[LINK] Schneier on Storm Worm

Kim Holburn kim.holburn at gmail.com
Sun Oct 7 16:17:25 AEST 2007 

SE linux is very good but very, very hard to use, to set up.  App  
monitor is similarly difficult.  I know good sysadmins who have given  
up trying they are so difficult to set up.

ACLs have been around for a while but who actually uses them?  They  
are so complex to set up.  For instance both MacOS X and XP have ACLs  
do you know anyone who has actually used them?

This is not so much about the underlying security technology, which  
seems in this case to be more like virtualising each application in a  
separate environment, but the design approach which says: the  
complicated decisions that should be made by the computer are not  
handed to the user who doesn't really understand what's happening.   
If security is going to be useful at all it must not be complicated  
for the user.  Surely the designers will get it wrong sometimes but  
probably not as much as users who can't possibly understand what's  
going on even if they have a clue.

The fact is that giving all applications no matter where they came  
from (were downloaded from) the same permissions and access as the  
user is definitely not wise.  ACLs still treat all applications run  
by the user as though they were the user.


On 2007/Oct/07, at 1:35 AM, Craig Sanders wrote:
>> Actually they're not.  Bitfrost is a complete redesign of computer
>> security with, what seem to me to be such obvious principles, as a
>> basis.
>> [...]
>
> huh? what isn't? and what is it that they aren't? i was only talking
> about file permissions and acls. didn't mention or comment on bitfrost
> at all.
>
> my point was that more detailed, more flexible file permission  
> features
> (ACLs) are available and have been available for many years. most  
> people
> don't need or use them. old-style permissions may be simple and  
> limited
> but they have survived BECAUSE they are adequate for many purposes and
> don't require a huge amount of knowledge or work to use effectively.
>
>> People, and especially most people who don't know much about
>> computers and even sometimes those who are, are simply not in a
>> position to make security decisions on the fly.  OLPC laptops are
>> designed to be used by people who may not even be literate and may
>> not be able to enter a username/password combination and yet still be
>> safe.
>
> safe from some things. still vulnerable to phishing and similar
> social-engineering attacks.
>
> protecting the user from themselves only goes so far.
>
>
>> [...] Programs running do not get the same permissions as the user  
>> and
>> may not get access to any of the user's data.
>
> you mean something similar to the SELinux ("Security Enhanced Linux")
> extensions developed by the NSA several years ago, and merged into the
> mainline linux kernel shortly after they released it? with support for
> it in all major distributions.
>
> i know one linux user who has a machine on the net locked down tightly
> using selinux. he has publicly published the root password with an  
> open
> challenge for the last few years to compromise the machine. even  
> knowing
> the root password doesn't help if the security context definitions
> don't allow programs to access or change things - e.g. only known and
> pre-approved programs can be allowed to access certain (or any)  
> files or
> have access to the network.
>
> for example, only the system's package manager tools are allowed to
> update/overwrite other programs. only the supplied password  
> manipulation
> tools are allowed to change the user authentication data (/etc/passwd
> or whatever). only the system logging daemon has write access to the
> log files. only apache is allowed to listen on port 80 (and it only  
> has
> access to web related files, nothing else).  and so on.
>
>
> again, the feature is available, and again most people don't use or  
> need
> it.

The features are a great idea but so complex most people can't use them.

--
Kim Holburn
IT Network & Security Consultant
Ph: +39 06 855 4294  M: +39 3494957443
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request

Democracy imposed from without is the severest form of tyranny.
                           -- Lloyd Biggle, Jr. Analog, Apr 1961

More information about the Link mailing list