[Linux-aus] Security practices (Was: Stand up for Linux..)

[David Newall]

On 23/09/11 22:14, Adam Nielsen wrote:
> I for one would gladly sign my newly compiled Linux kernel for the increased
> security it could offer.  Having recently had to clean up a rootkit, I look
> forward to the day when I can set my system up so that even root can't run
> binaries unless they've been signed by my distro.

It adds little security.  The biggest threat vector isn't rootkits that 
netcopy themselves about; it's users who run programs which they 
download from almost any random place.  I refer to use of web, and to a 
lesser extent email.  Consider: Google sell advertising, and are 
probably as pleased with roubles from hakd.ru as from anyone else.  
Advertisers can give Google a little picture, or JavaScript, maybe Java 
or flash, and Google give it to you when they serve the ad.  Is there a 
better example of a program downloaded from almost any random place?  
Does your browser your run it?

You might hope sandboxes, which are slowly being added to browsers, will 
solve the problem, but the need for them has been known for over a 
decade, in Java, so I am not hopeful.  The risk is by no means limited 
to HTML applications and the mind-set is that of course you want to run 
these applications.

Compromise the browser and it's a matter of time before you've 
completely got the user's account; and then, finally, Administrator, 
root or nom du Jour de Dieu.

There is something simple that you can do which adds massive security.  
Configure your browser to NOT run random programs ("scripts.")  It's 
true that 90% of the web stops working when you do that, so you need an 
easy way to say which (i.e. whose) programs you do want to run.

If you only do one thing to improve security this year, don't sign your 
kernel: Run Firefox with NoScript instead.  As an aded bonus (pun 
apparently intended) it seems to knock out all of the advertisements, 
too.  (How unsurprising that malware and advertisements spread via the 
same vector.)