On Fri, May 9, 2008 at 3:42 PM, Gary McGraw <[EMAIL PROTECTED]> wrote:
> Hi andy (and everybody),
> Indeed.  I vote for personal computer liberty over guaranteed iron clad 
> security any day.  For amusing and shocking rants on this subject google up 
> some classic Ross Anderson.  Or heck, I'll do it for you:
> http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html

I've heard this point for years, and yet when we actually look at ways
of solving the consistent problems of software security, we always
come back to tamper-proof/restricted-rights as a pretty reasonable
starting point.

I don't know whether this mailing list is really the place for me to
advocate about this, but every time we get into a situation where we
talk  about high reliability (electronic voting for example) people
are all up in arms that we haven't followed pretty strict practices to
make sure  the machines don't get hacked, aren't hackable by even
experts, etc. hardened hardware, trusted computing bases, etc.

But, if you want to try and apply the same engineering principles to
protecting an individual's assets such as their home computer, bank
account credentials, etc. then you're trampling on their freedom.

I don't really see how we can viably have both.  Sure we're looking at
all sorts of things like sandboxing and whatnot, but given
multi-purpose computing and the conflicting goals of absolute freedom
and defense against highly motivated attackers, we're going to have to
make some choices aren't we?

I don't disagree that all of these technologies can be misused.  Most
can.  We've all read the Risks columns for years about ways to screw
things up.

At the same time individual computers don't exist in isolation.  They
are generally part of an ecosystem (the internet) and as such your
polluting car causes my acid rain and lung cancer.  Strict liability
isn't the right solution to this sort of public policy problem,
regulation is.  That regulation and control can take many forms, some
good, some bad.

I don't see the problem getting fixed though without some substantial
reworking of the ecosystem.  Some degree of freedom may well be a

Please don't think I'm actually supporting the general decrease in
liberty overall.  At the same time I'm pretty sure that traffic laws
are a good idea, speed limits are a good idea, even though they
restrict individual freedoms.    In the computing space I'm ok
allowing people to opt-out but only if in doing to they don't pose a
manifest danger to others.  Balancing the freedom vs. the restriction
isn't easy of course, and I'm not suggesting it is.  I'm merely
suggesting that all of the research we've ever done in the area
doesn't point to our current model (relying on users to make choices
about what software to use) promising.

How to make this happen without it turning into a debacle is of course
the tricky part.

Andy Steingruebl
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.

Reply via email to