New Massive Botnet Twice the Size of Storm (Dark Reading)

Not sure yet that Selinux is useful for general purpose desktop computing or IT research
computing where end users need 50 general purpose applications and another 50 which few other
people use but which need to be changed on a daily basis. Selinux might be useful for locking
down a server application the resource requirements of which can be carefully studied and
monitored, but most end users have no idea which files they need to execute and which files
and ports these executables need to be able to access in which (read/write/delete/modify)
modes. Most end users are also likely never to want to acquire this knowledge. I can imagine
some end users who only ever use software in a standard distribution and single distribution
repository where the selinux policies are maintained by all the application packagers, whom
selinux would theoretically be able to help. But when they have to install a new device driver
or any unpackaged application that requires the tar/make/configure dance they will be well and
truly blocked and then they are likely to get fed up and use a system that isn't so well
locked down.

The problem Selinux will probably never solve is knowing the difference between low level
access from users doing what they know they want to do and low level access happening as a
result of attacks that users didn't want to happen.

Perhaps having a selinux protected main system plus virtual machines usable for quick and
dirty application installs but to which no important data is entrusted would go further, but
this still doesn't solve the device driver installation requirement where low level access is
needed.