On 12/8/2010 9:21 AM, Lamar Owen wrote: > On Tuesday, December 07, 2010 06:29:44 pm Les Mikesell wrote: >> I think you've missed the point that 'all that stuff' (being traditional unix >> security mechanisms) are not all that insecure. It is only when you get them >> wrong that you need to fall back on selinux as a safety net. And if you can't >> get the simple version right, how can you hope to do it right with something >> wildly more complicated? > > Alright, pray tell how I, a desktop Linux user, can, without VM's and without having to switch users, protect my files from a PDF attack through Adobe Reader? Don't run software you don't trust. Keep the software you run up to date. Don't open files you don't trust. > Or a surf-by web infection (NoScript can help; NoScript is also a pain)? Don't visit web sites you don't trust with browsers that auto-execute stuff. >But the desktop security use case often gets short shrift, and thus I raise that banner, being that I have been a desktop Linux user for 13+ years) Does the default configuration cover the cases you present? Or are you suggesting that every user needs the equivalent of a 4 day/$3K training course to be able to secure their linux distribution? -- Les Mikesell lesmikesell at gmail.com