posted on May, 7 2008 @ 03:54 PM
Originally posted by ianr5741
Don't like viruses? Switch over to Linux. It's 100x more secure, and FREE! And none of the code written into it is a secret, unlike M$
Again, this is very true. And as I said above, I believe
in Linux - but come on now, how many out there really
take the time to
go through the source code to understand what is going on?
Don't get me wrong, as I said in a previous post, I use Linux for all of my external firewalls, but it simply is not a panacea as so many people
think. I'm not suggesting we have a "my-OS-is-better-than-your-OS" flame-fest (particularly since Linux clearly wins...
) But I am
suggesting that while it is easier to get a virus on Windows it is a whole lot easier for me to get root on your Linux machine. (And conversely, for
you, or the NSA, or whomever, to get root on my Linux machines).
As I mentioned though, the scariest thing of all is this beast (behemoth, really) called "selinux" developed by the NSA and with DoD style access
controls. All of the National Labs must now run selinux - even on the desktop machines whether on the unclassified or classified networks - it's
that good. But, it is also incredibly hard to understand what is truly going on and (for me at least, who has been struggling with selinux for over a
year now) to understand how easy it is/would be for the NSA to pop a module in to say, one of my web hosting servers that I might not even have
physical control over and if I would even notice this! I mentioned "Carnivore" (the FBI's data-mining and TCP/IP wiretapping software) in another
thread. Why wouldn't it be easy to (or at least easier) to write an selinux module, pop it into your ISPs server(s), maybe with or without their
consent (most likely with, given the request by Bush et. al. for telecom immunity) and then you no longer have to worry about putting random TCP/IP
packets back together - which is very much non-trivial!
Selinux is flexible enough to do that kind of logging (I've personally written modules along those lines). "But it's not on my own computer" one
might object - well. sure - there is no need for it to be. So long as there is a fully digital hop somewhere in the path (and there is for nearly
everything these days - even land-line phone circuits generally take at least
one digital hop) then there you go - voila!
So what's the best thing to do these days? Just give in. Be assimilated...