[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 12/07/11 19:55, Grant Sewell wrote: > >> Those who think GNU/Linux is a secure operating system have had their >> judgement corrupted by vendors who ship operating systems that are >> even less secure. > > In all honesty, there is no such thing as a "secure operating system" - > there are only levels of insecurity. Agreed, but the point stands as what is accepted currently as "better than average" is probably "poorer than needed". The problem is largely one of economics, as all truly big problems are. It isn't difficult to produce more secure computing platforms, Comp Sci graduates do it all the time for their Phd's, it is difficult to get them adopted, which requires overcoming various barriers. On the other hand, as was being discussed on this seasons LUG radio. You can make up for lack of inherent security. i.e. that any malware that gets installed on your desktop can watch you typing, and thus steal passwords and credit card numbers, by making darn sure you only install applications from trusted sources. This is harder said than done, as while I have 3 repositories on my Debian desktop (Debian's and two 3rd party software vendors), I know that Firefox and a few other bits of software are installing executable code, or have doubtful security models. We can also move the goal posts further with things like SE Linux. Is SELINUX fine grained enough to restrict X apps from intercepting such events, I'd guess not yet, but happy if someone knows if it can. I know the NSA did a report saying you can use similar technique to make the X11 desktop more secure - but saying it and doing it are different things entirely. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq