From owner-freebsd-advocacy@FreeBSD.ORG Tue Oct 28 13:58:23 2003 Return-Path: Delivered-To: freebsd-advocacy@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 14A6316A4CF for ; Tue, 28 Oct 2003 13:58:23 -0800 (PST) Received: from zeus.acuson.com (ac17860.acuson.com [157.226.71.80]) by mx1.FreeBSD.org (Postfix) with ESMTP id C2B3643FD7 for ; Tue, 28 Oct 2003 13:58:21 -0800 (PST) (envelope-from DavidJohnson@Siemens.com) Received: from mvaexch02 ([157.226.230.209]:2495 helo=mvaexch02.acuson.com) by zeus.acuson.com with esmtp (Exim 4.14) id 1AEbqy-0000dz-4G; Tue, 28 Oct 2003 13:58:16 -0800 Received: by mvaexch02.acuson.com with Internet Mail Service (5.5.2657.72) id ; Tue, 28 Oct 2003 13:54:23 -0800 Received: from dhcp-46-145.acuson.com ([157.226.46.145]) by mvaexch01.acuson.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2657.72) id VDNM6X6L; Tue, 28 Oct 2003 13:53:25 -0800 From: Johnson David To: Timo Sirainen Organization: Siemens Medical Systems Date: Tue, 28 Oct 2003 13:56:37 -0800 User-Agent: KMail/1.5.4 References: <200310281533.26611.dgw@liwest.at> <200310281129.10669.DavidJohnson@Siemens.com> <1067374359.15026.126.camel@hurina> In-Reply-To: <1067374359.15026.126.camel@hurina> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200310281356.37268.DavidJohnson@Siemens.com> X-Scanner: exiscan for exim4 (http://duncanthrax.net/exiscan/) *1AEbqy-0000dz-4G*UIXVxeMYzNg* cc: advocacy@freebsd.org Subject: Re: Friendly and Secure Desktop Operating System X-BeenThere: freebsd-advocacy@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Evangelism List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Oct 2003 21:58:23 -0000 On Tuesday 28 October 2003 12:52 pm, Timo Sirainen wrote: > Well .. I don't actually believe DoS to be much of a security problem > in desktop systems. This does happen to be a FreeBSD list. I'm using it on my workstation and home desktop. I've installed it as a server in a lab. My coworker runs his website off of it. I know other people who run their websites off the the same system they use for a desktop. The problem with modern operating systems is that they are general purpose, and can be used in a variety of situations. > Of course it's better to try to prevent them, but I don't think it's > really possible without getting on the way of user. All security gets in the way of the user. A friend of mine tried Linux then went back to Windows because he found the concept of having to log in very inconvenient. The trick is to balance the inconvenience of the user with the security of the system. That means you can't have a perfectly secure system which will usable. You have to make some tradeoffs. It's hard deciding what to give up. > Operating system MUST prevent malicious software from: > > - Modifying or erasing sensitive data > - Transferring sensitive data out of your system > - Affecting other software in any way How do you know it's "malicious" software? Crack that problem and the Nobel Prize for Computing is yours! Is the software writing to the first sector of a drive malicious, or merely a utility being run by the administrator to prepare a partition for dual boot? > > Here's another: "Word Processors... No privileges needed." Those > > who ignore the lessons of history are doomed to repeat them. > > Oh? What privileges does it need then? My idea of a word processor is > that it should be able to read and write document files with it, > nothing else. I already described the open/save file service for > that. I was thinking of two things. First, a whole slew of MSWord exploits. Second, an observation made by JZW (I think) that says all software expands until it eventually becomes a mail client. Implicitly trusting a class of applications just because they are word processors is dangerous. The problem is that your idea of a word processor might not be universal. Have to run now. But go grab the book "Secure Coding", published by OReilly. It's a new one. Well worth it. David