PC security objectives (was Re: even the UT understands MS security mis-behavior)

Thu, 02 Aug 2007 12:25:01 -0700 

Stewart Stremler wrote:
> begin  quoting John Oliver as of Thu, Aug 02, 2007 at 11:13:34AM -0700:
>> On Thu, Aug 02, 2007 at 10:16:22AM -0700, Lan Barnes wrote:
> [snip]
>>> I will share that I have become so cynical that every time I see a "be
>>> afraid -- be very afraid" news story, from bird flu to these cyber crime
>>> panics, I suspect it's a plant to establish grounds for yet another
>>> government power grab.
>> Isn't that the truth?  What's next, the Homeland Department of Computer
>> Security?  We all must register our computers, "for our own protection"?
>> there needs to be government regulation of computers to address the
>> threat to our nation from insecure computers?
> 
> We *do* have a problem with insecure computers.
>  
> Alas, switching everyone over to Linux won't help. SELinux would help,
> maybe, but training everyone would be prohibitive -- and if we don't
> get developers playing fair, we're doomed in the long run anyway.
> 
> As I see it, we're being herded into a TCB future where we aren't the
> owners of the machines, and certainly aren't the policy-makers for
> those ("our") machines.
> 
> Keep those old machines working!
> 
>> 1984 is becoming more real every day.
> 
> The Computer Is Your Friend, Citizen!
> 

In the PC realm (individuals, household-based, consumer items, etc):

Has anyone stepped back and ask *what we want and/or need*?

Here are a few initial thoughts to sugggest what I mean:

 Do we want/need PCs to be safe from malware?
 Do we want/need PCs to be good netizens?
 Do we want/need PC owners to be "responsible"?


It strikes me that the following relate to /how/, and might be better
deferred until after deciding on /what/.

 How to prevent installation/spread of malware?
 How to enforce and verify?
 How to fairly distribute costs?

OK, I suppose you have to ask whether something is possible (or evaluate
the cost) when deciding among alternative objectives. But maybe you
shouldn't focus on how before deciding what. I don't mean to discourage
research -- research is probably necessary, especially on the
/impossible/ things. ;-)


Regards,
..jim


-- 
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list

Reply via email to