Hi! Am Tue, Aug 22, 2000 at 10:40:32AM +0200 schrieb Thomas Biege:
we don't sell a hyper-secure Linux, we sell a nearly complete and useable Linux. we have to go the small path between security and useablity, and in my opinion we do that very well.
...
that's ok, because you know what's dangerous, but the unexperienced users just sees a not working system if we disable all services and remove all sbit's.
As Thomas' statement shows, the real problem is that the avarage user still is not aware of the security issues. SuSE wants to sell their distribution so they have to sell what their customers want and that is usability, not security. If the attitude of the customers will change one day (which might - after all - happen, as the last months have shown), a "more secure" tradeoff between security and usability is feasable, but probably not now. In my opinion this is very very sad but it is the facts. So do not blame SuSE, try to raise security awareness among the users! (As Thomas said: They cannot ship brain with SuSE.) But as an aside:
if users use unencrypted traffic it's their fault.
Yes, Thomas, but you have to admit that they simply do not know what they are doing. Did you ever try to explain cryptography to a secretary? If you would rename ssh to telnet, most users would not ever notice, I bet :-) !
Hrhr... 'secure by default' nice buzzwords.
Oh, and by the way, "secure by default" or better "failsafe defaults" is not a buzzword but one of those very important security prinicples which have been ignored for several decades :'-( Best regards Johannes Geiger ----------------------------------------------------------------- Dipl.-Inform. Johannes Geiger geiger@informatik.tu-muenchen.de Technische Universität München http://wwwspies.in.tum.de/~geiger Fakultät für Informatik Tel.: 089/289-25723 Fax: -22037 D-80290 München Raum 3544, Eingang XI (Ecke Luisen-/Theresienstraße), 3. Stock -----------------------------------------------------------------