That's a good idea. Now, whether FreeBSD drivers are any "safer" is a good question, but at least we know there are fewer people attacking it.


I like the whole idea of Parallels and the seamless window experience (ala Citrix). That's going to make running a non-Windows system while maintaining your Windows applications real easy. (I touched on this at http://www.techevangelism.com/2007/04/09/a-linux-consultants-not-so-linux-desktop/ .)


---

Puryear Information Technology, LLC

Baton Rouge, LA * 225-706-8414

http://www.puryear-it.com


Author:

  "Best Practices for Managing Linux and UNIX Servers"

  "Spam Fighting and Email Security in the 21st Century"


Download your free copies:

  http://www.puryear-it.com/publications.htm



Tuesday, April 10, 2007, 8:48:49 PM, you wrote:


>

I wonder if this is an argument for going in the other direction: having a FreeBSD Host CPU where you run Windows as a guest OS. So you can use windows for all your desktop faves but all the 'real stuff' would be FreeBSD, and thus less likely to be effectively attacked (presumably). 


- C



On 4/10/07, Dustin Puryear <dustin@puryear-it.com> wrote:

No, a jail would not help.


As far as how to protect against this (assuming the device driver

itself is vulnerable), it depends on where the device driver runs and

whether the kernel is sufficiently paranoid. I just googled and found 

an interesting mention of this issue:


http://www.schneier.com/blog/archives/2006/07/wifi_driver_att.html


I'm no expert in this area, so I'd love to hear more from others that 

may know more.


---

Puryear Information Technology, LLC

Baton Rouge, LA * 225-706-8414

http://www.puryear-it.com


Author:

  "Best Practices for Managing Linux and UNIX Servers" 

  "Spam Fighting and Email Security in the 21st Century"


Download your free copies:

  http://www.puryear-it.com/publications.htm



Tuesday, April 10, 2007, 6:47:38 PM, you wrote:


> Dustin,

> Would a jail be any help at all in that situation?

> =====

> Craig Wiseman



> At 05:25 AM 4/10/07 -0500, Dustin Puryear wrote: 

>>I would agree that running BSD under VMWare is going to give you some

>>added protection against spyware and such while surfing. However, as

>>far as normal "network-layer" attacks, VMWare doesn't always help. 

>>I've read of some attacks that specifically target your wireless

>>card's device driver, so the attack could potentially compromise your

>>actual computer before traffic is even pushed up the network stack. 

>>

>>Scary, eh?

>>

>>---

>>Puryear Information Technology, LLC

>>Baton Rouge, LA * 225-706-8414

>>http://www.puryear-it.com 

>>

>>Author:

>>  "Best Practices for Managing Linux and UNIX Servers"

>>  "Spam Fighting and Email Security in the 21st Century"

>>

>>Download your free copies: 

>>  http://www.puryear-it.com/publications.htm

>>

>>

>>Saturday, April 7, 2007, 3:53:20 PM, you wrote:

>>

>>> On 4/7/07, Chris Lalos < chris.lalos@gmail.com> wrote:

>>>> I'm sitting in a cafe right now (Brasil on Dunlavy and Westheimer).

>>>> Non-threatening yuppie hipsters, non-threatening jazz, the whole 

> experience.

>>>>

>>>> Someone at the next table asked me if they have Wifi here. I do not

> know. My

>>>> laptop reports an unsecured wireless network named 'dlink'. This would 

>>>> appear to be run by either 1) someone profoundly unknowledgeable, or 2) a

>>>> crook.

>>>>

>>>> Which brings me to my question . . .

>>>>

>>>> It occurs to me, that I ought to be able to run FreeBSD in a VMWare

> session,

>>>> fire up KDE or Gnome or whatever, and do my surfing from there. I could

>>>> connect to whatever naive looking hotspot I choose. The idea is, if this 

>>>> hotspot was run by a bad guy bent on attacking people who hop on the

>>>> network, then he'd really only be attacking my VMWare session, not my

> 'real'

>>>> laptop beneath. 

>>>>

>>>> My question is, what kind of protection does this really provide. Would he

>>>> really have no access to the underlying filesystems, etc? Or would it not

>>>> really be any protection at all. 

>>

>>> Hello Chris,

>>

>>> The VMWare session certainly provides an extra layer of protection.

>>> Although that layer is logical and the protection is not absolute. In 

>>> other words, data always flows from the host to the guest machine.

>>> Should an attacker find a flaw in the host's stack, the system in its

>>> entirety (including the guest machines) is toast. 

>>

>>> More often, the rogue access point is there to collect your network

>>> traffic. It's theoretically so much easier.

>>

>>> Youssef

>>> _______________________________________________ 

>>> Hou-freebsd mailing list

>>> Hou-freebsd@houfug.org

>>> http://www.houfug.org/mailman/listinfo/hou-freebsd 

>>

>>_______________________________________________

>>Hou-freebsd mailing list

>>Hou-freebsd@houfug.org

>> http://www.houfug.org/mailman/listinfo/hou-freebsd

>>


> _______________________________________________

> Hou-freebsd mailing list

Hou-freebsd@houfug.org 

http://www.houfug.org/mailman/listinfo/hou-freebsd


_______________________________________________

Hou-freebsd mailing list

Hou-freebsd@houfug.org

http://www.houfug.org/mailman/listinfo/hou-freebsd