Omer Zak wrote:
As far as I understand, the reason why Oded started this thread was to be the installer, not the sysadmin.
While the user is naive, the installer (his sysadmin) is not.
The suggestion to use a dedicated router eliminates two important advantages of DIY (Do It Yourself) Linux installation: 1. Access to security updates under your control and at your pace.
Exactly what I am talking about. He doesn't need security updates. (Before you punch me at the face, keep in mind, that I'm not talking about linux geeks like us, but about average home user).
The average home user has one major security concern: he doesn't want to be attacked by all those Windows worms out there. Having NAT, it's not a concern. He needs to explicitly open the RPC (SMB, uPNP, etc, etc) port on the router in order to have his PC infected. 99% of home users will never do it. Those who will -- smart enough to be responsible for their actions.
All the linux security updates are also irrelevant here. It's not that the attacker will obtain shell on the router and then attack the home network or "execute arbitrary code" via remote vulnerablity. I doubt that these routers even allow remote access. Why would they?
If you can scan vast ip ranges and find thousands of windows machines yelling "hack me!", the potential cracker won't bother looking for a specific openssl vulnerability in specific firmware version of a specific model of some taiwan company.
> 2. Ability (in principle) to audit the router's software to ensure > that there are no hidden backdoors.
Backdoors by whom? The manufacturer wouldn't intentionally leave backdoors -- he cares too much about its reputation. It must be relatively easy to check what is in there. And if such a thing comes out, he will instantly be out of business. And all to be able to steal a precious mp3s collection from poor home user.
Forgot to state something important in my original mail. The dedicated router is much more reliable and practical. PCs tend to have hardware failures, consume much power, take space, make a lot of noise, accumulate dust etc.
================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
