Computer security isn't attainable

Printable View

November 14th, 2004, 10:35 PM
rcgreen

Computer security isn't attainable

Computer security isn't attainable. It isn't even desirable. Not if you accept
any of the extreme definitions of security now circulating among the
Machiavellian leaders of the software industry.

Security for whom? Security from whom?

If you are a regular computer hobbyist, who likes to surf the net, you may have
already assumed that your own definition of security is shared by the experts
movers and shakers, and you would be wrong. You think security is a way of
protecting your box from malicious dudes out there who want to mess with
you. The "initiated cognoscenti" of the industry want to protect the net
from you.

They want to protect their "intellectual property", their "investments",
their "data" from leaking out to the common unwashed and ignorant masses.

Most "true" security is intended to protect the system from the user.

What is this BS about unix being "insecure" because of the existence of
the dreaded "root" account. The only possible reason someone could
say such a thing is if he was born on a different planet than the one I
come from. On his planet, humans cannot be trusted, and therefore
cannot be trusted to log in as root. The issue isn't so much that
some malicious outsider might be able to illegitimately gain root access.
No, the thing that bothers them is that I want to log in as root on
my own machine. That is my heinous crime, that I will not surrender
control over to a "secure" OS that will not permit me to modify or change
the system, because the authors of that system do not trust me.

I should be prevented from deleting my system logs, because those logs
can testify against me; because no admin would ever have a "legitimate"
reason to "tamper" with the logs. Never mind the fact that it was
supposed to be my computer that I paid for with my own money.

The "need to know"

Computer security, to the experts, is a lot like the Military chain of
command, with its strict rationing of knowledge based on the "need to know."
If your orders are to lead your men up that hill and die for your country,
you don't "need to know" anything beyond the present operation, especially
about over all strategy. If you are captured, you will be unable to reveal
anything to the enemy about the battle plan. You only know your own
orders, but no one else's.

A "free" society

The usual flame wars here on Antionline (the ones on linux v. windows) always
include those who insist that the "facts" dictate a certain type of security
policy (mandatory access controls), and that those who feel threatened by
that are just "ignorant". The real debate over security isn't about "facts"
at all, but about philosophy. Once you accept the argument that security
is all about "protecting the system from the users", it's all inexorable
logic from there on. None of us can be trusted, so we must be relegated
to the sandbox.

What are you doing, Dave?

Once upon a time, Sci-Fi authors feared computers. They created stories
like 2001 A Space Odyssey, because back then there was only one philosophical
model governing Computer Science, and it was threatening to free-thinking
people. A computer was a massive monolith run by arrogant engineers who
loved to lecture us about "garbage in-garbage out", which is to say that
"Computers don't make mistakes, only humans do"

In Dave's epic battle with HAL, he had to literally climb inside the hardware
and do some creative hacking to save himself from the perfect computer
with the "secure operating system", because it was explicitly designed
to prevent unauthorized tampering.

An alternative Philosophy

Introduction of the microcomputer brought with it an alternative philosophy
of computing. Today we have all sorts of smart gadgets because computing
power has been decentralized and distributed wherever you can put a microprocessor.
I'm surprised they haven't put a microprocesor into a claw hammer.
With your own computer, you are armed against the authoritarian advocates
of a regimented "access controlled" future. But the devils won't stay dead. They
just keep coming back in different disguises.

The Net Is The Computer

The latest twist on this assault is the idea that the internet has evolved into
a single computing entity, and your box is merely a "thin client" logging on to
the monolith. The real resources are on "the system", and you are only "permitted"
to participate if you behave properly. Some big players (and M'Soft isn't the
only one) want to seize control of the Net by dominating the setting of
standards and protocols to their own advantage. The net could then truly
evolve into a HAL9000.

Who's in charge?

As much as I hate to say it, there's a good reason why business and accounting
people, rather than engineers and technicians, are in charge of businesses.
There are also good reasons why civilians have authority over the military.
Likewise, users, rather than Computer science graduates, should decide
broad concepts of computer security policy. Technical demands may seem compelling,
but they should not shove moral and political considerations aside, lest we all find
ourselves fighting HAL for our lives.
:cool:
November 15th, 2004, 12:41 AM
moxnix

Heh heh heh, I would say you are being a little over paranoid.....except I agree with most, if not all, of what you said.

I hate intrusive programs that want to tell me what to do. Or start on their own and usually a boot up, not caring if you want them to or not. Thats one of the things that turn me off about Nortons. Not only is it very intrusive, but it can be a real bear to uninstall. Yahoo messenger and its attendant programs is another I dislike, although with a little work you can disable most of it ( and yes I do have yahoo messenger, but a very scaled back version). Yahoo doesn't give you the option to install only part of the package that you want. Its all or nothing, and then you have to go back through it and uninstall the parts you don't want. It should give you the option of installing just the parts you want.

I run Windows XP, but I wish you didn't have to take the whole package ( I guess with XPLight that you can now trim Windows down to a minimum size). I would love to have an easy way to take out Internet Explorer, without harming the OP system, but the best I can do for now is make Firefox my default browser and regulat IE to dead space on my HD.

It seems that now days, everyone is trying to regulate what you use and how you use it.....from the big guys to the small fry.
November 15th, 2004, 01:14 AM
Juridian

I fail to see how this warrants the greens or the place in the tutorials section. There is a better place for this...
November 15th, 2004, 02:40 AM
MrLinus

I'm sorry but I don't see how this is a tutorial. As such, I've moved it to Misc Security as it does have security discussion value but as a tutorial, by definition, I don't see it.
November 15th, 2004, 04:09 AM
TheSpecialist

You are aware of how much of a good portion of attacks have come from an insider or half-wit users who propogate malware without even knowing or caring. I don't even let my own family, my own mother and father, enable the clipboard or install new software... hell, and thats just with the few computers they own, none of them are even mine. Its not that I don't trust them... its just that I've fixed things where in normal situations I would be paid for that type of thing. Anyone who would let adware sit around for years at a time is below me... and I will feel free to treat them as they truely are... pre-litterate, degenerate, barbarians.

Quote:

I hate intrusive programs that want to tell me what to do. Or start on their own and usually a boot up, not caring if you want them to or not. Thats one of the things that turn me off about Nortons. Not only is it very intrusive, but it can be a real bear to uninstall. Yahoo messenger and its attendant programs is another I dislike, although with a little work you can disable most of it ( and yes I do have yahoo messenger, but a very scaled back version). Yahoo doesn't give you the option to install only part of the package that you want. Its all or nothing, and then you have to go back through it and uninstall the parts you don't want. It should give you the option of installing just the parts you want.

Now see, now this is the type of thing that is so funny about this thread... blame the computer, blame the software, blame the world, blame the man, blame the companies owned by the man, never to say to yourself "what an idiot I am".

Sure, its not your fault your having trouble pointing and clicking... it's the giant statues fault. You know, the talking and glowing statue everyone worships, right? Ahhhh yeah, Incompetence is bliss :)
November 15th, 2004, 04:21 AM
moxnix

Ah ha, but TheSpecialist, I am not blaming anyone....I am just saying I don't like certain intrusive programs and won't run them if I can not modify them to suit my tastes. I will not use a lot of different programs that you might because I feel they are too intrusive and I can't mod them down to where I feel comfortable with them.

Thats my preference......their preference is to bring out a program that I can't mod the way I want so that I won't run it.
November 15th, 2004, 10:48 PM
rcgreen

I'm not worried so much about software that exists today, although
some is evil, but the direction we could be going. A "secure"
OS, in some people's definition, is one that cannot be modified by
anyone.
:cool: