On Wed, Jul 9, 2008 at 2:00 PM, Jim Henderson
But if those things have to be initiated by the user - just like a virus - then why do we need AA? We didn't need it 5 years ago, right?
Isn't that somewhat the same argument now about AV - we don't need it now, so we'll never need it? And since we'll never need it, there's no use in discussing options for OAS for AV?
The same solutions proposed in lieu of OAS for AV on Linux could also be applied to AppArmor. People back their systems up, badly behaving programs have to be changed to be executable before the user can run them and they must be invoked by the user, so before the user invokes an unknown program, they should back their stuff up in case it destroys their files, etc, etc, etc.
I don't see how logically one can be said to be needed and the other isn't.
The difference is in the price. O-A-S is expensive (as system resources). While there are other, less expensive solutions (on-write check, on download check, on email receiver check, on document/macro open check, AA), etc., there is no need to nail a fly with a hammer. Also, as I said - this is decision, made by kernel devs, in part maybe because the dazuko implementation is too intrusive, or dazuko people did not present their case properly, or they did not commit to support their part after the inclusion. All these are speculations, as I did not went out of my way to check what and why happen. Anyway - the kernel is open source - anybody can make modifications to it. If there is a linux distro, which wants to go out of their way and offer ultra-virus-protected system, they can use modified kernel, with dazuko included. If antivirus vendor wants their product used undel linux (and convince enough people to use it), they can spend some resources to prepare enough kernel patches for every kernel out there. After all, Nvidia finally saw it, and now they prepare their drivers with every kernel update I receive for opensuse. So, complaining that the kernel does not include this and that - especially when dazuko is mostly used by a closed-source application (is antivir open-sourced?). As I said before - most of this conversation should happen on kernel dev list, not here. And even for opensuse (and SLED/SLED) there is more appropriate way - file a bug, vote for it, let others vote for it. Novell will listen, and decide. Creating a thread which already has more than 100 posts, which can be shortened to fit in 10 arguments pro and cons is useless waste of time, network bandwidth, diskspace, and people's time. There's another thing as well - antivirus solutions just make feel people safer, w/o adding too much of a protection. Usually the people, which do not care do not update their definitions regulary, and on the top it, "being protected" means for them that they can download and run whatever garbage they can set their hands on. So, again - it is a balance of the cost - I would better prefer some kernel devs to work on and create a more stable kernel, which works with better and newer hardware, that to waste their time on a such a low impact subject. But everybody else if free to change/modify/use whatever solution which will make them happy. And they have all the information they need - the kernel is opensourced, has a release cycle, what changes are going to be put in the next release are well known, etc. Cheers -- Svetoslav Milenov (Sunny) Even the most advanced equipment in the hands of the ignorant is just a pile of scrap. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org