[Gllug] p2p programs

Simon Morris mozrat at gmail.com
Mon Nov 14 09:08:59 UTC 2005 

On 14/11/05, Shakthi Kannan <cyborg4k at yahoo.com> wrote:

> --- Simon Morris <mozrat at gmail.com> wrote:
> > A fully
> > patched Windows
> > machine with anti-virus and a firewall is secure
> > enough.
>
> ROFL. How can you tell without even looking at the
> source code? Abracadabra?

Please continue to roll on the floor laughing, but stop whilst I ask
you this question.

Honest answer please.

When was the last time you read the source code for any Linux kernel
or application before using it to ensure it is secure? If so, which
application did you do a source code audit on?

> A majority of windoze users believe that their system
> is secure because they feel they have blocked ports or
> have anti-virus or some firewall settings enabled. You
> cannot tell without looking at the source code of all
> of them. The problem still persists with ports that
> are open.

 I didn't understand that sentence fully.. "looking at the source code
of all of " what exactly?

> When an application, having a buffer overflow problem,
> for example, makes a request to the outside world
> through an unblocked port, there is serious problem.
> Firewall or anti-virus don't come in the picture here.

Yes, here I agree with you. Most firewall packages don't do enough
outbound packet filtering probably because it is quite intrusive for
the applications you are running.

However this is true of both Windows firewalls and IPTables (if you
configure it during the installation on SUSE etc)

This thread is way away from the OP's question, but your email seems
to suggest I am a Windows apologist. I am not..

Having the source code for the software I use is an essential part of
my freedom but I don't consider it a security benefit at all really,
from the point of view as a home user

I can't understand 99% of the code that is written for my computer. I
understand fairly basic Python and Perl so all of C and Mono code etc
is of no benefit to me.

If I were a Windows user I would put my trust in MS to provide patches
for security holes. As a Linux user I put trust in my distro provider
and the upstream projects to keep me safe

--
~sm
Jabber: mozrat at gmail.com
www: http://beerandspeech.org
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

More information about the GLLUG mailing list