[LINK] Schneier on Storm Worm

Craig Sanders cas at taz.net.au
Sun Oct 7 17:35:03 AEST 2007 

On Sun, Oct 07, 2007 at 08:17:25AM +0200, Kim Holburn wrote:
> SE linux is very good but very, very hard to use, to set up.  App monitor 
> is similarly difficult.  I know good sysadmins who have given up trying 
> they are so difficult to set up.

yes, i know.

> ACLs have been around for a while but who actually uses them?  They are so 

people who really need them.

those who don't really need them don't bother.

> The fact is that giving all applications no matter where they came    
> from (were downloaded from) the same permissions and access as the    
> user is definitely not wise.                                          

OTOH, giving one software supplier a priviledged advantage is also not
wise. and it's anti-competitive.  MS loves this approach.

> ACLs still treat all applications run by the user as though they were
> the user.

and most of the time that is perfectly adequate.

more fine-grained control over which applications can do what is
obviously better in many ways - it does, however, increase complexity.
or reduce utility/flexibility. or both.

when you get granularity of configuration down to that fine level then
somebody, somewhere has to configure it. if you leave it up to the OS
vendor then you reduce utility & flexibility (AND give the vendor a
priviledged advantage). if you allow third-party app developers to setup
their app's priviledges at install time then you undermine the security
you're trying to set up. and if you leave it up to the user they'll get
sick of suffering "Cancel or Allow?" syndrome and just turn off all
protection.

all of these factors (security, flexibility, open dev platform, ease of
use, annoyance, convenience) and others are traded off against each in
ANY security system. there IS no one-size-fits-all solution. nor can
there ever be one. what works for one person would be infuriating or
mind-bogglingly complex or whatever for another.


a common compromise method (adopted by selinux and others) is to
implement mind-bogglingly complex flexibility, but to buffer the user
from most of that by having sets of pre-defined "profiles" (e.g.
workstation, web server, file server, etc) which the user can simply
choose from as the base for their rules. if that isn't a perfect match
for their needs then the security system's flexibility allows the user
to tweak and customise that as needed.

not ideal, but probably the best that can be achieved.




in any case, no matter how good the technology, it can not save the user
if they are determined to do stupid and dangerous things. unfortunately,
many are determined to do exactly that.

if MS patched up all the security problems of windows (and even fixed
the design so that it wasn't brain-damaged from a security POV) it would
be a huge help in getting rid of viruses and worms and botnets.

for a while.

then the vermin who write them would concentrate all their effort on
social engineering attacks to trick the user into allowing their code to
do it's evil stuff. and they'd be very successful at it (they already
are now - with even more incentive, they'll only get better) BECAUSE
most users are ignorant and completely unwilling to learn anything OR
take *ANY* responsibility for either their own security or for what
their computer is doing to other people on the net.

unfortunately, no matter how good the technology there is a bare minimum
that they MUST know and they're not even willing to do that.

they don't know, and they don't want to know.



trojans, for example, don't rely on security holes. they rely on idiot
users doing things ("click here", "install this", etc) without thinking
just because they're told to.

same for phishing - that doesn't need a technological security hole.
that just needs an average user.



in other words, it's not possible to completely idiot-proof
anything....and trying just lowers the bar resulting in even more
dangerous idiots.



and before you take my words the wrong way - they're not idiots
because they don't know stuff. knowing stuff is just knowledge, not
intelligence. they're idiots because they're not even willing to try.


craig

ps: yes, part of the problem *IS* false expectations caused by
misleading and deceptive advertising about how easy computers are
to use. no training required. no knowledge or clue or understanding
required. 

the reality is that complex tools require understanding, and there
aren't many tools that are more complex than computers.

this fact is, however, ignored because it is competing against the
self-serving lies that billion dollar companies spend vast sums of money
to promote.



-- 
craig sanders <cas at taz.net.au>

Why don't elephants eat penguins ?

Because they can't get the wrappers off ...

More information about the Link mailing list