SELinux

[James McKenzie]

Takehiko Abe wrote:
>  >> I assume you know the chances that an average linux user actually
>  >> get exploited in that way is very low.
>  >
>  > Don't expect that to last. Windows users get hosed by web browser
>  > and plugin bugs a lot. Right now it isn't worth the trouble to set
>  > up similar exploits for Linux systems.
>
> So, right now I do not need SELinux even if I "use a web browser to
> view more than a short list of trusted sites".
>   
Have I got a site for you.  I stated it before, web browser malware is 
NOT operating system specific.
>  > Expect that to change as the malware toolkits get better.
>
> I don't.
>   
I do.  Rootkits have given way to browser malware.  And it does exist 
for Firefox, Chrome and Opera.  YOUR information is very, very 
valuable.  And yes, it can be stolen without a lot of effort.  One wrong 
step and 'bang' they've got you. 

SELinux and other security tools (never rely on just one) alert you that 
'something is wrong'.  You have to take action to fix. 

Also, keep in mind that in business, 85% of all attacks come from inside 
the company.  Most are not intentional.  Most are stupid users doing 
stupid things.  Again, tools help.

SELinux is a tool, designed to 'armor up' your system.  Its history is 
well known.

BTW, since I'm an island, I don't need SELinux.  But I'm going to 
install it and set it to permissive in case I make a mistake.

James McKenzie