Terminally Incoherent

Utterly random, incoherent and disjointed rants and ramblings...

Sunday, September 11, 2005

Dumb Security Ideas

I just found this article on slashdot. I think the author makes some very good points.

However, I do feel that allot of what he is saying could be easily used to push the TCPA agenda. Especially his points about Default Permit and Enumerating Badness could be twisted to support TCPA. Don't get me wrong, I think he makes very good points here. I really think Default Deny policies and white listing are conceptually better ideas than what we have now.

But the author fails to account for different levels of security. What works for corporate environment does not necessarily work for Joe Public's home desktop. What works in an accounting firm does not necessarily will work well in a C++ based dev shop.

While default deny will work wonders for the secretaries and accountants of the world, it may be bothersome for developers who need to constantly test their code. If you implement this policy in a dev shop, you will either have to create special sandboxes where people can run their code, or give the developers power to execute whatever they want. Either way, you must wave the default deny policy for them - which means implementing it was pointless in the first place.

Similarly, the only person who should be allowed to judge what is and is not allowed to run on my computer is me. Not Microsoft, not Intel, not the Flying Spaghetti Monster! I am the supreme authority when it comes to my PC. And if I want to install a worm that will wipe my drive, I should be allowed to do so!

The Default Deny, and Enumerating Goodness policies are great guidelines when designing software in general - but only when you keep in mind the different layers of security.

While an accounting firm has a smart Sysadmin who can establish the "trust" rules in accordance with company policies, a home user should have full authority over their system. No one should be able to dictate these "trust" rules to the average desktop user.

This is where Unix security model gets it right. A dumb user should be allowed to hurt himself badly, but a mistake of a single user can never be allowed to hurt the system itself (not mentioning the whole network). Routing around user stupidity is only acceptable up to a point.

To use analogy, system security is akin to national security. You need to make system as secure as possible within certain bounds. When you start trading personal freedom and liberty for increased security you are in trouble. The Patriot Act is wrong for the same reason TCPA is wrong. Go ahead - think about it. You know this is true.

0 Comments:

Post a Comment

<< Home