-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Stewart Stremler wrote: > No. Difficulty alone is insufficient. Security-by-obscurity is 'difficult'. > But it's not worth it.
You are speaking in absolute here. Always a dangerous thing. :) You have a password on your email account right? That is security by obscurity. It is still possible to get into your email account (brute force) but it is very difficult. And that is probably pretty much the only protection you have on your email. There are different kinds of security-by-obscurity. The traditional and most unwise kind is to scramble your movie in a proprietary non-peer reviewed algorithm and hide the key on the device that decrypts it and hope nobody finds out. That is the worst kind of security by obscurity and we have seen it fail. Using a password is the best kind of security by obscurity and we can make it so difficult to defeat that it is sufficient enough. But running as root is not security by obscurity. At the moment everyone knows Linux users in general don't run as root. So the attacker knows exactly what they are up against. They know they will have to find a local exploit if they want to spoof those DDoS packets at their enemies IRC server. That adds sufficient difficulty as to be worth it. > If they lose their data, it doesn't matter if the computer is still up > or not. And if the computer goes down they are likely to lose their data. > Really? And here I was under the impression that Linux distributions had > kicked that problem and made the installation easy! The initial installation is easy, sure. Reinstall while preserving user data may be easy for the end user if he knows how to reinstall only the system partitions and then manually remount his /home. I don't see Lindows users doing this. > >> Backing up >>their data is a major PITA which is why very few people do it. They > > True. That's a deficiency in the system. :) Actually, it doesn't have to be. We all have these huge HD's now but relatively little important data that really needs to be saved. We should just be copying all of our data to a another HD or a trusted friends HD. No need for the average user to get involved in complicated backup software and media rotation etc. But most people think they have to do this in order to have good backups and it ends up being so much trouble that they don't even bother. > The OS is the queen. The user's data is the king. If you lose the king, > all else is irrelevent. And if you lose the queen the king sits at home alone on a friday night with rosey and her five sisters. >> I think most people would rather avoid >>that situation altogether. > > Yes. But that's not the point. Of course it's the point! It's one of the big reasons why we don't run as root! > > >> The users data is very unpredictable. But the >>OS data is usually the same from one machine to another and is a target >>for modification with often disasterous consequences for the users data. > > > So? So the users data is harder to programmatically mine or modify whereas the OS is relatively easy which increases the chances of an attacker messing with the OS and crashing the system. > When your system is compromised, you can't trust _anything_. Full stop. > Trying to split hairs about what is "likely" is... wishful thinking. And how will you know your system is compromised? I think it is much easier to tell if you don't give them root on a silver platter. > How do you know? You don't. You can't. Unless you're monitoring all > the activities on the machine, it's all wishful thinking. Sure we know. You've never seen an exploited box? How often did they mess with stuff in a homedir compared to how often they rootkit the box and leave the homedir alone? > > >>>It's easy for us to get caught up in protecting the OS that we forget >>>that a single-user machine is there for a single user. If they lose >>>thier data, what use is the machine? >> >>See above. > > > The question stands. > > What use is the machine? Then the machine is obviously of no use. Past experience with these things shows that if you lose the OS you are likely to lose your data as well. > If they don't care about security, they might as well be running as > root! Now it is you who are dismissing the end user. > Dunno about BIOS, but a PROM password prevents _any_ changes, from > what I've seen. Do PC's (or any platform) have this capability? I have never heard of it before. Only PROM write protection I know of is blowing the fuse which turns it into a ROM. > Application-level bugs. Are we opening the door to those? (If IE and > Outlook were released for Linux, what are the chances of their being > setuid root?) If they were released for Linux I doubt they would be suid root. They may need administrator privs on Windows because of the poor design in one big application reaches into every nook and cranny of the system in an attempt to be "integrated" with the OS. > If you could arrange things so the OS would be trashed but the data > safe, you'd be peachy. Sure you would. But this is usually not possible. > Which is Michael's point, I think: either way, your data is in trouble. > > So why make things more annoying for yourself? I still think nobody is really after your data. They are after your box as a network/computing resource and they need access to the OS to do this. And while accessing the OS there is a very good chance they will screw something up which will cause you to lose your data. >>The attacker is normally not at all interested in your data unless it is >>for passwords or credit card numbers. What normally happens is the >>attacked accidentaly destabilized the OS and causes you to lose your >>data anyway. Lots of people have had to reinstall their windows boxes >>because various viruses/trojans etc. started causing them problems. > > If your system is compromised, it's compromised. Your data is in danger. > Appealing to the masses doesn't change that. I never said it wasn't. What I am saying is that giving the attacker access to your OS on a silver platter is a good way to lose your data as well. > NORMALLY, four-character-all-lower-case passwords work just fine. > > So why all the fuss about long passwords with mixed case and special > characters? Because a 4 character password is easier to shoulder surf and easier to crack if you can somehow get the ciphertext version? > That doesn't explain why I don't spread broken glass on my doorstep. > > Or put in thirty-seven deadbolts instead of one. Here is the safety vs usability tradeoff we always mention. Spreading broken glass or 37 deadbolts is very inconvenient. Just one deadbolt seems to be the sweet spot for most people. > And why don't I lock _all_ the doors inside the house? Make him break > into the bathroom and the bedroom. That would add 'security in depth'. > > I think the 'more difficult' excuse^Wexplaination is overly simplistic. So intead of "more difficult" you demand absolute security or it isn't worth bothering with? - -- Tracy R Reed http://[EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCZb2O9PIYKZYVAq0RApDWAJ9s2DnftDjp3POglqsBHfbDfh4cMgCfc2mc xvGxc8b0FVNISE7jryDZBXY= =2QJO -----END PGP SIGNATURE----- -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
