-Eric Hattemer
There are two important parts that the OS vendors play in this, though.
First is making sure that unneeded services are trimmed down. In my
mind, RedHat is bad at this. Just because I have sendmail installed
doesn't mean I'd like it to start up the first time I boot. Services
that should start on first boot should be the few that are needed for
the computer to function and allow advanced users to turn on the extra
services. SSH could be an exception, since it allows secure remote
access, but with the latest SSH exploits, maybe not even that. However,
at least linux has their services modularized. RPC in windows is the
biggest security hole there is, and it can't be turned off. Kernel
level exploits in linux are rare if ever, and usually require iptables
or something.
The second part they play is making updates obvious. They cannot
overstate these. I deal with virus/worm calls at work, and they seem to
be all I do anymore. We ask people if they click install on the windows
updates that automatically pop up in windows XP and they say something
like "I didn't know what it was so I canceled it". OS vendors need to
either have security updates automatically install themselves unless an
advanced user turns off that feature. The other alternative is to make
the popups so frightening that no one could refuse. That would be
something like "Install this update or your computer will likely be
hacked into and your data erased". Most linux distributions don't make
security updates too apparent to a novice user.
But then again, I've become convinced over the last two months that only
10% of the American population should be allowed to use a computer at
all. And really that's 10% of the college educated population.
- Re: [luau] Counterpoint: Linux vs. Windows Viruses Eric Hattemer
