Joshua Ebarvia has a point about security practices in the June 2009 Letters section, and I'm disappointed with the response. I think LM could do more to decrease the confusion among non-experts in this matter. Please consider the following questions:
"There has not yet been a single widespread Linux malware threat of the type that Windows software currently faces." (Wikipedia). Then, why do I see almost daily a warning to upload security patches?
Security precaution depends on the kind of computer work. To be specific, is it wise to shut down Internet connection when working as root? Or working with WINE? What is needed to be sure that financial transactions are secure, in particular when using wireless connection?
Looking at the flickering LEDs of my Internet adapter (modem) I get the impression that I'm out of control of data traffic. Most Window users long ago gave up to be in control of their PC, but Linux should not have to be so passive. Why can I not start a program that tells me what kind of data go in and out and enables me to stop unwanted traffic? Of course this interrupts computer work and should be used only to take test samples.
We take security seriously, and we try to cover it often. Recent issues of our magazine have discussed topics such as firewalls, encryption, intrusion detection, and one-time passwords. Our February 2009 issue included an article on some best practices for wireless connections. Although we offer lots of useful information for beginners, a magazine by nature is not structured like a HowTo document or an online Help page. If you are new to Linux, you might occasionally need to do some background reading to understand the underlying concepts. The INFO box included with many of our articles can help find resources.
Although Linux is well protected against viruses, worms, and other forms of the file and email threats known as malware, Linux systems are still vulnerable to network attack. The problems addressed in security updates typically relate to vulnerabilities in legitimate software, as opposed to malware programs, which are designed with the specific intent of breaking in or doing damage.
Several tools exist for controlling and monitoring network traffic, and those are exactly the kinds of tools we like to talk about. They do, however, tend to be advanced applications for experienced users. For instance, last month we had articles on the Portsmith authenticating firewall and the OSSEC intrusion detection tool.
The first issue of our new sister publication, Ubuntu User, is on newsstands now and includes an extensive Discovery Guide section for beginning users. Although the discussion focuses on Ubuntu, many of the topics discussed in the Discovery Guide are also applicable to other Linux systems.
Linux for Business
I'm starting up a business in maintenance services for industries and commercial buildings and I want to use state-of-the-art information technology based on Linux. But I have some questions that will help me decide whether I go for Linux or the other thing.
First, I depend on a few programs like SAP financial, an asset monitoring system named Datastream, and my maintenance technicians must use mini laptops in the field to make reports that are sent to base. All these applications are Windows based. Are there substitutes, or can I work with these applications in a Linux environment?
Robert van den Burg
HP's annual Cyber Risk report offers a bleak look at the state of IT.
But what do the big numbers really mean?
.NET Core execution engine is the basis for cross-platform .NET implementations.
The Xnote trojan hides itself on the target system and will launch a variety of attacks on command.
Spammers go low-volume, and 90% of IE browsers are unpatched.
Adobe scrambles to release patches for vulnerable Flash Player.
Four-inch-long computer on a stick lets you boot a full Linux system from any HDMI display device.
New statute would require companies to report break-ins to consumers.
Weird data transfer technique avoids all standard security measures.
FIDO alliance declares the beginning of the end for old-style login authentication.