn't that Linux is inherently more secure than MS Windows, it's just *much easier* and thus *much cheaper* to make secure than MS Windows. But most organizations aren't willing to go to such lengths to secure their systems, regardless of platform. At least, not yet. But, for those who must use Windows, it's another reminder to use better browsers (e.g. Firefox and Chrome) with additional privacy and security elements (e.g. adblock and noscript). As Tom Buskey points out, your typical user will simply never put up with the kind of inconvenience that blockers introduce. I use them and I find them to be a huge pain in the ass, and I'm a paranoid control freak. Probably the best defense we can hope for is stronger sandboxing of the browser, with things like SElinux or Microsoft's Mandatory Integrity Control used to lower the privilege level of *everything* done in or by or from the browser. Go ahead, download that malware executable. Since the executable was written by a lower privilege process (the browser), the executable itself will run with a lower privilege level, and can't touch regular user areas. This should at least make drive-by-downloads harder. The problem is there will always be a way to add another layer which the OS can't see and a luser is willing to employ. Example: Put the malware in a ZIP file. ZIP file is seen as data by the OS. The unzip program is trusted and runs at normal user privilege level. It opens the ZIP as data and copies out the executable, writing the file as the normal user privilege level. One could try and counter that by causing all file I/O done with a lower privilege file to taint the privilege level of the process doing the I/O. But people want to exchange documents and data with each other via email and web. (And I don't blame them; why have a network if you're not going to use it?) If all the data has a lower privilege level, you're not really protecting anything anymore. (Remember: The computer is a tool. The reason we secure the OS is so the OS can keep protecting the data. We don't secure the OS for the sake of having a secure OS.) Ultimately, the only real solution is better user awareness, and I don't hold out much hope for that. http://news.idg.no/cw/art.cfm?id=2A32DD2B-1A64-6A71-CEBCE1F83973D7CA ... it boils down to way too much work that regular users won't do ... Exactly. ...it downplays the advantages of switching to Mac, and it certainly doesn't go far enough in that it doesn't even list switching to Linux as an option. Sure it does: The same goes for Linux as well: A scam run past someone using Firefox in Ubuntu is still a scam by any other name. That's right after the part about MacOS and Most dangerous of all, though, is a false sense of security: users can be duped no matter what they're running. I'd say their analysis aligns with mine. Sorry to be a stick in the mud, but security is hard work, and most people don't like hard work. -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org
Re: another reason to use adblock and noscript... or just use Linux
On Wed, Mar 24, 2010 at 3:02 PM, G Rundlett greg.rundl...@gmail.com wrote: So, it seems that you're saying: Don't switch to Linux because even though it will prevent you from getting 99% of the malware out there today, someday it could be targeted and vulnerable. No. What I'm saying is: A false sense of security is a bad thing. Don't misrepresent what's really happening. When it comes to security, it is critical to understand what's actually happening. I'm also looking ahead. Let's say everybody on Earth says, Wow, Greg Rundlett says to switch to Linux because it's more secure. Let's do that! So next week, everyone is running Linux. Now all these problems that happen on MS Windows will happen on Linux instead. Sure it does: The same goes for Linux as well: A scam run past someone using Firefox in Ubuntu is still a scam by any other name. In theory yes, but in practice no. Clicking on a gif-ad-malware that downloads an .exe that works on windows almost assuredly won't do one bit of harm on my Ubuntu system. I'm not saying there isn't a practical security advantage in using a minority platform. Keeping a low profile is a valid technique. However, if/when Linux gains significant market share, the Linux binary/shell script/.deb/autopackage/whatever that gets downloaded will run just fine. In other words, this is only an effective countermeasure *as long as Linux remains a second-class citizen*. I don't regard that as a winning strategy. Taking your argument to an extreme, one should run something like BeOS, because *nobody* targets BeOS these days. Even Linux sees the occasional network vulnerability scanner attack. So you'll be switching to BeOS, right? Incidentally, I've read one report of someone demonstrating how Linux is imunue to viruses by double-clicking on an .EXE, only to watch in surprise as the distro fired up Wine to run it. Fortunately it was Minesweeper or something like that. Again, I have to disagree from a practical point of view. I recommended that my wife switch to a Mac, and I'm feeling much better that her computer won't be affected by malware. At my last job, we once had a client who had only Macs, and didn't run any anti-malware software because Macs don't get viruses. Then they needed to add some MS Win PCs and a server for them. We installed that stuff. We migrated their files to the server. The server's anti-malware software promptly quarantined *every single last Microsoft Word document in the company*, because they were all infected with macro viruses. The client fired us, because Macs don't get viruses, so it must have been our fault. -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: another reason to use adblock and noscript... or just use Linux
I agree with Ben: o yes, right now there are fewer viruses for Linux and Mac o those people that depend on that fact will sooner or later regret that dependency Only constant application of patches, training and diligence will help stave off malware. And most users will not do the first, will not receive the second and are not capable of the third. So it falls to the network and system admins of the world. md ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: another reason to use adblock and noscript... or just use Linux
Benjamin Scott dragonh...@gmail.com writes: On Wed, Mar 24, 2010 at 3:02 PM, G Rundlett greg.rundl...@gmail.com wrote: So, it seems that you're saying: Don't switch to Linux because even though it will prevent you from getting 99% of the malware out there today, someday it could be targeted and vulnerable. No. What I'm saying is: A false sense of security is a bad thing. Don't misrepresent what's really happening. When it comes to security, it is critical to understand what's actually happening. I'm also looking ahead. Let's say everybody on Earth says, Wow, Greg Rundlett says to switch to Linux because it's more secure. Let's do that! So next week, everyone is running Linux. Now all these problems that happen on MS Windows will happen on Linux instead. That of course assumes that the target platform is as vulnerable. I think Linux is much less vulnerable to escalation-requiring attacks than Windows, mostly because in general on Linux users do not run with admin privs, whereas on Windows most people do. So there's a whole class of attacks that don't work out-of-the-box; they need to find a priviledge escalation attack in addition to the user attack in order to hook in. I do agree that we'd see more Linux-targeted attacking if Linux were more prevalent on the desktop, but I think Linux does start as a more secure platform that Windows, so you've already got a leg up. -derek -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH warl...@mit.eduPGP key available ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: another reason to use adblock and noscript... or just use Linux
Derek, but I think Linux does start as a more secure platform that Windows, so you've already got a leg up. When it comes to security, the only one that has a leg up is that one hacker that is going to break in, and (when you are not looking) is going to piss on you. md ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: another reason to use adblock and noscript... or just use Linux
Jon 'maddog' Hall mad...@li.org writes: Derek, but I think Linux does start as a more secure platform that Windows, so you've already got a leg up. When it comes to security, the only one that has a leg up is that one hacker that is going to break in, and (when you are not looking) is going to piss on you. Given a standard-configuration fully-updated Windows box and compare it to a standard-configuration fully-updated Linux box.. The windows machine has significantly more holes in it during standard use. md -derek -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH warl...@mit.eduPGP key available ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: another reason to use adblock and noscript... or just use Linux
Derek, You are still missing the point: Given a standard-configuration fully-updated Windows box and compare it to a standard-configuration fully-updated Linux box.. The windows machine has significantly more holes in it during standard use. You only need one hole. md ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: another reason to use adblock and noscript... or just use Linux
Jon 'maddog' Hall mad...@li.org writes: Derek, You are still missing the point: Given a standard-configuration fully-updated Windows box and compare it to a standard-configuration fully-updated Linux box.. The windows machine has significantly more holes in it during standard use. You only need one hole. I'm not missing the point. All holes are not created equal. md -derek -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH warl...@mit.eduPGP key available ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: another reason to use adblock and noscript... or just use Linux
On Wed, Mar 24, 2010 at 4:51 PM, Derek Atkins warl...@mit.edu wrote: Given a standard-configuration fully-updated Windows box and compare it to a standard-configuration fully-updated Linux box.. The windows machine has significantly more holes in it during standard use. That is false assumption which only makes one *feel* more secure. I would give you that generally windows machines have more holes that allow someone to *crash* the machine, however most *nix exploits which are remote vulnerabilities will end up easily giving you a shell. Additionally, as time goes on, I've found that older installations of a given distributions will pretty close to 100% get compromised if left unattended. Linux is NOT more secure then Windows. People RUNNING Linux are *generally* more security conscious then a person running Windows. -- -- Thomas ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: another reason to use adblock and noscript... or just use Linux
On Wed, March 24, 2010 5:05 pm, Thomas Charron wrote: Linux is NOT more secure then Windows. People RUNNING Linux are *generally* more security conscious then a person running Windows. I will take partial issue with this. It's my humble and considered opinion that open source is, generally, more secure than closed source, for the very same reason we're arguing here: because a hidden flaw is still a flaw. Doesn't mean that there aren't bugs in OSS -- oh, we could only so wish! -- but they're out there for *everyone* to see, black hats and white, alike. I like to think this philosophical difference makes the OS (and component utilities, applications, etc.) somewhat more secure. But... only somewhat: Though a program be but three lines long, someday it will have to be maintained. And debugged. And so forth. When you *assume* that you're safe -- that's when they'll bite you. Yes, statistically, Linux, MacOS, BeOS, and my dearly (mostly-)departed Amiga(D)OS are far less likely to be attacked -- but they still can be. And, eventually, almost certainly will be. Just ask my cracked OpenWRT router. -Ken -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: another reason to use adblock and noscript... or just use Linux
I'm not missing the point. All holes are not created equal. While I might agree that there are some holes that are larger than others, and some systems where there are more holes than others, I apply the same logic to computer systems that I apply to using a condom to block STDsany size or number of holes leaves you open to infection. Abstinence and great hygiene are probably the best protections, but most people do not seam to aspire to those goals whether it be in sex or the Internet. To be safe you assume that everyone is infected, and go for periodic inspection. md ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: another reason to use adblock and noscript... or just use Linux
But... only somewhat: Though a program be but three lines long, someday it will have to be maintained. the realization came over me with full force that a good part of the remainder of my life was going to be spent in finding errors in my own programs. - Maurice Wilkes, head of the EDSAC project, 1949 md ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: another reason to use adblock and noscript... or just use Linux
Derek Atkins warl...@mit.edu writes: Benjamin Scott dragonh...@gmail.com writes: On Wed, Mar 24, 2010 at 3:02 PM, G Rundlett greg.rundl...@gmail.com wrote: So, it seems that you're saying: Don't switch to Linux because even though it will prevent you from getting 99% of the malware out there today, someday it could be targeted and vulnerable. No. What I'm saying is: A false sense of security is a bad thing. Up front: I absolutely agree with that. Don't misrepresent what's really happening. When it comes to security, it is critical to understand what's actually happening. ... and that, which *therefor* (not `but') leads me to: I'm also looking ahead. Let's say everybody on Earth says, Wow, Greg Rundlett says to switch to Linux because it's more secure. Let's do that! So next week, everyone is running Linux. Now all these problems that happen on MS Windows will happen on Linux instead. That of course assumes that the target platform is as vulnerable. It's also neglecting that there are different classes of vulnerabilities: everyone's harping on the `users downloading and running stuff' class, but there's another class of *problems that don't even involve the user at all*--like (for example) e-mail clients and web browsers automatically running whatever is sent to them, buffer-overflows in the network stack that the vendor refuses to even acknowledge, etc., etc., etc. And, even for the `users downloading and running stuff' that we've covered: while Ben has well-described the problem as a syndrome, there's no analysis of the actual causes or whether the *premise* actually does port cleanly: On my Debian and Ubuntu systems, I get *all of my software* from a trusted source--with no exceptions. And I can run like that, on these systems. As I understand it, *you can't do that with Windows*: the system *doesn't come with anything useful*, so everything needs to be procured as auxiliaries--and there's no such thing as `a trustworthy source for everything that you need' there, so the user's are *necessarily* accustomed to `downloading and running random crap'. How else would they work? So it seems to me like there *is* some hope, if one can explain to converts that they really (really!) don't *ever* need to download something from the Internet. Something akin to the old any sweepstakes that asks for a fee is a scam and any cold call that asks for your SSN is a scammer. If we can move people away from the `download culture' that Ben has aptly described as being at the heart of Windows security- issues, then the whole question of `*what* people download' becomes moot. There *is* a difference between: * A burglar forcibly breaking-in from outside. vs.: * A scammer tricking someone into letting them in. My recollection is that *do* have a better track record with regard to the first, and it looks like we have reason to believe that we *can* also do better on the second. But we have to acknowledge that, when we convert someone, there's a different `acquisition culture' into which our converts need to be acclimated. If we tell people, Here, this is Linux, it's more secure--just keep working just like you did on Windows, you can even download and run BONZI BUDDY with WINE!, well I think Linux is much less vulnerable to escalation-requiring attacks than Windows, mostly because in general on Linux users do not run with admin privs, whereas on Windows most people do. This is another specific example of exactly the same cultural issue that I'm describing, above: you're right, but we have to be sure to *indoctrinate the converts* on that point--otherwise they'll go `I'll just run as an administrator, like I did on Windows', and the trend will go in the other direction. And that's not even getting into the more subtle aspects like how it doesn't necessarily matter which UID owns the malware that's erasing, corrupting, or stealing your files... :) -- Don't be afraid to ask (λf.((λx.xx) (λr.f(rr. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: another reason to use adblock and noscript... or just use Linux
On Thu, Mar 25, 2010 at 1:35 AM, Thomas Charron twaf...@gmail.com wrote: Linux is NOT more secure then Windows. People RUNNING Linux are *generally* more security conscious then a person running Windows. -- -- Thomas Apache (OK, not Linux, but illustrative). Back a number of years ago, IIS was routinely compromised. Yet Apache had 2/3's of the installed base for web servers. If it was strictly numbers, apache would have been the most cracked / attacked. Why the difference? I don't know, but my theory is Open Source is better engineered because the people building it CARE (they're often the people using the software - see how apache got it's name) - and often have the skills to ensure it's working well. Also, because anyone can fix the hole, it's more likely that when it's spotted, someone who cares about fixing it will get their patch in. No system can totally protect you from social engineering - but they can protect from technical holes, speed repair of holes that are found, and work to minimize damage caused by social engineering. jeff ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: another reason to use adblock and noscript... or just use Linux
I've always hated the It's the most widely used, so it's the most widely targeted and most widely compromised argument. Most of the time I see it expoused by clueless journalists and Windows apologists making excuses for all the security issues Windows has had. But, there is a small (small!) germ of truth to it as well. On Wed, Mar 24, 2010 at 11:30 PM, Jeffry Smith jsm...@alum.mit.edu wrote: On Thu, Mar 25, 2010 at 1:35 AM, Thomas Charron twaf...@gmail.com wrote: Linux is NOT more secure then Windows. People RUNNING Linux are *generally* more security conscious then a person running Windows. -- -- Thomas Apache (OK, not Linux, but illustrative). Back a number of years ago, IIS was routinely compromised. Yet Apache had 2/3's of the installed base for web servers. If it was strictly numbers, apache would have. been the most cracked / attacked. Why the difference? I don't know, Thank you for reminding me of one of the best repudiations of the most popular gets compromised most theory. On a similar note, why haven't the stock markets been attacked? That's where the real $$ is. Someone breaking in might be able to manipulate some of the data and make some real money. None of them are run on Windows. I don't think that's a good argument for security one way or another either. I think Unix and other multi user OSen have a more secure mindset. You share the system with others and don't run as a privileged user. Developers write programs aware of this model. Well, unless they run as root all the time anyways. Web servers used to. DOS and later Windows was a single user system. The user has full control and doesn't have to share it. So developers have that mindset. MacOS 9 and earlier were like this too. There are lots of backdoors still out there. It's just another layer for the cracker to get through. I think there wlll be a wave as the real criminals (think the TJX compromise) and even more sophisticated cracks (the recent google one) come to light. Sites with lots to lose ($$, reputation, Intellectual Property) will have layers to protect them. They might have postfix on the DMZ feeding qmail internally with ClamAV scanning. Then run past a Windows AV that then feeds Exchange for internal use. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/