# # Improved OSes will improve security - won't they?
APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

It is going to get better, right?

I've removed advertising from most of this site and will eventually clean up the few pages where it remains.

While not terribly expensive to maintain, this does cost me something. If I don't get enough donations to cover that expense, I will be shutting the site down in early 2020.

If you found something useful today, please consider a small donation.



Some material is very old and may be incorrect today

© June 2008 Anthony Lawrence

Right now there are untold numbers of lobotomized machines that unknowingly do the bidding of their masters, whether that is adding to our daily pile of spam email or bonding together with other compromised machines in attacks against more resilient targets.

It's an ugly world, but it has to get better, right?

After all, Vista is far more secure than XP ever was and of course that holds true for Mac OS X and Linux too.. as the owners of those zombie machines replace and upgrade them, won't our lives get that much better? That much less spam, that many less 'bots able to be directed into a DOS attack?

Oh sure, there will be new infiltration vectors, so there'll be replacements.. but surely it will be less? If the new OSes can't guarantee their own safety, at least they should last longer against assault, shouldn't they?

Yes, I am trying to talk myself into this. No, I don't believe it any more than you do.


If you found something useful today, please consider a small donation.



Got something to add? Send me email.





(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

->
-> Improved OSes will improve security - won't they?

5 comments


Inexpensive and informative Apple related e-books:

Digital Sharing Crash Course

Take control of Apple TV, Second Edition

Take Control of Preview

Take Control of Numbers

Take Control of iCloud





More Articles by © Anthony Lawrence







Wed Jun 4 20:42:20 2008: 4299   MikeHostetler


I just found out that tonight I need to put a Windows machine permanently on the network at home. I haven't had a Windows machine in my house for, like, 10 years. Technically I have the machine now but it is not hooked up to the network now I need to.

So now I have to look at cheap/free firewalls and antivirus. Does anyone know of any good open source firewalls for Windows? I'm not concerned about stuff going out -- just stuff coming in. The user can do whatever they want, AFAIC.



Wed Jun 4 21:36:22 2008: 4300   TonyLawrence

gravatar
Your firewall should be on the network, not on the machine.

And it should be concerned about outgoing - for example I block port 25 outbound at most sites except to the designated mailserver (so that compromised machines can't become spammers without us knowing it).



Thu Jun 5 00:42:03 2008: 4301   badanov


Try ' (link) Netgear

I use the FR114P and i swear by these things. Easy to use with a nice set of in and outbound firewall rules.



Thu Jun 5 01:23:39 2008: 4302   MikeHostetler


Thanks for the pointers.

This machine is strictly for some data-entry work my wife is doing, but we just discovered that her boss will occasionally email stuff to her. She gets other updates via floppy. Don't ask about the details, but the overall effect reminds me of 1990.

I have a linksys router that doesn't allow much in, and an unroutable IP address, because I refuse to pay my ISP's price for one. Nor do I want to buy much more. But blocking port 25 to the outside is a good idea, in case any nasties get in there.

Thanks as always . . . good advice and good thoughts is why I read aplawrence.com.



Thu Jun 5 03:20:08 2008: 4303   drag


I have a Windows OS, just for completeness, that I keep on my Linux machine and run in a VM.

I don't really use it for anything right now, but they gave me a Windows machine for work (which I installed Debian on and use almost exclusively) so I figure I need it for something.

The Linux machine acts as a NAT firewall for it, literally. I have some simple routing rules for my 'internal' virtual network and such. I use VMs for more then just Windows so I have a virtual ethernet switch I have setup and all that happy stuff.

I can optionally run it in 'snapshot' mode so that when the VM runs it makes no changes to the original drive image. Once the VM is shutdown all changes are lost. This is nice if I have to deal with any questionable software.

Also USB passthrough from the host to guest works. This way I can attach a USB device, like a USB floppy drive, to my laptop and then 'connect' it to my Windows guest running in the VM. It sees the USB device and loads up the drivers and everything, just like real hardware.

I use Linux KVM for this. But most people will prefer Virtualbox on Linux. It's much more slick. Other OSes have similar things, like Parallels for Mac. Everything I just described is quite possible for half a dozen other sort of VM technologies.

------------------------


Printer Friendly Version

Have you tried Searching this site?

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us


Printer Friendly Version





I think a nerd is a person who uses the telephone to talk to other people about telephones. And a computer nerd therefore is somebody who uses a computer in order to use a computer. (Douglas Adams)




Linux posts

Troubleshooting posts


This post tagged:

Security



Unix/Linux Consultants

Skills Tests

Unix/Linux Book Reviews

My Unix/Linux Troubleshooting Book

This site runs on Linode