Come join our Linux/Computer/Tech online meeting this Saturday

[Wayne]

Time: Saturday, June 5th, 11:00AM PT
Location: https://meet.jit.si/FeltonLUG

Possible topics include:

1) These days we all need good anti-virus protection, and that includes protection for our computers as well. Let's discuss what's available, such as ClamAV, and how or why we might go about using it.
2) Robby is hoping to demonstrate some of the various desktops available for Linux, including Cinnamon, MATE, LXQt, XFCE and others.
3) As always, bring your questions and tech-related topics to share.

Hoping to see you all there.

[Rick Moen]

Quoting Wayne (Wa...@TradeTimer.com):

> 1) These days we all need good anti-virus protection.

Speaking as a senior sysadmin and Linux greybeard, I deny the premise.
In detail. Here: http://linuxmafia.com/~rick/faq/#virus

Also:
http://linuxmafia.com/~rick/lexicon.html#moenslaw-security3

Moen's Third Law of Security

"Malware is _not_ a security problem; malware is a secondary _after-effect_
of a security problem."

People who focus on particular exploits against particular
vulnerabilities (or worse, software packages like "anti-virus software"
that do so) have already lost the security battle, because they aren't
focusing on what's important — which is correcting their own strategic
errors that make those recurring vulnerabilities possible (and
inevitable). Marcus Ranum described what is important perfectly, in his
essay "What Sun Tzu Would Say"
http://www.ranum.com/security/computer_security/editorials/master-tzu/):

o Run software that does not suck.
o Absolutely minimize Internet-facing services.

[...]

> Let's discuss what's available, such as ClamAV, and how or why we
> might go about using it.

I'm sad that people are still trying to hunt down minor after-effects of
security failures, instead of _addressing_ those failures, after all
these years.

Now, if you were to talk about IDSes (intrusion detection systems), that
would be more savvy, in my opinion.

[frankt1]

Rick,

That view makes a lot of sense to me!
Brings up the question of why you would use a vulnerable OS (Windows) and then bolt on some protection as an afterthought.

Frank

> --
> You received this message because you are subscribed to the Google Groups "Felton LUG" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to felton-lug+...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/felton-lug/20210607091301.GH12541%40linuxmafia.com.

[Jim Warner]

Rick's FAQ is an interesting read. But set aside some time -- it's sort of long. I followed the Sony rootkit discussion and it sure brought back memories.  

[Rick Moen]

Quoting 'Jim Warner' via Felton LUG (felto...@googlegroups.com):

> Rick's FAQ is an interesting read. But set aside some time -- it's sort of
> long.

_Seriously_ long. ;-> It grew over many years (1995 to the present),
in part through my adding tweaks and additions as people argued with it
or found creative ways to misunderstand what I was saying.

> I followed the Sony rootkit discussion and it sure brought back
> memories.

I indirectly referred to the Sony rootkit in this passage:

(And, by the way, what's going to protect you from subverted or
just dangerously defective [link] virus checkers, themselves wielding
superuser authority? Hmm? And why on earth would we entrust our system
security to ethically suspect firms who demonstrably [link] — and please
note that both anti-virus and also commercial security-monitoring firms
(with honourable exceptions ClamAV and F-Secure [link]) were culpable in
that hyperlinked example of corrupt collusion — have a tendency to sell
their own customers down the river?)

The latter two links were to coverage of the 2005 Sony rootit scandal.
Only part of the scandal involved the fact that Sony BMG Music
Entertainment included MS-Windows malware on music CDs so that, if
you tried to play the music on a Windows box, the malware ran and
rootkitted your Windows box. That wasn't the biggest scandal aspect,
nor was the fact that Sony lied when caught at it.

The real scandal was that, of the major antimalware publishers for
MS-Windows in 2005, it turned out that only the two mentioned detected
and alerted on the Sony malware. _All of the others_ had been
obviously, deliberately induced by their publishers to ignore the Sony
malware and tell the user nothing about this sabotage of the user's
security -- even though First4Internet Ltd.'s XCP rootkit was well known
to them and corrupts Windows internals.

The point is that Symantec and all of others (except for F-Secure and
ClamAV, as honourable exceptions) on at least one occasion went out of
their way to shaft the users paying for Windows antivirus/antimalware
software, to deliberately do nothing about detected security compromise
by malware -- for no better reason than their deciding that Sony's
corporate interest was more important than that of their paying
customers.

So -- again, my point -- even if we assume that virus-checkers are
competent, please remind me again about why we should trust them to
work for us, when they've been caught doing the opposite.

The first link in the indented paragraph ("dangerously defective")
questions the "competent" bit, too: It's to an article about at 2005
Black Hat Briefings presentation in Las Vegas, where researchers
demonstrated how popular antivirus suites _create_ exploitable security
holes usable to break into the systems they're designed to protect.
Diseaase, meet cure: Shake hands. You're going to get along great.

[Wayne]

Time: Saturday, June 19th, 11:00AM PT

Location: https://meet.jit.si/FeltonLUG

Possible topics include:

1) POP OS 21.04 COSMIC desktop environment
2) KDE Plasma 5.22 has been released
3) Best encrypted email service, ProtonMail with a new interface
4) Checking CPU temperatures - a hot topic?
5) Stopping SNAP
6) As always, bring your questions and tech-related topics to share.