Re: [orca-list] Fwd: Re: [Support] autoinstall of talking arch

[Christopher Chaltain <chaltain gmail com>]

I must be missing your point, since I don't see how you can say it isn't 
necessary to make a judgment call in Linux when it comes to where you 
get your applications. Using Ubuntu as an example, I can use standard 
Ubuntu repositories or I can enable 3rd party repositories. Anyone can 
create a PPA on Launchpad, and I could enable one of those repositories. 
I could download and install an application with a .deb file. I can 
download an archive, uncompress it and run a makefile to build an 
executable on my system. Any of these avenues could introduce malware 
into my system. The more reputable the source of my executable the less 
likely I am to get any malware. I don't see how this is any different 
than Windows. Note, I'm not a Windows advocate, but I don't quite follow 
your implication that the user bears no responsibility in Linux for 
avoiding malware.

On 02/18/2015 11:37 AM, Todor Fassl wrote:
> Right but what's a "reputable source"? You are requiring the end user to
> make a judgement call that simply isn't necessary in linux. When it
> comes to deciding which operating system is more secure by design, this
> is a huge point in favor of linux.
>
> The last time I got into this debate it was on the nfb-cs list. The main
> advocate for Windows pointed out that a standard install of debian
> starts the rpc-bind daemon and opens port 111. Well, you *could* stop
> that, after all. But my main problem with the point is that I've never
> heard of anyone using port 111 and the rpc-bind daemon as an attack
> vector. I googled for exploits and didn't find anything. To compare a
> flaw like that to the problems in Windows is really misleading.
>
> You can tell end users to install programs from reputable sources but
> that is easier said than done.
>
>
> On 02/17/2015 08:22 PM, Christopher Chaltain wrote:
> > Installing applications from official repositories is a choice. There
> > are plenty of other ways to get applications on to your system. If you
> > practice some common sense on Windows, and only install applications
> > you get from reputable sources and keep your software up to date
> > you'll go a lon ways towards avoiding malware on Windows.
> >
> > On 02/17/2015 02:29 PM, Todor Fassl wrote:
> > > No, linux is less prone to viruses because almost everything you install
> > > is from an official repository. It would be difficult to get a virus
> > > into an official repository. Even if you did, you'd only do it once
> > > because you'd be blackballed as a developer for forever. And the source
> > > code is there for everyone to see.
> > >
> > > As far as I know, no one has ever gotten a virus into a package from an
> > > official repository for any major distro. I've been watching security
> > > email lists and newsletters for years for something like that and I've
> > > never seen it.
> > >
> > >
> > > What a hacker could do is to include a program compiled for linux as an
> > > email attachment. You could run it by double clicking on it but it
> > > couldn't change systems files unless you ran it via sudo and entered
> > > your password. You could probably write a program that first asked for
> > > your password and then forked itself and infected your system. That'd be
> > > rather obvious though.
> > >
> > >
> > > On 02/16/2015 01:12 PM, Josh K wrote:
> > > > but if everybody ran linux all of a sudden wouldn't the virus makers
> > > > then target linux just like they target windows now? and if they put
> > > > an all out viral assault on linux wouldn't linux cave like windows
> > > > does often?
> > > >
> > > > follow me on twitter @joshknnd1982
> > > >
> > > > On 2/16/2015 1:32 PM, Kyle wrote:
> > > > > With things like viruses, compromises of personal data and other
> > > > > things
> > > > > we hear about in the news every day, I could never recommend running
> > > > > Windows in an office setting either. Fact is that Windows was
> > > > > initially
> > > > > designed for gamers and children, whereas Linux and other Unix-like
> > > > > operating systems have been designed with business in mind, and have
> > > > > only recently, say within the last 10 to 12 years or so, gotten to the
> > > > > point where more casual home users can feel comfortable using it. No
> > > > > marketing hype in the world will change my perception of Windows as a
> > > > > toy and nothing more, especially when I can't watch the news without
> > > > > seeing yet another infected ATM, credit card machine or other bank or
> > > > > store related terminal that never should have been running Windows in
> > > > > the first place, but has been compromised because it does, and an old
> > > > > version at that. So yeah, I'm for Linux or BSD all the way, and
> > > > > Linux is
> > > > > the most polished OS I've been able to find that talks to me, unless
> > > > > anyone has any pointers on how to get a *real* BSD (NOT MacOS)
> > > > > talking,
> > > > > in which case, I'm all ears. Man do I want me some BSD! But then
> > > > > again,
> > > > > BSD just doesn't seem to have the hardware support or even the ease of
> > > > > use that Linux now enjoys, so it will still require some shell
> > > > > knowledge
> > > > > at this point, and I can't really recommend it to novice users the
> > > > > way I
> > > > > have been able to get them turned on to the easier non-geek-oriented
> > > > > Linux distros.
> > > > > Sent from my coffee maker
> > > >
> > > > _______________________________________________
> > > > orca-list mailing list
> > > > orca-list gnome org
> > > > https://mail.gnome.org/mailman/listinfo/orca-list
> > > > Visit http://live.gnome.org/Orca for more information on Orca.
> > > > The manual is at
> > > > http://library.gnome.org/users/gnome-access-guide/nightly/ats-2.html
> > > > The FAQ is at http://live.gnome.org/Orca/FrequentlyAskedQuestions
> > > > Log bugs and feature requests at http://bugzilla.gnome.org
> > > > Find out how to help at http://live.gnome.org/Orca/HowCanIHelp
> > >
> > > _______________________________________________
> > > orca-list mailing list
> > > orca-list gnome org
> > > https://mail.gnome.org/mailman/listinfo/orca-list
> > > Visit http://live.gnome.org/Orca for more information on Orca.
> > > The manual is at
> > > http://library.gnome.org/users/gnome-access-guide/nightly/ats-2.html
> > > The FAQ is at http://live.gnome.org/Orca/FrequentlyAskedQuestions
> > > Log bugs and feature requests at http://bugzilla.gnome.org
> > > Find out how to help at http://live.gnome.org/Orca/HowCanIHelp
>
> _______________________________________________
> orca-list mailing list
> orca-list gnome org
> https://mail.gnome.org/mailman/listinfo/orca-list
> Visit http://live.gnome.org/Orca for more information on Orca.
> The manual is at
> http://library.gnome.org/users/gnome-access-guide/nightly/ats-2.html
> The FAQ is at http://live.gnome.org/Orca/FrequentlyAskedQuestions
> Log bugs and feature requests at http://bugzilla.gnome.org
> Find out how to help at http://live.gnome.org/Orca/HowCanIHelp

--
Christopher (CJ)
chaltain at Gmail