[IP] more on 80 per cent of home PCs infected - survey
Begin forwarded message:
From: Bob Frankston <rmfxixB0406@xxxxxxxxxxxxxxxxxx>
Date: October 30, 2004 5:07:16 PM EDT
To: 'Brett Glass' <brett@xxxxxxxxxx>, "'David P. Reed'"
<dpreed@xxxxxxxx>
Cc: 'Bob Frankston' <Bob2-0406@xxxxxxxxxxxxxxxxxx>, dave@xxxxxxxxxx,
'Ip' <ip@xxxxxxxxxxxxxx>, 'Brett Glass' <extreme@xxxxxxxxxxxxxx>
Subject: RE: [IP] more on 80 per cent of home PCs infected - survey
Before responding I must emphasize that it is impossible to have a
secure
machine because there is no unambiguous definition. At best we can talk
about metrics and tradeoffs.
Just tell your users to su to root and rm / -R (or whatever the
appropriate
command is. Betcha they'd do it. Betcha I can send email that they'll
think
is from you and do it. Even better if I place an urgent phone call
telling
them there is a lethal virus and for the sake of their children they
better
do something about it now or else ...
But I'm confused -- what is Unix's security model and how many decades.
They
are all derived from the Multics ACL model but with some roadbumps
along the
way. Unix initially had a weak systems with just groups and defaulting
to R
access.
X isn't part of Windows but then the GUI is not part of XP - embedded XP
doesn't depend on the GUI. Even better -- if you just run an embedded
system
without users then you don't have to worry about them doing dumb things
like
running insecure applications just because they are useful.
All of the systems are hierarchical with drivers having far too much
authority.
Security is only meaningful if one can still make effective use of the
system.
PS: I left this in plane text because too many people assume typography
is a
virus.
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/