.comment: Service Security -- Where Is It? - page 3
Yes, it's true: There's no such thing as a perfectly secure computer. When you get right down to it, there's no such thing as a perfectly secure anything, but that's scant reason to down a pint of whiskey and go out and see how fast you can make the car go. There is such a thing as a perfectly insecure computer. That's why those of us whose brain power exceeds that of mold don't spend time online while logged in as root. And it's why we should do what we can to make our machines if not invulnerable at least not inviting targets.
The first step is to shut off those services we don't use. That's an easy sentence to type and a difficult thing to do, in no small measure because many of us don't really know what favors the packagers of our Linux distributions have done for us by launching things that are of use only to crackers. These acts of distributional benefaction vary from company to company, so there's no way of providing a master list. You need to try to track down the documentation on each one, item by item. Lots of fun.
Or perhaps you could email the distributor's support services for a full explanation of each default service. Good luck.
What's needed, really, is something on the order of a minor user uprising, a discussion on user mailing lists and perhaps email to the distributors detailing how the distribution that cares for its customers by documenting available services in useful language and by turning all but absolutely essential ones by default is the one that will gain users' confidence and their custom. It is not a difficult thing for distributors to do, and it can save users, both desktop and enterprise, a great deal of trouble.
Understand: I'm not trying to whip you into a mail-writing frenzy. But I am trying to point out that for no good reason (and, so far as I can tell, no bad reason, either--just no reason at all) distributors are risking your machine's security and squandering your system's resources on services that you do not now and probably will never need. And should you need them, just a little documentation would make them available to you.
It's nice that distributors watch for security holes. It would be nicer still if they decided not to put known ones on user machines.