Virus Thoughts

[Erik Aronesty]

Boxes should come locked down by default and then require a savvy
admin to unlock them... not the other way around. (This holds for RPF
filtering as well, especially on low-end boxes like netgear.) Most
services that "listen" should be off by default, like SMB sharing,
FTP, etc. This should be a universal rule for O/S manufacturers.

O/S'es should include basic firewalling and virus tools (signature
scanning in email, application-level control over network access)
enabled with some common, safe default settings.

Any admin worth his nickel wouldn't be intimidated by these defaults,
knowing how to turn them off when needed.

Patch services like up2date/windows update should be daemonized and
shipped turned on by default as well.

Lots of admins say that they'd "never enable these things". Good for
them.

But J-random consumer isn't an "admin".

 

[Alan Connor]

Boxes should come locked down by default and then require a savvy
admin to unlock them... not the other way around. (This holds for RPF
filtering as well, especially on low-end boxes like netgear.) Most
services that "listen" should be off by default, like SMB sharing,
FTP, etc. This should be a universal rule for O/S manufacturers.

O/S'es should include basic firewalling and virus tools (signature
scanning in email, application-level control over network access)
enabled with some common, safe default settings.

Any admin worth his nickel wouldn't be intimidated by these defaults,
knowing how to turn them off when needed.

Patch services like up2date/windows update should be daemonized and
shipped turned on by default as well.

Lots of admins say that they'd "never enable these things". Good for
them.

But J-random consumer isn't an "admin".

Viruses aren't a real concern on linux, though your ideas have merit
never-the-less, never-the-less

Alan C

 

[Edward Glamkowski]

(e-mail address removed) (Erik Aronesty) wrote in message

Boxes should come locked down by default and then require a savvy
admin to unlock them... not the other way around. (This holds for RPF
filtering as well, especially on low-end boxes like netgear.) Most
services that "listen" should be off by default, like SMB sharing,
FTP, etc. This should be a universal rule for O/S manufacturers.

Sounds like a Good Idea to me.

Who do we talk to to make this happen?

 

[Erik Aronesty]

(e-mail address removed) (Erik Aronesty) wrote in message

Sounds like a Good Idea to me.

Who do we talk to to make this happen?

I was quoted on NPR recently talking about this... so maybe that will
get *some* attention.

Ideas:

Come up with a list of big-name security professionals, and email
them... asking them if they will back us up on this policy

Join a security newsgroup and post... looking for people that will
help back us up?

 

[Erik Aronesty]

used Linux. Linux being an open operating system has the

potential for making viruses worse as a skilled writter
could make changes right down to the kernel. Just
something to concider.

"Closed source" means that bad guys can still break in, grab it, and
use it to build viruses....

Most of Microsoft's viruses were written by people who access to the
source code.

"Open source" means the good guys *and* the bad guys see the source.

So it levels the playing field.

 

[Ronnie Vernon MVP]

(e-mail address removed) (Erik Aronesty) wrote in message


Another key difference, at least historically, has been the speed of
patches and fixes for linux vs. windows. Although it seems MS has
gotten better at that, at least as far as big news viruses go, like
Blaster. Well, we didn't have wait 3 months for a fix, anyways.
The Linux community usually has a fix out the same day.

Not sure where you are getting the "3 months" figure from, but Microsoft
posted the fix for the MSBlast.worm, one month 'prior' to the first
appearance of this worm.
--
Ronnie Vernon
Microsoft MVP
Windows Shell/User

Please reply to the newsgroup so all may benefit.
Unsolicited e-mail is not answered.