Friendly and Secure Desktop Operating System

Johnson David DavidJohnson at
Tue Oct 28 13:58:23 PST 2003

On Tuesday 28 October 2003 12:52 pm, Timo Sirainen wrote:

> Well .. I don't actually believe DoS to be much of a security problem
> in desktop systems.

This does happen to be a FreeBSD list. I'm using it on my workstation 
and home desktop. I've installed it as a server in a lab. My coworker 
runs his website off of it. I know other people who run their websites 
off the the same system they use for a desktop.

The problem with modern operating systems is that they are general 
purpose, and can be used in a variety of situations.

> Of course it's better to try to prevent them, but I don't think it's
> really possible without getting on the way of user.

All security gets in the way of the user. A friend of mine tried Linux 
then went back to Windows because he found the concept of having to log 
in very inconvenient.

The trick is to balance the inconvenience of the user with the security 
of the system. That means you can't have a perfectly secure system 
which will usable. You have to make some tradeoffs. It's hard deciding 
what to give up.

> Operating system MUST prevent malicious software from:
>  - Modifying or erasing sensitive data
>  - Transferring sensitive data out of your system
>  - Affecting other software in any way

How do you know it's "malicious" software? Crack that problem and the 
Nobel Prize for Computing is yours! Is the software writing to the 
first sector of a drive malicious, or merely a utility being run by the 
administrator to prepare a partition for dual boot?

> > Here's another: "Word Processors... No privileges needed." Those
> > who ignore the lessons of history are doomed to repeat them.
> Oh? What privileges does it need then? My idea of a word processor is
> that it should be able to read and write document files with it,
> nothing else. I already described the open/save file service for
> that.

I was thinking of two things. First, a whole slew of MSWord exploits. 
Second, an observation made by JZW (I think) that says all software 
expands until it eventually becomes a mail client. Implicitly trusting 
a class of applications just because they are word processors is 
dangerous. The problem is that your idea of a word processor might not 
be universal.

Have to run now. But go grab the book "Secure Coding", published by 
OReilly. It's a new one. Well worth it.


More information about the freebsd-advocacy mailing list