On Saturday 19 January 2002 10:47 pm, you wrote: > Actually I would rather hope AOL would alter the Red Hat build into > something that isn't so exploit friendly. What makes the Red Hat build so exploit friendly anyway (compared to other distros)..the newbie asks? >I would be gravely concerned if > the stock Red Hat build was put out there for the general AOL user. Those > users should be using something that is pre-locked down. The code ought to > be audited and it should be configured so that it can exist for long > periods of time on the internet without requiring constant patching. I frequently see patches for many Linux applications designed to fix security holes. Exactly how would AOL implement these many applications in the distro and provide perfect auditing when the developers seem to often miss security holes themselves? I could be wrong since I am really new to Linux, but I see security patches all the time. However, script kiddies don't seem to exploit them, (unlike Windows) so very little attention is made of it. >As long as the various Linux/GNU system exploits keep coming it makes the > environment undesirable for non-hobbiest/corporate settings. My point exactly. Linux, with all it's security measures, still seems to have it's share of problems. I often see the term on this list; " security is a process not a product". But the average public seems to think Linux "the product" is more secure than Windows "the product". Am I wrong here? The idea of a process completely eludes most new Linux users. Considering the complexity of security measures, can the average desktop (home) user really be expected to provide the level of expertise necessary to secure his/her own PC? People at home rely on security products, and companies continue to serve them. The idea that security is a process and not a product is not at the forefront of a home users concerns. They will look to products like Norton or Zone Alarm for protection. Even though they may mistake the level of protection offered. In the end, I really don't think most new users of Linux will embrace the idea of "security as a process". They expect the OS to be secure. And that expectation should be fulfilled as much as possible. Please not that I do believe security is an ongoing process and not a product solution...but thats my two cents. Heck, half the people on AOL seem to think IT is the Internet! <snip>