[conspire] A bit more on that "worm"

Don Marti dmarti at zgp.org
Sun Nov 13 10:56:22 PST 2005

begin barton quotation of Sat, Nov 12, 2005 at 04:27:03PM -0800:

> Linux and Unix come pretty locked down to start with and the "system
> administrator" has to work hard to screw things up. 

Loading up your Linux system with potentially
exploitable software is getting easier and easier.
You can find lots of easy-to-follow instructions
on the "dang ol' Internet, man" that get you set up
with very complex network-facing apps and all their

But do that a few times, and the question "Do you
have a vulnerable version of PHPXMLWTF on your system
right now?" becomes hard to answer.

The best thing you can do for your system's security
is to keep software off it, or at least have as
little software on it as possible.  The next best
thing you can do is make sure that for every piece
of software on your machine you have (1) a reliable
information channel for security updates on it and
(2) a tool and/or plan to deal with it if necessary.

> On the other hand
> Windows come pretty much waiting for an attack, and one needs to work
> pretty hard to lock it down. I know cooperate Windows sites that are
> really secure and I now ones that are wide open. Windows can be pretty
> secure if the IT staff works hard enough.

The hard part about IT is understanding complex
systems, not knowing the commands that manipulate
a system.  "Unix" staff are typically high-priced not
because they know Unix commands, but because they're
knowledgable about larger and more complex systems.

New item for the clip-n-save guide

11. Base staffing costs on reported salaries for
"Unix" and "Windows" staff, not whether or not the
staff members required have to be qualified and
experienced in adminstering a large network.

> Home systems are another matter. Most Windows home users aren't into
> computer science or "systems admininstation"  and without a little help
> from the creator of the distribution are really at risk.

Users are vulnerable to security risks not because
they're insufficiently "educated" but because the IT
industry has "educated" them to click through software
installs and other counterintuitive, scary things in
the first place.



Don Marti
dmarti at zgp.org

More information about the conspire mailing list