Hello, On Thu, 17 Sep 2009, Girish Venkatachalam wrote: > Cryptography requires randomness in everything. Crypto alone cannot > solve security problems.
I will take a different fork here from what Girish said and add that programs alone cannot ensure security for a computer system. A good system _encourages_ good security practices. Some examples of such practices that are the _default_ on most *nix like systems. 1. Ensuring that people do not use the administrator account for day-to-day work. 2. Providing means to check that software is downloaded from reliable sources. 3. Providing enough software from reliable sources at low cost so that people are not encouraged to depend on unreliable sources. 4. Clearly demarcating system areas from user areas so that users can ensure the integrity of these areas _independently_. 5. Using privilege separation to limit access to files, executables and devices. 6. Providing a path by which users can learn more about their system in order to improve their security through better understanding. 7. Educating the user through (a) clear notifications when they attempt something potentially risky and (b) explicit documentation of the vulnerable aspects of their system. I am sure I have missed some, but you probably get the idea. The point is that most of these practices are _less_ convenient on Windows than they are on a generic *nix. Security is always fighting with convenience so reducing the inconvenience of secure operations is always important. Effectively, Windows systems encourage their users to use them in a manner which is not secure![*] Regards, Kapil. [*] One of my biggests fear is that modern "easy-to-use" Desktop versions of GNU/Linux will copy this unfortunate "ease-of-use-wins-over-security" attitude of Windows. -- _______________________________________________ To unsubscribe, email [email protected] with "unsubscribe <password> <address>" in the subject or body of the message. http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
