Security quote of the week

[Posted February 2, 2022 by jake]

We already know what a platform that allows any software to be installed looks like: it’s how our computers work. Whether we use Windows, or MacOS, or Linux, there is no monopoly dictating what software we can or cannot use. We can run our computers securely, or we can choose not to. Far from it being the dangerous hellscape we’re told to fear, the results are actually pretty good. Yes, there is malware. Yes there are attacks. But there is security and safety as well. Hundreds of companies innovate in this space, developing new security and privacy technologies that we are free to install if we choose.
Out in the real world, we give people the freedom to choose their own level of risk. It might be objectively true that Disneyland is safer than a public park, but that doesn’t mean we should outlaw all public parks and give Disney a monopoly on park-like gathering places. People are free to visit Disneyland, and pay for the privilege. They are free to visit other companies’ commercial parks. And they are free to visit any of our nation’s public parks. Our laptops are like public parks, that we can arrange with whatever amenities and safeguards we choose. There is no reason our phones should not be as well.

— Bruce Schneier in a letter to the US Senate about app stores

Security quote of the week

Posted Feb 6, 2022 1:40 UTC (Sun) by flussence (guest, #85566) [Link]

I think I can abbreviate this one a bit:

For every Disneyland, there's an Action Park. Apple, Google et al. have been running their app stores since day 1 like they're charging tickets for the ferris wheel in Pripyat.

Security quote of the week

Posted Feb 7, 2022 16:28 UTC (Mon) by ashkulz (guest, #102382) [Link] (1 responses)

I think I like this snippet the best

> Giving tech companies a veto over which software users can and can’t trust is a system that fails badly. That is: it’s one thing to seek a company’s recommendations about what constitutes a security risk, and another to let that company’s judgment override your own. The former requires that the company be reliable, the latter requires that the company be infallible.

Security quote of the week

Posted Feb 7, 2022 17:01 UTC (Mon) by Wol (subscriber, #4433) [Link]

The other massive problem is, of course, who defines "security risk". I can run a product that's buggy as hell, and a total liability, if I have no intention whatsoever of connecting that system to a network.

On the other hand, I can run a program that is deemed "secure", and have the system hacked and compromised because of an app the OS supplier side-loaded without me even being aware of it! Yes, Microsoft, I'm looking at you sideloading all your XBox stuff on my system that only ever runs JUST ONE game (and a massively pre-XBox game at that!).

Cheers,
Wol