[wellylug] Opensouce "infectious" and should be "Quarantined" - NZ Government..

Mon Mar 13 09:21:05 NZDT 2006

Gerald Roehrbein wrote:

>Hello David,
>
>mir geht es fein. Danke Dir. 
>I'm fine. Thank you.
>
>I will try to answer your question. 
>
>
>  
>
>>How can a user be running any activeX code when they are using Linux?
>>    
>>
>
>The short answer to this is: No.
>
>I do not like to answer the question asked only because if I would do so
>I would ignore the complexity of the problem we talk about.
>
>The long answer is:
>
>A user can not use any activeX if using Linux but he can use Java. If
>download is allowed in a Companies network than this will be a risk in
>any homogeneous Linux or Windows environments and in heterogeneous also
>as described earlier.
>
>Using Java can be a risk for anyone (depending on the JRE).
>  
>
Yes, Java can have vulnerabilities as the enapsulation of Applets can
never be perfect. If you worry about this, then you can disable Java in
your browser. It's easy enough to do.

>In my opinion it's a failure to belive blind in Linux. I'm using Linux
>since the first releases of Caldera and I've never had any problems with
>hackers since that but: 
>
>Safety first!
>  
>
I would agree that you should never believe blindly in the security of
any system, whether that be your PC, your office swipecard system, or
your postal system. All of these, however, are very useful and a certain
amount of trust is always necessary. Security should be treated as a
risk management issue, not something that must achieve perfection at any
cost.

>There are safety and security risks. All the time! You can not be sure
>not already been hacked. We should always remember that there is no safe
>computer or network!
>  
>
Entirely true.

>I don't know the way the word "paranoid" is used in NZ. In US books this
>is often used if talking about security. If you would say in Germany a
>good admin should be "paranoid" you will be punished.
>
>In my opinion a good admin must be a little bit "paranoid". Do not trust
>anything if you have valuable data in your network.
>  
>
Paranoia can be either constructive or destructive, depending on how you
approach the issue. I agree that trust should be given sparingly, but I
also think that some risks are too small to be worth time worrying over.
Ultimately there are some things that just have to be trusted.

>
>
>
>
>kind regards
>Gerald
>
>P.S.
>
>Are you able to understand my broken english? I've just a few problems
>using the tenses and the word order. I'm very sorry. I need a little bit
>more practice. But you can write anything you want in english. I'm able
>to understand written english very well. 
>  
>
Your written english is very good.

Cheers,

Timothy