Linux uncrackable...?

[Tim]

On Sun, 2012-09-02 at 09:46 -0700, jdow wrote:
> My take away from this is that absolutely nothing except a totally
> disconnected machine in an impenetrable safe is uncrackable, even
> Fedora machines. Some form of "AV" tool is called for as well as
> routine checks with the various system check utilities. Even that
> won't prevent 100% of all attempts from succeeding. But it will help.

Nothing is 100% bulletproof, there will always be some weakness.  The
current state of play is to try an make sure that /that/ weakness isn't
exposed, rather than eliminate all the weaknesses (which isn't really
possible).

If you have some publicly accessible machine (whether over the net, or a
computer where the public can actually touch it), you are at your most
vulnerable, and it's next to impossible to completely secure it.  Heck,
you can create serious problems just by pulling out a cable.

On the other hand, a home PC which doesn't act as a server to the public
over the net, or to strangers in the room, is a very different
situation.

Windows has clearly demonstrated that it's vulnerable just by reading an
email, and without even having to trick the user into doing anything
extra than just reading it.  And the common habit of installing software
from anywhere, rather than just supervised repositories, makes it even
more vulnerable.  Whether that be the user installing cute toys they
find, or some website asking you to install a *special* plug-in to view
the content on this page, and the continual cracked software piracy (do
you really expect such a cracker to care about your rights, if they've
been happily violating the original software author's?).  Hence the need
for prophylactic programs to try and intervene with such things. 

I haven't seen that same sort of situation demonstrated with Linux.  It
doesn't shoot itself in the foot, you have to get the user to install
something, most of what we install comes from our own repos (which we
hope the vetting process between testing and release repos helps us, and
the rapid turnover of updates to fix software flaws certainly does help
us), and the piracy angle is almost non-existent (because we don't need
to crack software), hence the need for prophylactic programs is far
less.  

Not that such programs can stop a user from doing something that they're
going to do, despite all the warnings, on any OS.

-- 
[tim at localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.