I voted for option number 3. Hell, I go to places on the net that would probably make malware testers say "No thanks". I don't mean that in an "I can't be touched" way, I just simply don't execute a single thing without a good scan first, have some common sense and lock my browsers down. Also, there isn't anything on this system anybody would want, and I don't do online banking.
I've heard this said many times... "there's nothing on my hard drive that anyone would want"... when in fact many people get owned because of their bandwidth or to become a zombie in somebody's bot army. Is this not correct?
I'm generally not too worried about getting hacked. That said, the first time I got hacked it was utterly unexpected, at the hands of an astronomy website that was itself hacked. And later I got to see a hacked site auto-execute a .bin file on a Debian system. (Fortunately it crashed without doing any damage, but still...) So I am a bit weary, even on Linux. For the most part I think common sense and a few security applications (or MAC and iptables, if you're on Linux) will do the trick. It helps to never consider one's self invulnerable, however.
They still have to actively penetrate your system Page42, if they can't execute their toys, they can't recruit you for their bot army. A lot of folks make security more complicated than it really is, seriously.
You've missed my point... or I've missed yours. I'm speaking of motivation, i.e. a hacker's reason for wanting to own you or anyone else. Your statement, "there isn't anything on this system anybody would want", doesn't apply or make any difference to the people who want your bandwidth, your storage capacity or to use your system in a denial of service attack or as a spam bot. Their motivation frequently has nothing to do with what is on your system. They want ownage, and in that sense, there is something somebody would want on your system.
I didn't miss your point, it came through loud and clear My own point is that even though they may just want your bandwidth, storage, or as a zombie, they still have to get to your system, and, to do that, they have to be able to execute SOMETHING. So, my whole point was no, I'm not afraid of it because they have to have access to my system, and they won't get it if I don't click on things I know I shouldn't and scan files before I open them.
So why are you saying... "there isn't anything on this system anybody would want" if you realize that, "they may just want your bandwidth, storage, or as a zombie"? The first statement is wrong. It's a fairly common misconception that I hear repeated frequently.
Err, the statement wasn't meant to be taken so literally, lol. In any case, you're far more likely to get screwed by keylogging or swindled out of cash by a rogue app than you are to be used in a botnet or as storage facility by a criminal in my opinion. So, if you take that into consideration, then no, my statement ISN'T wrong. If they're looking to steal data, bandwidth, storage, whatever from you, they can't steal what they can't get to. Look, the important thing is not what you have or don't have on your system, it's who has access. If criminals can't get that access, then they can't do anything to you, which goes right back to me saying, again, I'm not afraid of them because I know how to stop them.
Did you ever notice how people never say in advance, "Now don't take what I say literally"? That always seems to come up in the form of an err, explanation afterwards. You ought be prepared for folks in a security forum to take what you write literally.
Is the LiveCD in this list? "I'm skeered", cries little OS. "Don't you worry none", says poppa FW, "I'll protect you. And Momma HIPS is here too. So don't you fret, you here." http://www.gnucitizen.org/blog/script-kiddies/
I'm sure it could happen, but I don't worry about it. I feel secure in using certain security programs and safe surf habits.
Okay, okay, lol. All I ever meant was that MOST are after data itself, which, if not stored on the computer or exposed through online purchasing/banking, they won't be able to get to...and THAT is ONLY after being able to get the user to execute a malicious file/script in order to get to whatever data/bandwidth/storage there is. I understand your point though, you're right