Secure Coding mailing list archives
RE: Hypothetical design question
From: Nick Lothian <nl () essential com au>
Date: Thu, 29 Jan 2004 00:35:46 +0000
Yes, the application design process, as it exists in far too many environments, is horribly broken. No new news there, I suppose. Secure application design and secure coding are quite different matters. You can create rather secure code in an incredibly insecure application design. Since programmers are responsible for the code, that portion of securing the application is up to them. Since they're often excluded from the design process, fatal flaws are injected into the design much further upstream. To wit: Outlook's problems aren't due to buffer overflows, they're due to an intrinsically bad design in the name of "innovation" (pronounced "oh-no-vation" :-).
I have a different point of view here. An email client is a tool that allows you to send messages. Both executable programs and data attachments (think word documents) are perfectly reasonable things to want to send from the users point of view (and if we try to claim that it isn't then we also need to make a reasonable suggestion for a substitute). I think either the email client or the operating system needs to protect the user from malicious programs _by default_ (on a non-professionally administered system). I don't think an email client can do this, and I'm not aware of any operating system that really supplies this protection (although most can be configured to provide some protection. Perhaps capability based operating systems do this?) On the other hand, the operating system/email client still needs to allow one-click execution of attachments - it should just restrict them from doing malicious things. Nick
Current thread:
- Re: Hypothetical design question, (continued)
- Re: Hypothetical design question Dave Aronson (Jan 28)
- Re: Hypothetical design question Andreas Saurwein (Jan 28)
- RE: Hypothetical design question Alun Jones (Jan 28)
- Re: Hypothetical design question Louis Solomon [SteelBytes] (Feb 02)
- RE: Hypothetical design question Michael S Hines (Feb 02)
- Re: Hypothetical design question Louis Solomon [SteelBytes] (Feb 03)
- RE: Hypothetical design question Jason Wilcox (Feb 03)
- RE: Hypothetical design question Michael S Hines (Feb 02)
- RE: Hypothetical design question Robert Shields (Jan 28)
- RE: Hypothetical design question Nick Lothian (Jan 28)
- RE: Hypothetical design question ljknews (Jan 28)
- RE: Hypothetical design question Nick Lothian (Jan 28)
- RE: Hypothetical design question Dave Paris (Jan 29)
- RE: Hypothetical design question ljknews (Jan 29)
- Re: Hypothetical design question David A. Wheeler (Jan 29)
- Re: Hypothetical design question Paco Hope (Jan 29)
- Re: Hypothetical design question David Harmon (Jan 30)
- RE: Hypothetical design question David Crocker (Jan 30)
- RE: Hypothetical design question Alun Jones (Feb 01)
- Re: Hypothetical design question Paco Hope (Jan 29)
- Re: Re: Hypothetical design question Kenneth R. van Wyk (Jan 29)
- Re: Re: Hypothetical design question der Mouse (Jan 29)