On Tue, Nov 25, 2008 at 14:58, Jan Klod <[EMAIL PROTECTED]> wrote: > Actually, that sound like there is practically no way to keep networked > workstation really secure.
That's kind of outside the realm of this discussion. The difference between the attack surface of a network interface versus that of a local application is several orders of magnitude. Local applications have filesystems, local sockets, shared memory, hardware, and many other channels they can use to communicate with and subvert others, whereas a system that is simply networked has a single point of entry. > As a conclusion of what I have read this far I can state: hardened OS is > useless for non-server. Would that be too much? Well, I think, in a "black > and white" no. (later is a discussion of what is better: to have 3 holes or > 300) The problem, as I see it, is that you haven't defined your problem scope. Taking "extra precautions" is nice, but unless you [even broadly] classify what you consider a viable threat, you're not going to gain much ground. My advice would be to sit back and try to define what you're defending against. There are measures you can take, but blindly applying security policies is more likely to end up with a broken system than a secure one.
