Linux: security through obscurity?
Linux: security through obscurity?
Posted Nov 4, 2004 10:13 UTC (Thu) by james (subscriber, #1325)Parent article: Linux: security through obscurity?
Our security is insufficient, and, eventually, somebody is going to demonstrate that to the world.
I don't know about you, but I think it unlikely that we're going to see a "big bang", a sudden appearance of a brand-new threat. It hasn't happened that way in the past: the scum have tried a new approach, if they're lucky it's sort-of worked, then they refine it.
But we get to see the new approaches, and craft our responses at the same time. At the moment, the community seems to be moving fast enough to keep up with the scum, and often to cut off complete approaches for attack.
As the author hinted, the big potential problem is users with root (which home users do need) but without a clue. I suspect that a lot of the security engineering is going to have to be usability engineering: making the easy way the safe way, and the safe way the easy way.
James
Posted Nov 11, 2004 16:55 UTC (Thu)
by rgmoore (✭ supporter ✭, #75)
[Link]
And I think that the author has the correct general approach to that problem, too; ensure that there are enough Free Software alternatives included with the distribution. Comprehensive distributions like Debian and Gentoo have enormous libraries of software available, and it's probably easier to install that software through apt or emerge than it is to download and install a package from a third party site. It's always possible that the distro will make a mistake and include a malicious package, but it does provide a much higher barrier to trojan-type malware than if users are installing random programs off the net.
Linux: security through obscurity?
I suspect that a lot of the security engineering is going to have to be usability engineering: making the easy way the safe way, and the safe way the easy way.