« Question on energy | Main | Ding »

June 24, 2007


Mike Warot

It's my long held belief that all of operating systems as we now know them are fundamentally insecure. They all rely on the need to trust a given piece of software to be free from flaws.

There are alternative security models which greatly reduce the amount of code to be trusted (down to one module in the kernel of the OS). NOTHING else in the OS needs to be trusted.

This model of security has been called "Capabilities" based. When a program is run, it's only given the minimum required access to do the job, and nothing more.

For example, if you fire up a Word processor on Windows, Mac, Linux, DOS, etc... it can open ANY file you have access to, and do anything to it. You have to trust that it only does what you want. The problem is that you can't trust it. 99.9999999% of the time it works in the fashion you expect... but it's that one in a billion flaw that the virus/worm/spam/enemy can use to subvert the whole system.

It's going to take a long time to overcome the inertia of all of the installed systems, and the programmers who write them. Perhaps 20 years from now we'll finally be able to start to shut down the virus scanners, and firewalls.

Until that time, all of our computers will be available to any party with the resources to find and exploit any of the flaws in the code we all run.

It's a matter of National Security to fix this, but people are wrongly convinced our Virus Scanners/Spam Filters/Firewalls have solved the problem.

I really enjoy your blog, and value the insight you share. It's good to know you're on our side.


Michael Tanji

The focus of all the wrist-flinging hand-wavers seems to be on technology with little concern or interest in motivation. It’s not scary-powerful and is broadly executed for more base motivations so naturally it’s weak. BB guns are weak but people still lose eyes to them. Outsider vs. insider? That misses the point entirely: If you can’t use the system who cares? You can count on very few digits really similar events and all are ethnically/religiously/politically motivated (smells like war to me).


Mike W says focus on the tech, the OS. Michael T says focus on the people. I think the later is right. Even though the battle is over computer networks, the key are the people networks. Are ours better than theirs?

Who learns faster? adapts quicker? is more innovative?

This time the small band of Estonians were actually pretty good against the larger Russian resources.

Mike Warot

Valdis has a good point. The tech isn't going to be secure anytime soon. All of our current approaches fundamentally boil down to "patch and pray".

A long term strategy would include getting the tech locked down so it can be trusted not to spy on us. It's all a question of time and motivation.

The survival of civilization seems to be sufficient motivation for me.

Without secure computing, all networked computers are just ammunition waiting for the cleverest tribe of hackers.

Good discussion! Thanks everyone.


The comments to this entry are closed.