[LINK] The bad guys have won (was Re: www.ipv6.org.au/summit)

Karl Auer kauer at biplane.com.au
Mon Sep 1 10:15:00 AEST 2008 

On Mon, 2008-09-01 at 07:12 +1000, Stilgherrian wrote:
>      http://stilgherrian.com/internet/who_do_you_trust_everyone/

In marked contrast to much of your other writing, this one was
disappointingly lax.

In OSX and indeed in all Unixes, your chess program cannot format the
hard disk, unless you decide to run it as root. Nor can one user
generally attack the data or settings of another, unless said user has
root privileges. Nor can one user turn control of the machine over to a
third party, unless, again, they do so as root. This is a system that it
has taken Microsoft decades to get to, and they still do it very poorly.

Nor does Minesweeper to any of the things Ivan says it can. What he's
actually saying is that *in principle it could do them*, which is a
totally different thing. In a young man seeking attention, such
provocation is halfway to be expected, but a journalist needs to look at
such statements a bit more closely.

Ivan is quite correct when he says "the way modern desktop security
works is by relying on the user to make informed and sensible choices on
things they don’t understand." This is really the heart of his talk, and
it is as true of Unix on the desktop as it is of OSX or Windows.
Nonetheless there are major differences in how that "policy" (if you can
call it such) interacts with the user, and they *do* make a big
difference to the overall vulnerability of the user's desktop machine.
That is, there *is* "something about OSX [and any other Unix) that makes
it different to Windows in this regard".

As far as authenticating downloaded software goes, the FOSS people (and
others) have been using GPG keys and MD5 hashes for years. It *is*
possible to check, with a pretty high degree of certainty, whether what
you have downloaded is the correct item. That this system is often
ignored does not mean it doesn't exist or that it doesn't work.

Security relies on the (often very ignorant) user because there is noone
else to do it. Things like SE Linux and various military systems set up
finer-grained privilege systems, but in essence it is *always* possible
for *someone* to make a mistake or do something malicious that
compromises the machine. Presumably the attempt is made to push
responsibility for administration out to those most competent to do it,
but for a home user, who is that going to be? The more secure a machine
is made, the less useful it becomes, and if not less useful, then
certainly less easy to use. And what is the penalty? For most home
users, there is nothing really critical stored locally, and why should
they care if their system is spewing spam?

My own belief is that the solution is legislative. Make software
manufacturers responsible for damage that their products cause. Make
computer owners responsible for the damage their computers do (spam,
whatever). Only then will we see any real attention paid to security.

Regards, K.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)                   +61-2-64957160 (h)
http://www.biplane.com.au/~kauer/                  +61-428-957160 (mob)

GPG fingerprint: DD23 0DF3 2260 3060 7FEC 5CA8 1AF6 D9E3 CFEE 6B28
Public key at  : random.sks.keyserver.penguin.de

More information about the Link mailing list