ABM Considered Harmful (was: piercing corporate)

Dan Jenkins dan at rastech.com
Wed Feb 18 10:15:33 EST 2004 

bscott at ntisys.com wrote:

>  Actually, I do believe there *are* things on Linux that make it
>  inherently more secure then Microsoft products. (I've even said so,
>  in this forum, recently.) More importantly, I believe it is easier
>  and cheaper to operate a Linux system in a secure fashion then to do
>  the same with a Windoze system.
>
>  I just don't believe *any* of those advantages come into play when
>  you look at the current exploit techniques being used again Windoze.
>  They all attack (1) hideously insecure system configurations, (2)
>  plainly out-of-date software, and/or (3) blatant user ignorance.
>  Linux is equally vulnerable to all three of those.
>
>  Again, it doesn't matter how good your locking mechanism is, if the
>  problem is that people don't lock the door in the first place.
>
>  I've explained this, at length, to countless people, and some of them
>  *still* won't do what is needed to fix things. Ever *after*
>  multiple compromises. I find it nothing less then dumbfounding.
>
>  That's the real problem. Linux can do nothing to fight it.

Absolutely true.

MyDoom exploited no security flaws in Microsoft software.
It took advantage of users being tricked into manually opening attachments.
I ought to have been stunned to see people do that after this much time,
but I'm cynical enough not to be. ;-)

I have to explain the same virus hoax to the same people every year.
I've had one person delete the JDBGR.EXE file in Windows three
times. (There is a hoax about a virus which tells the user to delete this
file, which is the Java Debugger for Windows.) So, if the same hoax
can take the same people repeatedly, there seems little hope that
education will actually solve the underlying problem. BTW, these aren't
stupid people, nor even ignorant since I've explained the hoax each time
to them. One of them has said twice that she remembers my explanation -
after I remind her, but when the situation arises, she forgets it and 
reacts.

-- 
Dan Jenkins (dan at rastech.com)
Rastech Inc., Bedford, NH, USA --- 1-603-624-7272
*** Technical Support for over a Quarter Century

More information about the gnhlug-discuss mailing list