LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] Amavis

[ILUG] Amavis

Rick Moen rick at linuxmafia.com
Thu Mar 4 16:39:57 GMT 2004 

Peter, you went out of your way to override my Reply-To.  Please don't.
I'm setting it again.

Quoting Peter McEvoy (pete at yerma.org):

> On Thu, Mar 04, 2004 at 07:54:16AM -0800, Rick Moen wrote:
> > I worked for many years on MS-Windows without having problems with
> > malware through exercise of basic logic and taking responsibility for
> > processes I chose to run.  Although I washed my hands of that OS for
> > other reasons, surely that approach still works.
> 
> Not really, the rpc worms are one example....

Not really.  As a reminder, I said "through exercise of basic logic and
taking responsibilty for processes I chose to run".  If I were to run
MS-Windows today, I'd nmap my host before deployment, and then do
whatever's necessary to either shut off or IP-filter any exposed
services for which I didn't want to assume responsibility.   If I didn't
know how to do that, I'd find someone who could.

"Assume responsibility" has a couple of obvious implications, among
others:  One is to eschew dangerously designed codebases (e.g., the
generally pointless RPC portmapper, MSIE, MS Outlook, MS Outlook
Express).  Another is to have a realistic recovery plan in case any 
of innumerable things go wrong (current backups, ability to reinstall
all applications).  Another is to be generally aware of what is going
on, on your system.

> ...the cruft that you'll gather from simply visiting websites using a
> slightly out of date version of internet explorer is another.

While I was running MS-Windows, I was _absolutely_ unwilling to assume
responsibility for MS Internet Explorer, because it was _notorious_ as a 
defectively designed program. 

I'm sorry people are unwilling to exercise basic logic and assume
responsibility for what they choose to run, but that doesn't mean it
doesn't work.

> And then there's the problem of getting the message to users *not* to
> open attachments they recieve purporting to be from their closest and
> dearest.

To reiterate:  There's nothing conceivably dangerous about opening
attachments -- which should not be confused with the mindblowing
stupidity of _executing code_ received over the Internet from random
strangers.  

> It may seem primitive to those in the know but to Joe six pack this
> all seems perfectly legit.

I think you'd be amazed how quickly Joe Sixpack would wise up if his
employer started taking the cost of his computer malfeasances out of his
salary.

-- 
Cheers,     Founding member of the Hyphenation Society, a grassroots-based, 
Rick Moen   not-for-profit, locally-owned-and-operated, cooperatively-managed,
rick at linuxmafia.com     modern-American-English-usage-improvement association.

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell