On Fri, 19 Sep 2003 11:49, you wrote:
> On Fri, Sep 19, 2003 at 11:27:33AM +1200, Christopher Sawtell wrote:
> > You don't, you pass laws which forbid the sale of insecure boxes to
> > consumers, AND pass the liability of costs back to the manufacturer of
> > Grannies insecure o/s.
>
> Who determines that the operating system and all of the installed
> software is secure?
> How do they determine this?
Of course we all know that it's impossible to prove a negative, but even an
attempt to improve the effectiveness of the quality control would be appreciated
by us all. How? In exactly the same way as the virus and worm writers discover
the holes. It would be sensible to offer real prizes to the virus writers.
The cost would be miniscule compared to the cost of the clean up operations.
But if that were to happen the whole anti-virus industry would become redundant,
so it won't happen. Thre are too many billions involved.
Theo de Raadt and his helpers have made a (nearly)secure o/s. I say
'nearly' above because, as I understand it, it is impossible to make a totally
secure o/s on the x86 architecture, because there is no possibility at the
hardware level, of preventing buffer overflows, or bit patterns in the stack
area of memory being executed, or the text area of a program being written over.
That's my understanding of the x86 archetecture, I'd love to be corrected.
x86 was a wonderful little micro and did great things 20 years ago, but imho
it cannot safely support what it is being asked to do today and should be declared
'Deprecated'.
There is absolutly no reason why William Gates III and his helpers cannot
spend a mere bagatelle of their umpteen billions to at least attempt to
emulate the OpenBSD ideal.
> Who assumes liability for free operating systems like Linux, HURD and
> {Free,Net,Open}BSD?
That's the rub for us isn't it? Some sort of fidelity fund I suppose.
--
Sincerely etc.,
Christopher Sawtell
