D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Secure Shell?

 

On 12/07/11 19:55, Grant Sewell wrote:
> 
>> Those who think GNU/Linux is a secure operating system have had their
>> judgement corrupted by vendors who ship operating systems that are
>> even less secure.
> 
> In all honesty, there is no such thing as a "secure operating system" -
> there are only levels of insecurity.

Agreed, but the point stands as what is accepted currently as "better
than average" is probably "poorer than needed".

The problem is largely one of economics, as all truly big problems are.

It isn't difficult to produce more secure computing platforms, Comp Sci
graduates do it all the time for their Phd's, it is difficult to get
them adopted, which requires overcoming various barriers.

On the other hand, as was being discussed on this seasons LUG radio. You
can make up for lack of inherent security. i.e. that any malware that
gets installed on your desktop can watch you typing, and thus steal
passwords and credit card numbers, by making darn sure you only install
applications from trusted sources.

This is harder said than done, as while I have 3 repositories on my
Debian desktop (Debian's and two 3rd party software vendors), I know
that Firefox and a few other bits of software are installing executable
code, or have doubtful security models.

We can also move the goal posts further with things like SE Linux.

Is SELINUX fine grained enough to restrict X apps from intercepting such
events, I'd guess not yet, but happy if someone knows if it can. I know
the NSA did a report saying you can use similar technique to make the
X11 desktop more secure - but saying it and doing it are different
things entirely.

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq