[wellylug] A little project.... : The pragmatic approach

Bret Comstock Waldow bwaldow at alum.mit.edu
Sun Jul 21 10:56:55 NZST 2002


Lorraine Offord & Tony Wills wrote:

> In pragmatic terms the solution to 2020s problem is very simple - just 
> give
> the groups the machines as is, there is always someone (friend, workmate,
> relation) who can install an operating system, and someone always comes up
> with the requistic software packages (strangely enough the same packages
> that they have at home/work etc ... which is also very convenient as
> they're the packages that they are familiar with and can support ;-)
>
> And you shouldn't underrate the need for ongoing support.  If you're going
> to give them something they have no internal expertise with (whether it be
> a non-M$ email program or something a little nearer guru land), you're 
> also
> going to have to supply support (remember these guys can't afford a decent
> PC let alone pay for support).
>
> If they want to go against an NZ tradition they could actually spend $100
> and buy second hand Win95 and M$ Office 95, which run extremely well 
> on the
> confines of a fast 486 or slow 586. (Pity Win95 doesn't run extremely 
> well ;-)

Has anyone given thought to security on these machines?  Yes, I've read 
there are fewer viruses for GNU/Linux, too but that's by far not the 
only concern.

Non-profits have accounts too - do we want to be the people who deliver 
machines that are easily compromised?  Are we prepared to set up 
firewalls, Trojan traps, and the like?  As an identifiable group, 
evangelizing GNU/Linux, we associate that name with any negative results 
as well, so we have to take the steps to make sure negative results 
don't occur.

On M$ software, I can get free anti-virus programs, and free updates 
(Grisoft - AVG), and free firewall (Zone Alarm).  Maybe I can rely on 
them and maybe I can't.

Can you set up a Linux firewall?  On SuSE, it's easy with their basic 
firewall - just answer "yes" to block all incoming connection - and that 
may not be enough.  With Linux, it's DDoS trojans and spyware that 
matters more - and those look just like email coming in - they are 
outbound connections when they deploy.

How will the Women's Shelter clients feel about a compromise on their 
machine (many of these women are hiding from someone)?  What if (and I 
think this sort of thing is likely soon - it is already cropping up in 
the news) 400 similarly configured machines (from the WellyLug) turn 
into zombies launching a DDoS attack against Australian Govenment 
websites?  It'll be a great news story that night - "Wellylug denies 
responsibility".

Who will these people get to maintain their computers?  Bright teenage 
children of one of the workers ("I think it's wonderful he wants to help 
out")?  What will those teenagers do (besides be handed the root 
password so they can fix things)?  Are we prepared to unravel scrambled 
configurations commited by well meaning but naive volunteer computer 
"experts"?

How do you fix a broken GNU/Linux system?  Who has the expertise 
commonly?  I'd want to provide a stripped down custom install on a 
non-rewriteable CD - many of these people don't have the *time* to learn 
how to configure a GNU/Linux distro, and many don't have the background. 
 Remember, we are a self-selected group - we have technical backgrounds, 
or we are willing to commit to acquiring one as we go along.

Yes, many of these problems will occur just as much with M$ systems, and 
most people survive, but we're not giving them Windows 95, we're giving 
them Window 4.0 NT Server with IIS.    NT and GNU/Linux come with 
Administrator accounts - a driver's license won't do - you need a 
pilot's license.

I know I sound like the Voice Of Doom here, but I just wanted to ask if 
people had considered these issues.

I am receiving surreptitious embedded code in emails two or three times 
a week now - they come right through the firewall and past the sleeping 
virus scanner.  A 0 x 0 .gif object is likely spyware or worse, and CGI 
triggers on GNU/Linux browsers just fine.  I get embedded ".pif" files, 
and ".bat" files that consist of code rather than text commands. 
 GNU/Linux has some security advantages, but it's not invulnerable, and 
it's starting to become a more attractive target.

Don't mind me, I'm starting to study computer security.

Bret



------------------------ Yahoo! Groups Sponsor ---------------------~-->
Will You Find True Love?
Will You Meet the One?
Free Love Reading by phone!
http://us.click.yahoo.com/O3jeVD/R_ZEAA/Ey.GAA/0XFolB/TM
---------------------------------------------------------------------~->

  .-.   Wellington
  /V\   Linux
 // \\  Users       
/(   )\ Group
 ^^-^^
        http://wlug.paradise.net.nz/

To unsubscribe from this group, send an email to:
wellylug-unsubscribe at egroups.com
  

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 




More information about the wellylug mailing list