Posted by: Anonymous Coward
on June 03, 2006 06:54 PM
Secrurity in the average users hands is dangerous, Period.
Just by saying don't run this or that... well, before long you run into the average non-tech office idiot whose eyes glaze over when describing how to use a mouse... but who you have to teach how to use a mouse because she has been with you for 20 years and does a wonderful job at customer serice (or whatever). So - now she has a computer and as time goes along she gets an attachment from what appears to be some file that she should open and use (this is what happens).
And - there goes your security.
Certain file types should be excluded from use for certain classes of users by rules (maybe the NSA Security Enhanced Linux could be set up to deny at the system level the operation of certain files for classes of users who should never be using a computer system except for the reason that they have to... and to be able to take the weapons of destruction away from them by allowing only certain system rules that governs what they can and can't do). The actual code in a certain macro could be approved for company use where only that code could run... other macros from outside the rules could be excluded.
Learn about Linux
Download Linux
Get Linux help
Users making security decisions is dangerous.
Posted by: Anonymous Coward on June 03, 2006 06:54 PMJust by saying don't run this or that... well, before long you run into the average non-tech office idiot whose eyes glaze over when describing how to use a mouse... but who you have to teach how to use a mouse because she has been with you for 20 years and does a wonderful job at customer serice (or whatever). So - now she has a computer and as time goes along she gets an attachment from what appears to be some file that she should open and use (this is what happens).
And - there goes your security.
Certain file types should be excluded from use for certain classes of users by rules (maybe the NSA Security Enhanced Linux could be set up to deny at the system level the operation of certain files for classes of users who should never be using a computer system except for the reason that they have to... and to be able to take the weapons of destruction away from them by allowing only certain system rules that governs what they can and can't do). The actual code in a certain macro could be approved for company use where only that code could run... other macros from outside the rules could be excluded.
see: <a href="http://www.nsa.gov/selinux/" title="nsa.gov">http://www.nsa.gov/selinux/</a nsa.gov>
#