On Mon, 2006-25-12 at 18:07 +0000, Justin Husted wrote: > An attacker with physical access can be prevented if the filesystems are > encrypted. However, this requires that the runtime (eg. screen lock > etc.) be secure. The encryption denies access if the machine is powered > off, while the runtime security has to deny access well enough that > powering off + reboot/hard disk pull is the only option.
Justin, well said. I'll add that security is all about managing risk and mitigating vulnerabilities. Yes, someone with unrestricted physical access to a machine may well be able to defeat all measures in place. But the cost and time required to defeat those measures rises with the number and the quality of measures. To me, the screen locker is the equivalent of locking the doors to one's car or house: Yes, the locks can be defeated, but their presence "raises the bar" just enough to discourage the casual attacker, or even the motivated attacker who would rather work unseen (is that a slim jim in your pocket?). If I choose not to lock my screen when my machine is not in use, well, that's my choice... ...but if I choose to lock my machine, if my machine makes that choice available, then I expect it to work properly! In this case "properly" means that the machine is locked when it wakes up, 'cause it can't know whether or not it was me who woke it! And "locked when it wakes" means that risks due to race conditions are properly mitigated. > So, in summary, don't give up on security. Indeed! It's one of the reasons I switched from Windows.... pww -- Screensaver should lock screen BEFORE entering sleep. https://launchpad.net/bugs/31892 -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
