On Tuesday 21 October 2003 11:48 pm, James Sparenberg wrote: > No he didn't do this. What he said was that a piecemeal attempt at > security is not a solution, instead it's a path to death. True security > occurs will all parts are in concert. What good is a firewall if the > chat software allows a rootkit to come down along with a message? His > point is that piecemeal security and patches are a lot like locking a > screen door. Nice idea but eventually someone will figure out how to > cut the screen. Patching the screen may close the hole but it doesn't > increase security. He's right it has to be a ground up decision/effort.
Well, given my current profession, I would argue that no matter which way you go, there is no such thing as truly secure software. Whether that effort is built entirely by one supergenius who builds everything himself and knows every inch of code or whether there are a thousand developers developing a thousand components and each overlooking each other's work and offering suggestions, mistakes are a fact of human existence and will never be completely eliminated, not even by the NSA. My professional experience tells me that building software in smaller chunks, limiting functionality to only what is needed and trying to limit the security privileges of each chunk to only what they need to do their job is better than creating a single, extremely complex, integrated application that by definition, has to have complete rights to operate. My experience tells me that developing software designed by an industry committee, each with their own agendas and preferences and biases and faults is not any more conducive to building a better quality or secure product. YMMV. The author's obviously does. However, there are many examples of operating systems, some built by open source developers in the marketplace of ideas, using what works and checking each other's work for flaws and improvements, continually trying to improve their pieces, and those that were built from the ground up, all working in concert, controlled by a highly centralized structure, and none have proven to be perfectly secure. Arguing that one method is superior to another without providing some practical example as proof is the same as arguing religion or politics, it is an article of faith. In the article cited, the author is attempting to explain to some highly skilled and experienced and some clueless developers, that they methods they have chosen to use to develop software over the last 20 years or so are completely wrong, without citing any specific example of a usable and superior product developed by the methods that he advocates. In my opinion, before you tell everyone else that they are wrong, you should be prepared to show them why you are right. I saw nothing in the article to convince me that the open source methodology has been improved on by him to practical advantage. You may have gotten more out of the article. And, one of the better things about the open source movement is that if he really thinks that the TCI is the right way to go, he is free to build an OS through interaction with them and in the free market of ideas, if it is better, it will be embraced by the community. I wish him good luck in convincing hardware manufacturers to support altering standards to support a free operating system. As for the example of the screen door, no matter how thick the door, how layered in armor, or how many deadly traps are set for those that would try to get through, if someone wants in bad enough, they will eventually figure a way to do so. Personally, I would rather not depend on any single measure but build interlocking lines of defense and try to make it so difficult to get anywhere of value that eventually, the bad parties give up and go looking for easier targets. > > To further claim that Linux needs to go the route of the Trusted > > Computing initiative...well, yer right, that's not funny, that's scary. > > And inline with a harsh reality. And somehow we are led to believe that getting into a room with a bunch of corporate representatives from various companies will somehow result in a superior product than the free marketplace of ideas and technical quality? I don't know about your own experiences, but everytime I have been involved in a product development effort designed by a committee, I have not been overly impressed with the final results. Again, YMMV. > Linux is not secure. It can be made > secure. But in and of itself it isn't. Security comes not from what > the OS is. But on whether or not the tools exist to make that OS > secure. Take a look at NSA linux if you want to see some really neat > stuff about security. In my experience, nothing is secure. If you want absolute security, load software on the box, rip out all the disk drives, network connections, external interfaces and the keyboard and you are now secure. I used to have an old XT computer chassis, no disk drives, no keyboard and no working ports, that was a pretty secure box. -- Bryan Phinney Software Test Engineer
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
