On 27 May 2006 at 22:10, Gaffer wrote: > On Saturday 27 May 2006 21:44, Bernie Cosell Scribbled: > > On 27 May 2006 at 21:21, Gaffer wrote: > > > Weird I may be. But I don't get virus, > > > > That's more luck than anything: > > I would beg to differ !
Well, we have different opinions on that... > > Unix systems are the MOST attacked > > and have a huge number of vulnerabilities. A fellow brought up a > > redhat at school [to use as a server] and it was hacked-into and > > compromised in a couple of hours [and this before anyone had actually > > used the system for anything] > > Strange isn't it that a new system gets attacked before it can be used ! > Inside job I recon ! You're wrong: it is the result of scans and probes, and when the system is discovered it is attacked. > I agree, the addage of "getting to root" is the goal of a cracker! Get > root and the system is yours ! I know -- Unix's *biggest* security misfeature -- one bit security. Windows's biggest security misfeature is that almost all of its users *start* with admin privileges, so _every_ slip, error, vulnerability is a total system compromise. It is a lot harder to "get at" most Unix systems because you need either to exploit server vulnerabilities or find a privilege-escalating vulnerability; on windows, the users [by running as admin] both do all the hard work [*giving* the attacker full system privileges to start with] *AND* are often naïve/duped into being the agent that infects their own system. Windows's biggest security problem is its users! As a side note, it is possible [but surprisingly difficult] to configure a Unix system that'll withstand having root compromised. > > > .. and nothing goes out unless I > > > let it (port 80 excluded). > > > > How do you manage that? iptables or some such? Because of the > > utterly broken way Berkeley kludged sockets into Unix, AFAIK it is > > nearly impossible to prevent a process from opening a network > > connection [either outgoing or listening]. > As far as port opening is concerned all ports are closed by default in > and out. Would you elaborate how you "closed" the ports? As far as I know [in having used and installed scores of Unix systems over the years] *NO* port is "closed" by default on a unix system. I know you can do that kind of thing with ipchains, but it ain't easy to get configured properly [if you want to the system both to be secure AND to be useful] and AFAIK no distro comes with that set up active and DENY ALL as a default [is SUSE doing that these days?] Few sysadmins understand IPCHAINS and so if they did that, it'd be amusing how many sysadmins would have a hard time getting IRC or SSH or sendmail or ... to work. Does your system, in fact, close all those ports with ipchains or the like? Or if not, how *do* the ports get to be "closed by default"? /Bernie\ -- Bernie Cosell Fantasy Farm Fibers mailto:[EMAIL PROTECTED] Pearisburg, VA --> Too many people, too few sheep <-- -- ---------------------------------------- To Change your email Address for this list, send the following message: CHANGE WIN-HOME your_old_address your_new_address to: [EMAIL PROTECTED] Note carefully that both old and new addresses are required.
