Re: Securing our computers?

[Valdis.Kletnieks () vt edu]

On Sun, 02 Nov 2008 05:38:20 -0000, n3td3v said:
> does anyone have good ideas on how to secure our computers better?

Good ideas?  Those of us who have been doing this for decades have *plenty*
of those.

Good ideas that are both (a) practically deployable and (b) workable in
practice?  Those are in short supply.

Your long rant is just beginning to scratch the *surface* of the issues involved.

There's a very basic design problem:  People think they want their computers
to be generalized Von Neumann architectures, and resist attempts to give them
something that's more a Harvard architecture - go look at the debacle that
was WebTV for what happens when you try to give them a closed-box that's
no-user-modifiable-parts-inside by design.

It's *easy* to design an appliance that's reasonably secure.  Look at the
relative difficulty of hacking a Wii compared to hacking a Windows XP box.

What we *don't* know how to do is make a system that Joe Sixpack is allowed
to screw around with, and yet prevent security issues from happening.  The
only *real* solution here is to invent a better Joe Sixpack that's able to
understand that security should be more important than the neat screensaver
he just downloaded with no clue as to the code's provenance.

Unfortunately, the Joe Sixpacks tend to marry Jill Sixpacks, and reproduce.
Anybody who's read CM Kornbluth's "The Marching Morons" will immediately
recognize it as the *current* situation of most white hats.

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/