[huskerlug] Re: [MLIST] Re: antivirus

        This is why I use Eudora 1.5 on Windows.  It's an old window 3.0
program, and it doesn't use html, anything that isn't txt becomes an 
attachment.  Never had any trouble with virii with it.   ---Jim



On Friday 22 August 2003 23:34, you wrote:
> > I won't be so bold as to say it can't happen here but KMail, the
> > mail program I use in Linux does not set attachments to be
> > executable.  Windows
>
> Typically mail programs for *nix were written without the less
> secure "features" being added (a good thing in my opinion).  But, as
> I was trying to point it, this isn't Linux vs. windows security,
> it's Kmail vs. Outlook security.  Linux/windows have very little to
> do with this particular case. Run kmail inside of Cygwin on windows
> and I'll be it's just as secure since it still won't execute
> attachments.
>
> > (they might have changed this very recently) does not have the
> > ability to keep script files from being executable.  They are
> > associated with the scripting executable and then executed as long
> > as read permissions exists.
>
> Windoze NT/2K/XP/2K3 can restrict executable permissions to files
> just like a *nix box can.  Newer versions of Outlook also can set
> policy restrictions on file attachments.  The problem with Outlook
> is that security has been bolted on as an after thought and many of
> the protections added to it can be circumvented by viruses due to
> security holes and implementation flaws (yes, all software has this
> problem, but Outlook, like IE, seems to have way more than it's fair
> share).
>
> > With Linux there are more tools to control evil activities.  You
> > can use iptables to restrict your outgoing port 25 connections to
> > only your own email server.  With the Linux security module I
> > think you can deny the ability to make outgoing connections to
> > whoever you want.
>
> These features are available in windoze too.  Zone Alarm can be used
> to block outgoing connections just like iptables.
>
> LSM is just a frame work for implementing security policies.  By
> itself, it's useless.  Either way, LSM isn't part of a "stable"
> kernel yet, so, to make a "fair" comparison, we probably shouldn't
> include it yet.
>
> Currently there are patches alternatives that can be used to harden
> stable series kernels  (e.g. RSBAC, grsecurity, LIDS, etc.), but
> most of them aren't shipped by default with the commonly used
> distros.  Most, if not all of these patches, will let you restrict
> network connections.
>
> Don't get me wrong, I despise windoze, but it is a big misconception
> to think that Linux is immune to viruses/worms.  Now quit making me
> defend windoze to make a point ;-)  I won't argue that as things
> currently stand, *nix is probably a lot safer environment for the
> "typical" end user since it protects them better from "ignorant"
> mistakes (e.g not opening every attachment that gets sent to them). 
> Most users simply don't know better unless they've been eductated by
> someone.
>
> Cheers!

----
Husker Linux Users Group mailing list
To unsubscribe, send a message to huskerlug-request@xxxxxxxxxxxxx
with a subject of UNSUBSCRIBE

Other related posts: