Re: [malware-list] [RFC 0/5] [TALPA] Intro to a linux interface foron access scanning

[Rene Herman]

On 08-08-08 13:58, Press, Jonathan wrote:

> Just an observation about this...
>
> Since I earn my living on the basis of users, clueless or not, I've
> gotten into the habit of just taking them as they come and trying to go
> out of my way to not refer to them as clueless -- except in a few
> specific and particularly annoying cases.

You say that as though you feel that calling someone clueless were a bad 
thing. There are tons of subjects I'm completely and utterly clueless 
about and very happily so. But, as you say, that's not the point...

> But that's not my point.  My point is that Linux has become a
> commercially viable environment with a lot of enterprise users, with a
> significant number of enterprises are standardizing on it, or at least
> officially supporting/allowing/encouraging its use.  Because of that,
> for example, we have a significant number of user issues coming in that
> indicate that there are actually plenty of clueless Linux users, whether
> the OS was intended for them or not.

But not users with root access, which is the context in which my own 
remark was. Enterprise users in corporations are not what I call the 
desktop; I'd generally call those workstations, with the desktop being 
your average home PC with the enormous amounts of cheap and buggy 
hardware and the definite lack of central IT management.

It's also dependent on country. Over here in the Netherlands, corporate 
adoption "on the workstation" is very low (and seemingly dropping again 
after some initial attempts in local government) and adoption on the 
desktop is for all intents and purposes 0. It's different especially in 
eastern-europe.

Funny that really, how all that Free as in Speech stuff mostly works for 
people without money...

> The fact that they are there is the main reason that Red Hat and Novell,
> for example (at least by my observation from the outside -- I can't
> speak at all about how they see if from the inside) seem to be putting
> the bulk of their efforts into their enterprise editions, as opposed to
> their traditional technologist editions.
>
> The bottom line, then, is that there ARE way more clueless Linux users
> out there than there used to be, which makes them a) vulnerable to
> losses by virtue of their own mistakes, and b) vectors for the spread of
> malware.  Which is kind of why we're here.

Right, so that, then, is a threat model. I myself believe you are here 
mostly to guard against 11-year old girls installing infected 
screensavers of horses which given the fairly low adoption of Linux by 
11-year old girls says something about my view of things.

But, yes, as I myself said as well, it might be sensible to discuss this 
issue simply _as if_ lots of users were brushing their My Little Pony's 
while waiting for their kernels to finish compiling if you're designing 
something that _should_ protect them if they were.

Goes back really to the threat model question you were asked I guess.

Rene.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/