[wellylug] A little project.... : The pragmatic approach
Bret Comstock Waldow
bwaldow at alum.mit.edu
Sun Jul 21 10:56:55 NZST 2002
Lorraine Offord & Tony Wills wrote:
> In pragmatic terms the solution to 2020s problem is very simple - just
> give
> the groups the machines as is, there is always someone (friend, workmate,
> relation) who can install an operating system, and someone always comes up
> with the requistic software packages (strangely enough the same packages
> that they have at home/work etc ... which is also very convenient as
> they're the packages that they are familiar with and can support ;-)
>
> And you shouldn't underrate the need for ongoing support. If you're going
> to give them something they have no internal expertise with (whether it be
> a non-M$ email program or something a little nearer guru land), you're
> also
> going to have to supply support (remember these guys can't afford a decent
> PC let alone pay for support).
>
> If they want to go against an NZ tradition they could actually spend $100
> and buy second hand Win95 and M$ Office 95, which run extremely well
> on the
> confines of a fast 486 or slow 586. (Pity Win95 doesn't run extremely
> well ;-)
Has anyone given thought to security on these machines? Yes, I've read
there are fewer viruses for GNU/Linux, too but that's by far not the
only concern.
Non-profits have accounts too - do we want to be the people who deliver
machines that are easily compromised? Are we prepared to set up
firewalls, Trojan traps, and the like? As an identifiable group,
evangelizing GNU/Linux, we associate that name with any negative results
as well, so we have to take the steps to make sure negative results
don't occur.
On M$ software, I can get free anti-virus programs, and free updates
(Grisoft - AVG), and free firewall (Zone Alarm). Maybe I can rely on
them and maybe I can't.
Can you set up a Linux firewall? On SuSE, it's easy with their basic
firewall - just answer "yes" to block all incoming connection - and that
may not be enough. With Linux, it's DDoS trojans and spyware that
matters more - and those look just like email coming in - they are
outbound connections when they deploy.
How will the Women's Shelter clients feel about a compromise on their
machine (many of these women are hiding from someone)? What if (and I
think this sort of thing is likely soon - it is already cropping up in
the news) 400 similarly configured machines (from the WellyLug) turn
into zombies launching a DDoS attack against Australian Govenment
websites? It'll be a great news story that night - "Wellylug denies
responsibility".
Who will these people get to maintain their computers? Bright teenage
children of one of the workers ("I think it's wonderful he wants to help
out")? What will those teenagers do (besides be handed the root
password so they can fix things)? Are we prepared to unravel scrambled
configurations commited by well meaning but naive volunteer computer
"experts"?
How do you fix a broken GNU/Linux system? Who has the expertise
commonly? I'd want to provide a stripped down custom install on a
non-rewriteable CD - many of these people don't have the *time* to learn
how to configure a GNU/Linux distro, and many don't have the background.
Remember, we are a self-selected group - we have technical backgrounds,
or we are willing to commit to acquiring one as we go along.
Yes, many of these problems will occur just as much with M$ systems, and
most people survive, but we're not giving them Windows 95, we're giving
them Window 4.0 NT Server with IIS. NT and GNU/Linux come with
Administrator accounts - a driver's license won't do - you need a
pilot's license.
I know I sound like the Voice Of Doom here, but I just wanted to ask if
people had considered these issues.
I am receiving surreptitious embedded code in emails two or three times
a week now - they come right through the firewall and past the sleeping
virus scanner. A 0 x 0 .gif object is likely spyware or worse, and CGI
triggers on GNU/Linux browsers just fine. I get embedded ".pif" files,
and ".bat" files that consist of code rather than text commands.
GNU/Linux has some security advantages, but it's not invulnerable, and
it's starting to become a more attractive target.
Don't mind me, I'm starting to study computer security.
Bret
------------------------ Yahoo! Groups Sponsor ---------------------~-->
Will You Find True Love?
Will You Meet the One?
Free Love Reading by phone!
http://us.click.yahoo.com/O3jeVD/R_ZEAA/Ey.GAA/0XFolB/TM
---------------------------------------------------------------------~->
.-. Wellington
/V\ Linux
// \\ Users
/( )\ Group
^^-^^
http://wlug.paradise.net.nz/
To unsubscribe from this group, send an email to:
wellylug-unsubscribe at egroups.com
Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
More information about the wellylug
mailing list