[lug] new idea about os's

Ian S. Nelson nelsonis at earthlink.net
Sat Sep 27 06:31:59 MDT 2003 

I agree, it's a bad metaphor unless you believe that the issue of 
security is intractable.   To the mcpmag crowd, it may very well be an 
intractable problem, I'm not sure how you address it in their world.  
There are some notable examples of "certified" secure systems and 
systems where security was of paramount concern having vulnerabilities 
that were discovered after they were deployed,  Trusted Solaris just had 
one.  It's definitely a difficult problem but not an insolvable one.  
(There are also "certified" secure systems that have no known record of 
vulnerability)

The question of it being solvable for the masses on the cheap might be 
more interesting.  So many of the practices the windows running masses 
operate by, clicking on attachments, rich active content in browsers and 
web space with active-x components (sure it makes for coolish web 
sites,)  and many more make it an interesting problem.  How do you tell 
someone who doesn't understand that actually running that "joke" their 
friend sent them may be a bad thing?  Then there are spywares like gator 
that kind of do a function for some people and they knowingly install 
that stuff while it probably violates every corporate policy around and 
who knows if it actually does something bad.

Ian



Paul E Condon wrote:

>On Fri, Sep 26, 2003 at 12:50:44AM -0700, bill ehlert wrote:
>  
>
>>
>>here's a very new (to me, anyway) idea
>>about os's  --  whether they be windows,
>>linux, mac os, bsd, whatever:
>>
>>that whenever there's one with an
>>almost-monopoly position, there's
>>an almost-irresistable target for
>>crackers.
>>
>>there has been a report written on
>>this, and the place i found it
>>written up was  --  The Microsoft
>>Certified Professional Magazine!
>>
>>http://www.mcpmag.com/news/article.asp?EditorialsID=613
>>
>>    
>>
>
>Maybe M$ being a monopoly makes it a irresistable target,
>but Fort Knox is also an irresistable target, and there
>is no record of a pre-teen kid breaking into it.
>
>No, the real problem is bad design, and bad information
>for users on how to protect themselves. It like selling
>safe deposit vaults that have no lock, and in irremoveable
>sign announcing "Open".
>
>  
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 252 bytes
Desc: not available
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20030927/abb5d02d/attachment.pgp>

More information about the LUG mailing list