Critical Linux security API is still a kludge (Inquirer)
Posted Oct 23, 2006 18:27 UTC (Mon) by MisterIO
Parent article: Critical Linux security API is still a kludge (Inquirer)
This seems a really waste of time to me!The problem of security in the IT world shouldn't be treated in a theoretical way.It should be treated in a statistical way,i.e. you shouldn't try to create an absolutely secure system,because it's really easy to fail in that direction(there's nothing perfet!),you should try to eliminate the first and most important of all the threats to all pcs,that is ignorance!If people follow even the most basic security rules,they would eliminate the 85% and maybe more of all kind of viruses.In fact the most dangerous problem about windows(at least till windows xp, I don't know about vista)is that you are root by default!!!This is why unixes are more secure by default(well,at least if you don't write your root password in your user folder in a file like rootpassword.txt,but this too is an ignorance problem!).Anyway,you could say that if you consider an enterprise or some government office,you should do even more,but well,if you are one of those ones,and you have selinux,and all the other systems already present in Linux,you should't need anything more,because you would be in a really secure condition and the real problem would be people another time!Normally people don't even want to read the documentation of their tvs or dvd players,they sit on the sofa and try pushingthis or that button,normally succeding with the simpler tasks and not using the advanced ones.The majority of pc users have this approach with pcs too!but networked pcs are a complete different beast than tvs or dvd players,and if you don't make this clear to them,there will always be big problems,whatever you do to make their systems secure,because a system cannot be secure without being more difficult to use than a dvd player(at least in the near future)!
All this said,why should be a threat to have a windows program in a Linux filesystem?Correct me if I'm wrong,but if you really need to use Wine,you can use an antivirus to scan the program and then use Wine to execute it.If you use xen to run windows(on a cpu that can do that),well,why do you do that?do you really need to do that?I can't really think about an environment that should be really secure and that should need to use windows for anything!
to post comments)