I love IP Tables....

Les hlhowell at pacbell.net
Tue May 29 16:13:29 UTC 2007


On Mon, 2007-05-28 at 19:27 -0600, David G. Miller wrote:

> saying

Well, I'm running Linux here, with SpamAssasin, and Clam installed, and
using AT*T as ISP, with a hardware firewall in my modem, so I think I
have done pretty well, but I am new to linux, and still don't feel that
I have the security well in hand.  And I do have a recent BSIT as well.
So it is not simple.  If you are a professional network admin, you get
access to other admiins through the usual contacts with your peers, and
the companies whose software you run.  However, a home user, who is not
doing this professionally, such as I now, even with a degree, and
considerable experience, doesn't have the peer connections that you
enjoy, nor is there anyone checking our work, and it is a "hobby", done
after work for those not retired, all of which means that learning the
full garmet of security required is not within the scope of their (my)
use.

    This is not an excuse, but simple ignorance, cured through
education, or through better design, or both.  I prefer the both
approach, along with some standard package techniques to help guide the
user.  For instance, instead of saying use Anti-virus, which we have all
heard, and to each of us familiar with computing has some meaning
(although I would bet somewhat different meanings depending on who you
spoke to), it means virtually nothing to a new owner with a sparkling PC
just waiting to explore the web.

    How about instead saying something like "your system comes with
ClamAV installed.  To learn about it click here" during the startup
process, with reminders at login until the person goes and reads a bit
about it.  The base documentation should be breif, and describe what it
does, and how to set it up and keep it up to date, with other links to
more information.  The same interface could support Spamassasin or other
antivirus software, and the process itself could be included as the
"standard" means of supplying AV products so that new products could
have access to the same interface.

   Since very very few people, including most system admins really know
what a virus or worm does or how it does it, it would seem to me that a
simple installation and information process would do wonders for helping
safe guard these systems.  After all, how many of you know how dynamic
linking really works, or even linking loaders (which every one of you
uses every day)  Do you know how the compilers generate code, and how it
is constructed to support linking loaders, or debuggers and what the
differences are between released code without debugging information and
debugging code?  What does a macro do iin a compiler as compared to a
macro in an office document?  My point is that this is a complex
environment, and no one knows everything about it (well there may be a
few exceptions), so saying you will punish people for ignorance is an
archaic concept, based upon a time when the knowledge that was required
in th world was much less, and less arcane.  Today, across cultures,
across systems that range from spoons to spacecraft, that concept is
woefully inadequate.  How many folks know all the laws that affect their
homes, from plumbing to insulation, to heating and airconditioning, to
the wiring and circuit breakers, even the box sizes and how wires are
run?  Just the electrical code for a house is about 1400 pages in most
states.  Plumbing is a bit more.  Roofing and framing is a set of books
the size of an encyclopedia.  And our computers have bookcases full.
The higher the technology, and the more possibility of death or harm,
the greater the legislative burden, not to mention the education
required to manage the construction and use of such systems.  The
automobile has libraries dedicated to their regulations, with many more
in the offering today.  What happens when we add legislation is that
fewer and fewer people have the legal ability to work on and run their
own "stuff", and it becomes more and more expensive and less and less
free.   That is why we all need to aviod the "make a law" syndrome, and
is one of the major drives behind FOSS.

And don't should on people, unless you like being shoulded yourself.

Regards,
Les H
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/users/attachments/20070529/13218135/attachment-0002.html 


More information about the users mailing list