D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Linux - and security

 

On 02/11/12 09:36, Gordon Henderson wrote:
> On Fri, 2 Nov 2012, Neil Winchurst wrote:
>
>> A little while ago I received an email telling me that my bank account
>> details had got messed up and if I would like to click on the button
>> below ..... yeah, right! It wasn't even my bank.
>>
>> More recently I had an email telling me that my Facebook account had got
>> blocked and if I would like to click on the button ...... I have never
>> had a FB account.
>>
>> The fact the I use Linux is not relevant to this, but it got me thinking
>> about Linux and security. I seems to me that the perceived wisdom about
>> this is as follows,
>>
>> 1 Right from the start Linux was written to be very secure
>
> More by accident than design. At least initially.
>
>> 2 Therefore it is difficult to write malware for it.
>
> There is lots of malware out there for Linux - rootkits have been
> adapted from other *nix platforms to run on Linux. If you can persuade
> a web server to run an arbitary program then you can get in. (e.g.
> many older versions of some big packages have vulnerabilities that
> allow uploading of php code which can then be executed - and you don't
> always need root to be able to do things like send spam or access
> local databases...)
>
>> 3 By comparison with other OS's there are not many Linux users.
>
> This is true. But... Maybe you ought to say 'desktop users' here.
> Linux probably outnumbers most things now - by virtue of it being what
> powers android.
>
>> 4 So, because of all the above, the bad guys don't bother with Linux.
>
> Yet.
>
>> 5 If Linux users happen to download a virus it will not cause a problem
>> (wrong OS).
>
> Not true. Some rootkits get in that way.
>
>> Now I don't think it is as simple as that, but I do think it would be
>> both interesting and useful to hear what other list members can tell us
>> about all this. The computer world seems to be getting more insecure and
>> dangerous every day, right?
>
> What's really neded is more education. That's the key - even for Win
> PCs, with the knowledge to stop your computer auto-execiting stuff in
> email, on erb pages, etc. you can do a lot for yourself even before
> the virus scanners check things.
>
> It's only a matter of time before the criminals start to target Linux
> with more gusto than they currently do.
>
> Gordon
>


Can we perhaps come up with something that can be used to teach computer
security to school children perhaps,  If I get this TA job it's
something that I would argue should be on the computer science curriculum. 

Is there a set of ideas that should be included in a module on keeping
safe on line,  tips tricks etc

e.g if you hover overf a link,  the bar at the bottom of th browser /
mail client will generally tell you the real place the link is going to,  

This isn't complex but how many people know about it,   it's little
things that make the difference.

Keeping safe is part of the curriculum anyway but it's important educate
parents,  so perhaps the exwick ark people can look in to helping us run
workshops on the topic,   aiming at pre-school parents would be an
excellent way of getting in before problems set in.

It would be something I can look in to to see if there IS a need,  and
if there IS,   perhaps as a group we can look in to helping draw
something up.

-- 




--
http://drupal.zleap.net
skype : psutton111
http://www.linkedin.com/pub/paul-sutton/36/595/911

http://www.raspberrypi.org
http://www.ubuntu.com


-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq