| View previous topic :: View next topic |
| Author |
Message |
nss
Guru
Joined: 04 Oct 2004
Posts: 389
|
 Posted: Fri Jan 13, 2006 8:00 am Post subject: security status after install |
 |
|
I was wondering how secure gentoo is after installing. I was reading today about a little experiment where a computer was put online after a fresh install and was attacked after just four minutes by malicious software. I'd give more details on the article (it was in a back issue of MIT's Technology Review) but I don't have it nearby right now. It went on to say how common Internet attacks are, etc. etc. The article brought about extra concern for my newly installed system. After installing gentoo, I did not do much (or anything) in the way of security. Instead, I went right to installing third party software through portage. I've since been using the Internet regularly (mostly these forums and gmail, but other sites also). How concerned should I be?
Is freenode safe to use? I saw that it had a severe nuisancebot attack. Does this mean insecurity for it's users?
_________________
gentoo good to be true |
|
| Back to top |
|
 |
bec
Apprentice
Joined: 30 Sep 2004
Posts: 221
Location: Cali - Colombia
|
|
| Back to top |
|
|
DerCorny
Retired Dev
Joined: 26 Jun 2005
Posts: 14
Location: Oberhausen, Germany
|
| Posted: Sat Jan 14, 2006 1:03 pm Post subject: |
|
|
Gentoo should be pretty safe after an install. Usually portage is synced during the install, meaning that all packages which will be installed are up-to-date and hopefully secure. (In contrast to that one OS hailing from redmond, usually installed by using a more than 3yrs old CD with no fixes at all)
Freenode is as safe as your IRC client - if you use a well known one, it's probably well audited and secure.
_________________
There is nothing in the world more helpless and irresponsible than a man in the depths of an ether binge... |
|
| Back to top |
|
|
nss
Guru
Joined: 04 Oct 2004
Posts: 389
|
| Posted: Tue Jan 17, 2006 9:04 am Post subject: |
|
|
What does the appearance of this nuisancebot mean for the users of freenode?
_________________
gentoo good to be true |
|
| Back to top |
|
|
DerCorny
Retired Dev
Joined: 26 Jun 2005
Posts: 14
Location: Oberhausen, Germany
|
| Posted: Wed Jan 18, 2006 12:59 pm Post subject: |
|
|
They aren't a security threat for clients of the network, just annoying. They join big chans and post URLs they want you to visit or spam you in a query. Freenode staff does a pretty good job to keep them out, but thats not always possible. I guess every big IRC network has similar problems.
Btw, i'm in like 15chans in freenode and never had any problems with those bots.
_________________
There is nothing in the world more helpless and irresponsible than a man in the depths of an ether binge... |
|
| Back to top |
|
|
groovin
Guru
Joined: 07 Feb 2004
Posts: 429
Location: California, USA
|
| Posted: Wed Jan 18, 2006 6:39 pm Post subject: |
|
|
| DerCorny wrote: | | (In contrast to that one OS hailing from redmond, usually installed by using a more than 3yrs old CD with no fixes at all) |
with winXP, at least the firewall is on... but with 2k, you wont even have enough time to download and install zonealarm before your comp is infected (assuming no hw firewall). youd have to get zonealarm on a disk, install, then go online to get updates. they should add a footnote like that to their installation guide. |
|
| Back to top |
|
|
sirtalon42
Tux's lil' helper
Joined: 09 Aug 2005
Posts: 79
|
| Posted: Wed Jan 18, 2006 6:46 pm Post subject: |
|
|
| groovin wrote: | | DerCorny wrote: | | (In contrast to that one OS hailing from redmond, usually installed by using a more than 3yrs old CD with no fixes at all) |
with winXP, at least the firewall is on... but with 2k, you wont even have enough time to download and install zonealarm before your comp is infected (assuming no hw firewall). youd have to get zonealarm on a disk, install, then go online to get updates. they should add a footnote like that to their installation guide. |
Only WindowsXP SP2 has the firewall on by default. SP1/original didn't. |
|
| Back to top |
|
|
docster
n00b
Joined: 17 Jan 2006
Posts: 27
|
| Posted: Wed Jan 18, 2006 6:52 pm Post subject: |
|
|
Hehe, well, once apon a time we installed Mandrake Corporate Server to play around with at the data center. It was late one night and we just installed from the cd and did'nt really have time to update it properly. The following morning it had a root kit on it with an irc bot running  |
|
| Back to top |
|
|
groovin
Guru
Joined: 07 Feb 2004
Posts: 429
Location: California, USA
|
| Posted: Thu Jan 19, 2006 4:25 am Post subject: |
|
|
| docster wrote: | | Hehe, well, once apon a time we installed Mandrake Corporate Server to play around with at the data center. It was late one night and we just installed from the cd and did'nt really have time to update it properly. The following morning it had a root kit on it with an irc bot running |
yeah, no system is perfect... but my friends once left an unpatched windows box online over night after a fresh install... by morning we saw that the machine had been hacked several times and already had a good amount of pR0n on it! |
|
| Back to top |
|
|
|
Networking & Security
