Re: [LUG] Computer security

[Martijn <sweetwatergeek@xxxxxxxxxxxxxx>]

On Sat, Apr 5, 2008 at 9:19 AM, Neil Williams wrote:
> Most attacks will actually come via email and are targeted at the human,
> not the OS.
>
> "Vulnerability exists between keyboard and chair."

This is very true. I think that you can reduce you risk of being
infected by some kind of malware by 95 percent by just applying common
sense. Using Linux will then reduce this risk even further, for the
simple fact that almost all malicious software (trojans etc.) are
written for Windows. So even if you believe that that 'Dear customer'
email genuinely came from your bank and that the attached .exe file is
a really security patch, it will not harm you in any way because the
file just won't run on your computer.

Once Linux gets a reasonable market share, you can be sure there will
be more malware aimed at Linux users. It doesn't matter here whether
Linux is a more secure OS or not: as you can take screenshots of all
your transactions with your bank and logs everything you enter into
their website and sends all that information to crooks@xxxxxxxx, you
can write a program that does all that for you; hence you can install
such a program sent to you in an email believing it is a nice game, a
useful plugin or even a security patch.

Also be aware of possible vulnerabilities in cross-platform software
such as Firefox, some of which are independent of the underlying OS.
Thus you should always update to the latest secure version if such
software.

(There are cases, although they are rare, in which someone has hacked
into the software's website so that users automatically downloaded an
update which actually contained a trojan. It is good to be aware of
the possibility of this, but I don't think one should get too paranoid
over these things. If you want a 100% safe computer, just don't turn
it on.)

Martijn.

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html