Deal with it.
People keep having this delusion that security is a
product. That, if you just buy some magic box, you'll have a program or an operating system that's as secure as Fort Knox.
It doesn't work that way. Security is a
process, not a product.
Some systems are more secure than others. Linux, as anyone who pays any attention to security news knows, is a lot more secure than Windows. If we were talking cars, Linux would be a Volvo S80 and Windows would be a Ford "Hit here to blow up" Pinto.
But, any car can be hit, and any car can be hit hard enough to destroy it. It's all about the odds and driving safely. Driving safely on a computer or a network means knowing, and using, their available security features. For example, any machine that's exposed on the Internet should have an
enabled firewall.
Even OpenBSD -- in my humble opinion, the safest operating system on the planet -- is crackable, if you allow anyone to come and pound away at its network interface.
In the case of Linux, if your system doesn't come with an enabled firewall, you can use netfilter and iptables to set up either a simple or sophisticated network defense system. If you're new to firewalls, LinuxGuruz has a helpful listing of netfilter and iptables resources.
And if your on windows, buy Norton, if not atleast use blackice or google free firewall for gods sakes!
You also need to keep an eye on security patches and repairs.
So, for example, when Red Hat announced last week a major security patch that fixed 16 individual flaws present in its Red Hat Desktop and RHEL (Red Hat Enterprise Linux) 4.0, you'd be well advised to install that patch sooner rather than later. And when that little yellow shield on XP pops up, click on it and install the patches please!
The same is true for applications. Are Firefox and Thunderbird safer than Internet Explorer and Outlook? Of course, they are. Does that mean you're safe using them without their latest patches? I don't think so!
Again, you can't drive and not eventually have a near-miss, and you can't run a networked computer without having someone seriously try to take your machine down. Security is all about weighing the threat level and doing the best you can to make sure that you're safe.
That also means taking a long, hard look at some "threats."
Last week, for instance, anti-virus software maker Kaspersky Lab claimed to have isolated a new virus, Stardust, aimed at Sun's StarOffice office suite and the open-source version of the programs, OpenOffice.
But, was this so-called macro virus a real worry? According to a NewsForge report, the "general agreement is that the Kaspersky Lab claim is an exaggeration."
I'd agree with that. Yes, if you open a strange document and enable it to run macros, something bad could happen to you. Unlike similar problems in the past with Microsoft Office macro viruses, though, any such "virus" can't attack the underlying operating system because neither StarOffice nor OpenOffice have the deep hooks into the operating system that enabled Office macros to be a real problem a few years back.
So, is there a potential problem here? Yes, potentially someone could use the macro language to cause trouble. Of course, they could also use Perl, Visual BASIC, Python, Java, etc., etc. to cause trouble.
Have I mentioned, yet, that
almost any use of software has some security danger?
There are two morals to this story. The first is that while you're safer using Linux or open-source software, you're never perfectly safe. The second is, as much as you might not want to, you really must work on security with any operating system or program, or face the possibility of having a real accident on the old information superhighway.
Deal with it.
Linear Mode
