| |||||||||||||
Critical Linux security API is still a kludge (Inquirer)Critical Linux security API is still a kludge (Inquirer)Posted Oct 23, 2006 18:27 UTC (Mon) by MisterIO (guest, #36192)Parent article: Critical Linux security API is still a kludge (Inquirer)
This seems a really waste of time to me!The problem of security in the IT world shouldn't be treated in a theoretical way.It should be treated in a statistical way,i.e. you shouldn't try to create an absolutely secure system,because it's really easy to fail in that direction(there's nothing perfet!),you should try to eliminate the first and most important of all the threats to all pcs,that is ignorance!If people follow even the most basic security rules,they would eliminate the 85% and maybe more of all kind of viruses.In fact the most dangerous problem about windows(at least till windows xp, I don't know about vista)is that you are root by default!!!This is why unixes are more secure by default(well,at least if you don't write your root password in your user folder in a file like rootpassword.txt,but this too is an ignorance problem!).Anyway,you could say that if you consider an enterprise or some government office,you should do even more,but well,if you are one of those ones,and you have selinux,and all the other systems already present in Linux,you should't need anything more,because you would be in a really secure condition and the real problem would be people another time!Normally people don't even want to read the documentation of their tvs or dvd players,they sit on the sofa and try pushingthis or that button,normally succeding with the simpler tasks and not using the advanced ones.The majority of pc users have this approach with pcs too!but networked pcs are a complete different beast than tvs or dvd players,and if you don't make this clear to them,there will always be big problems,whatever you do to make their systems secure,because a system cannot be secure without being more difficult to use than a dvd player(at least in the near future)!
(Log in to post comments)
Critical Linux security API is still a kludge (Inquirer) Posted Oct 23, 2006 20:36 UTC (Mon) by mrshiny (subscriber, #4266) [Link] You may be right, in that users are responsible (i.e. they are the actors that perpetrate) poor security. However asking the whole world to change its behaviour is generally a hard task. Lots of people who might even be ripe for switching to Linux can't, because of a windows app they need. And some apps on Windows still require admin privs (Bad PalmDesktop! No desert for you). But the point is that even good habits and a non-root user isn't enough to prevent viruses. It's only a matter of time before macro viruses and the like make themselves known in the Linux world; these don't require root privs to spread or cause damage. And asking every user to manually scan every file is madness since you already know users are ignorant and forgetful.
Basically what I'm trying to say is, a virus scanner is not a bad thing. Sure, it isn't perfect, but it helps, and like you said, brings you statistically closer to "secure". Users will always be ignorant. The computer needs to account for that, not the other way around.
Critical Linux security API is still a kludge (Inquirer) Posted Oct 24, 2006 3:15 UTC (Tue) by ringerc (subscriber, #3071) [Link] The "statistical" approach to security is unworkable, as it presumes that the attacker / threat is independent of your protection measures and is random (in the statistical sense, not to mean of equal probability). This is not the case - as you change your protection measures, the _people_ creating these attacks will simply move on to target other areas. You won't significantly reduce the number of attacks / viruses etc out there, nor will you reduce the harm they do much.
The attacker only needs to find one hole - and they're *actively* *looking* *for* *it*. Blocking 85% of security issues is not sufficient in this context, and it's for this reason that computer security is so hard.
If the attackers didn't respond to security advances, then you argument would make sense.
Critical Linux security API is still a kludge (Inquirer) Posted Oct 24, 2006 10:31 UTC (Tue) by MisterIO (guest, #36192) [Link] Well,it's true that it's wrong trying to treat the security issues statistically in general,because there will always be some new and different ways to attack your software,but what I really meant was : "Try to start addressing the most dangerous of all threats,that is ignorance!".Yeah,you could argue that it's an overwelming task to do,but I don't think so.For example you could start teaching IT(and security problems related to IT) in schools(from the very beginning) just like math or history or geography,because in the modern times IT is so widespread and so important that you should be taught about it!You need to know about how to use pcs,exactly as you need to know english(to me too,even though english is not the language of my country).Yes,it's not a quick solution to the problem,but in the long run it will be the most effective one.
Critical Linux security API is still a kludge (Inquirer) Posted Oct 24, 2006 18:12 UTC (Tue) by nlucas (subscriber, #33793) [Link] It's now common on most countries to only allow people to drive with a driver's license.
Does it make roads saffer? Sure (and I would imagine a LOT saffer than before)
There will always be bad drivers and no global education will fix that (unless restricting driving only to the safest ones, automatically making driving a "previledge" only to a subset of the population).
I don't see any difference between this and computer users.
|
|||||||||||||