Friendly and Secure Desktop Operating System
Johnson David
DavidJohnson at Siemens.com
Tue Oct 28 13:58:23 PST 2003
On Tuesday 28 October 2003 12:52 pm, Timo Sirainen wrote:
> Well .. I don't actually believe DoS to be much of a security problem
> in desktop systems.
This does happen to be a FreeBSD list. I'm using it on my workstation
and home desktop. I've installed it as a server in a lab. My coworker
runs his website off of it. I know other people who run their websites
off the the same system they use for a desktop.
The problem with modern operating systems is that they are general
purpose, and can be used in a variety of situations.
> Of course it's better to try to prevent them, but I don't think it's
> really possible without getting on the way of user.
All security gets in the way of the user. A friend of mine tried Linux
then went back to Windows because he found the concept of having to log
in very inconvenient.
The trick is to balance the inconvenience of the user with the security
of the system. That means you can't have a perfectly secure system
which will usable. You have to make some tradeoffs. It's hard deciding
what to give up.
> Operating system MUST prevent malicious software from:
>
> - Modifying or erasing sensitive data
> - Transferring sensitive data out of your system
> - Affecting other software in any way
How do you know it's "malicious" software? Crack that problem and the
Nobel Prize for Computing is yours! Is the software writing to the
first sector of a drive malicious, or merely a utility being run by the
administrator to prepare a partition for dual boot?
> > Here's another: "Word Processors... No privileges needed." Those
> > who ignore the lessons of history are doomed to repeat them.
>
> Oh? What privileges does it need then? My idea of a word processor is
> that it should be able to read and write document files with it,
> nothing else. I already described the open/save file service for
> that.
I was thinking of two things. First, a whole slew of MSWord exploits.
Second, an observation made by JZW (I think) that says all software
expands until it eventually becomes a mail client. Implicitly trusting
a class of applications just because they are word processors is
dangerous. The problem is that your idea of a word processor might not
be universal.
Have to run now. But go grab the book "Secure Coding", published by
OReilly. It's a new one. Well worth it.
David
More information about the freebsd-advocacy
mailing list