[LINK] Consumer computer security

Craig Sanders cas at taz.net.au
Wed Jan 24 18:49:57 AEDT 2007

On Wed, Jan 24, 2007 at 04:59:13PM +1030, Glen Turner wrote:
> Craig Sanders wrote:
> > to start with, it would be running linux (or freebsd or even mac osx
> > but linux is less hassle and there are a number of freely available
> > live-CD linux distros to choose from) rather than windows.
> Ah, yes. Linux and security.  More secure than Windows does not mean
> secure.

nothing is 100% secure.  and never will be.

> As a trivial example, Linux will happily run under VMWare and take
> input from the keyboard, even where the applications programmer has
> requested X Windows to use secure inputs only.
> Yes it's convenient. It's also insecure as, despite the applications'
> specific request, it's now taking input from an insecure source, since
> we should not trust that VMWare has not been compromised.

yes, if you try really hard and run linux in an emulator (presumably on
an insecure OS like windows) you can find ways to make linux insecure.

i've said this myself on numerous occasions.

the difference is that you have to try hard to make it insecure. there
are many ways to do it but out-of-the-box, linux is secure enough for
most purposes.

> > secondly, it would have java, flash, and other executable web content
> > disabled.
> That's a real problem for the bank's applications programmer, since
> they now have no way to correct the deficiencies of the operating
> system.  For example, both Windows and Linux will allow secrets to
> be entered through the keyboard whereas the applications programmer
> might prefer them to be entered using a randomised on-screen keyboard
> so that keyloggers cannot replay the keys.

if the programmer thinks that that is any more secure than a keyboard,
then they're an idiot. if a system is compromised so that a real
keyboard can be snooped on, then so can a virtual on-screen keyboard.

anyway, a web programmer shouldn't be thinking about the deficiencies
of the operating system, let alone trying to work around them. they
should be programming for the browser environment, which is (at essence)
little more than a way of displaying data - i.e. HTML. the server side
generates and transmits the data in response to user request/input. the
browser renders it in whatever manner best suits the local environment
- the web programmer should not be trying to second-guess what that
local environment is, and they certainly shouldn't be forcing their
expectations onto the rendering.

> Without changes to PC hardware there are no simple answers here.  The

there will be no simple answers, ever.

but there are some simple underlying rules - and one of them is that
you can't have a secure online banking system based on a fundamentally
insecure operating system like MS Windows.

> There's also the problem of secure delivery of the Live CD.

secure distribution is far from an insurmountable problem.

banks could ship their own live CD to customers.

or there's always download and MD5 checksum verification.

> But we're starting from a low base here, so I suppose any improvement
> is worthwhile.

linux (or any *nix) is a vast improvement, security-wise, over windows.
not perfect, but then perfect security is unattainable.


craig sanders <cas at taz.net.au>           (part time cyborg)

More information about the Link mailing list