[extropy-chat] Software exposure: was Re: Eugen Leitl, you got Klez

Eugen Leitl eugen at leitl.org
Tue Feb 10 10:25:45 UTC 2004 

On Tue, Feb 10, 2004 at 09:25:59AM +0000, BillK wrote:

> It is historical really.
> In the good old days people were amazed to get anything at all working

Dunno, WordStar on CP/M worked just fine. So did Linux on those i486/33 MHz/8 MBytes
bolides. Or Athlon/2 GHz/1 GByte.

> on these new-fangled personal computers. Pcs were low-powered 286, 386
> or 486 machines with little spare capacity. The machines were working

Never had the problem, I must admit. Anything above i286 had enough
horsepower for anything a normal user could do at the time. 

> flat-out just to do ordinary tasks. Security never even entered their

Really? Funny, the only times I noticed it was trying to run physical
simulations on 7.1 MHz 68000, or LaTeXing 100-page documents. That was
pushing the envelope, a bit.

> heads. When virus-scanners first appeared everyone complained that they

A system which needs to use a virus scanner just to be put on the internet is
quite a laughingstock, don't you think?

> slowed their pcs down too much.
> MS didn't discover the Internet until quite late on and by then their
> windows systems had already been designed with ease-of-use in mind.

Security is strictly orthogonal to ease-of-use. Of course if you use a
homegrown (not designed, that's something different) system with security
never entering your mind (what, teh Intarweb? NIH!) you'll get what you
bargained for. Of course, throwing out the codebase every few years, and
starting from scratch doesn't help a bit.
 
> By the time MS added security as an objective to their software, it was
> too late.

You seem to be buying the PR very nicely. You can't just "add" security as an
afterthought, to a system which hasn't been designed with security in mind.
Use Google, read Bugtraq. It takes about 15-20 years for the codebase to
mature, using a normal development approach. 

I'm not seeing MS providing any palpably increased security yet. It's been
over a year, meanwhile we're seeing capabilities and nonexec stacks and
buffers being made nonexecutable appearing in mainstream alternatives.

-- Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.extropy.org/pipermail/extropy-chat/attachments/20040210/c37fe594/attachment.bin>

More information about the extropy-chat mailing list