Mailinglist Archive: opensuse-security (601 mails)
| < Previous | Next > |
Re: [suse-security] Re: Secure By Default - PLEASE!
- From: Alex W Twisleton-Wykeham-Fiennes <alex.fiennes@xxxxxxxxxx>
- Date: Tue, 22 Aug 2000 14:19:05 +0200
- Message-id: <00082214190502.16033@moebius>
> As Thomas' statement shows, the real problem is that the avarage user still
> is not aware of the security issues. SuSE wants to sell their distribution
> so they have to sell what their customers want and that is usability, not
> security. If the attitude of the customers will change one day (which might
> - after all - happen, as the last months have shown), a "more secure"
> tradeoff between security and usability is feasable, but probably not now.
> In my opinion this is very very sad but it is the facts. So do not blame
> SuSE, try to raise security awareness among the users! (As Thomas said:
> They cannot ship brain with SuSE.)
i've been following this discussion and i agree with both sides of the
argument. however, the question is what is the easiest way to educate the
users and make them aware of the choices that they are choosing during the
installation of the operating system.
currently we have a situation where the user can select the 'style' of
installation that they choose when they perform the installation (all,
minimal, server etc etc), but it might help raise the user awareness of what
is being installed if there was a _short_ readme linked into each of the
installations that would detail what issues are connected with the
installation and what would actually be installed by default. in this way
the newbies could make a more 'educated' guess as to which installation they
want and would be less surprised when somebody exploits a service that they
where already running (without their knowledge).
this would also help to introduce the newcomers to linux that they are
actually running an OS that does have a network presence and which can be
used (and abused) by other computers without your knowledge. most of this
discussion boils down to education and the best point for education is at the
install point (especially relevant after all the discussions concerning
default passwords for SQL server on slashdot recently).
just my 0.02 euros.
Alex
> is not aware of the security issues. SuSE wants to sell their distribution
> so they have to sell what their customers want and that is usability, not
> security. If the attitude of the customers will change one day (which might
> - after all - happen, as the last months have shown), a "more secure"
> tradeoff between security and usability is feasable, but probably not now.
> In my opinion this is very very sad but it is the facts. So do not blame
> SuSE, try to raise security awareness among the users! (As Thomas said:
> They cannot ship brain with SuSE.)
i've been following this discussion and i agree with both sides of the
argument. however, the question is what is the easiest way to educate the
users and make them aware of the choices that they are choosing during the
installation of the operating system.
currently we have a situation where the user can select the 'style' of
installation that they choose when they perform the installation (all,
minimal, server etc etc), but it might help raise the user awareness of what
is being installed if there was a _short_ readme linked into each of the
installations that would detail what issues are connected with the
installation and what would actually be installed by default. in this way
the newbies could make a more 'educated' guess as to which installation they
want and would be less surprised when somebody exploits a service that they
where already running (without their knowledge).
this would also help to introduce the newcomers to linux that they are
actually running an OS that does have a network presence and which can be
used (and abused) by other computers without your knowledge. most of this
discussion boils down to education and the best point for education is at the
install point (especially relevant after all the discussions concerning
default passwords for SQL server on slashdot recently).
just my 0.02 euros.
Alex
| < Previous | Next > |