Bolt On Security

For discussions about security.
Post Reply
Message
Author
Bruce B

Bolt On Security

#1 Post by Bruce B »

I'm not an operating system designer or engineer. Not even close.

What I'm about to write is opinion based with no pretense of expert
knowledge. (if I think I'm right it would be nice if I actually am)

~~~

My first argument is: Security is Perception.

The primary responsibility for security is the vendor's public relations,
advertising and marketing departments.

Sell an intangible. Sell the 'idea' of security.

If, after selling the idea, insecurity manifests itself with some specificity
into publicly available knowledge, then, maintain the perception of security
by turning the specific problem over to software engineers and fix it,
usually by patches.

Resell and keeping selling the idea.

Of course it's more complex. If the problem of perception gets bad in
certain ways, such as it seems everyone has a compromised machine,
the marketing mechanism may have to play the blame game, which
involves the users.

Make the user buy our newest operating system. This idea of not using
older software is justified by selling the intangible idea that the newest is
the most secure, maybe the only secure software.

The idea may be false, but if believed it doesn't matter.

Make more money, then make more money. Power, money and control.
Get it in your head - make more money and while you are at it, the end
justifies the means.

My ends justify the means. More money, power and control.

OK. I think I'm a cynic and a fairly sincere cynic at that.

I could go on and on. But I'll shift to Linux in this presentation at this
juncture.

Linux, Linux, Linux

Linux doesn't sell or market. I don't think it does. Maybe it does.

Maybe I'm wrong. Anyone know who is in charge of marketing and sales?

Maybe it sells and markets itself.

Bolt on security

If Microsoft could simply bolt on security, why haven't they written the
nuts and bolts to do it?

What I'm thinking is that it's probably very difficult to approach security
from a bolt on perspective and have it work.

What I'm wanting to say is, "I think security needs to be in the foundation,
or if it doesn't need to be, it is nevertheless the best place to put it."

Unix

It obviously wasn't built on Dirty DOS.

Unix was designed as a multi-tasking and multi-user operating system.

It was an imperative design fundamental that the Operating System be
protected from the Users and that the Users be protected from each other
at the foundational level of design.

I think it a bit ironic that I don't think I require for my purposes the level
of security that Linux provides me at its foundation.

I want to run as root and I hate passwords.

~

PaulBx1
Posts: 2312
Joined: Sat 17 Jun 2006, 03:11
Location: Wyoming, USA

#2 Post by PaulBx1 »

If you want security at the foundation, then OpenBSD is for you. But then, Linus will think you are a masturbating monkey... :lol:

postfs1

#3 Post by postfs1 »

To reedit up to date.
Last edited by postfs1 on Sun 27 Mar 2016, 22:46, edited 1 time in total.

disciple
Posts: 6984
Joined: Sun 21 May 2006, 01:46
Location: Auckland, New Zealand

#4 Post by disciple »

BarryK wrote:The must-[not]-run-as-root mind-set... is more a religious statement than anything else.
Do you know a good gtkdialog program? Please post a link here

Classic Puppy quotes

ROOT FOREVER
GTK2 FOREVER

Post Reply