Security and stability centre

Just how secure is linux?

Microsoft's attitude is that they acknowledge there are flaws, and have therefore implemented a security centre which shows the status of auto-updating, firewall, security settings, and checks for Anti-virus. They also provide a free anti-malware program which is updated often.

Apple's sales pitch is generally to claim they are secure. Anyone buying a Mac will often be told that "Macs cant get viruses" or "OSX is much more secure then other operating systems" or even go as far as saying "OSX is based on open source, so its audited by lots of developers" and so as such, Apple's security centre only is for encryption, screensaver lockouts and such. If apple started providing Anti-virus, it would freak people out as they would no longer be in the mindset that OSX cannot be hacked

Now, what is Linux's position? Its hard to say as there are hardened distro's, rootkit detectors, security auditing program, but thus far, none of the major desktop environments offer a security centre to identify an insecure setup.

What we need is an application which centralises security. I'd like to think of it as "Security and Stability". It should monitor the following:
- Firewall status. No IPtables enabled = insecure
- Show all security updates. Users should be informed when there are updates available specifically targetting security.
- User rights. If the user is running as root, they should be told.
- Anti-virus. There should be integration with Anti-virus here, or a one click means of listing various versions of anti-virus. Integration should also allow a one click option to start scanning, and an indication if automatic scanning is enabled

- Rootkit detection. There are lots of Rootkit detection systems out there. I suggest that users be able to click a button and run a quick test.
- Permission checker, this was covered in detail earlier. You should be able to run a scan from here.
- Identify if your network is broadcasting everyones traffic to everyone (ie, hubs, not switches).
- Anything else.

Microsoft has the right idea for this. A clean and easy to understand interface is required for this. Otherwise, we will end up with a bunch of computer lusers who happily turn off their firewalls because "they are running linux", without anyone telling them that its a bad idea or the risks. Nobody likes to put up with them 3 months later when they haven't upgraded their openssh for months, and a hacker has wiped out their kernel, and they want someone to help them fix it.

If we want to support everyones needs, this is a must. We can avoid the troubles Microsoft has had in the past by doing so.