20 Aug
2006
20 Aug
'06
7:04 a.m.
Josh Dersch wrote:
I was not intending to suggest that Singularity would avoid any
Sorry, I was responding to the Singularity *literature*
(though *through* you :>)
performance penalty -- I was originally responding to
a poster who
claimed that abstracting pointers away, etc. in the name of security was
not possible -- I posited Singularity as an example of an OS that has
done this very thing.
Yes, but the latter is effectively the case for PC users
nowadays. Even if they chose not to run as "Administrator"
24/7, they still are TOLD to run as Administrator when installing
software.
Because most machines nowadays are in the hands
of people who
aren't savvy enough to understand these issues. I.e. you can't
have physical security since there is nothing preventing a
user (*owner*) from circumventing this key step knowingly or
unknowingly.
E.g., any sort of removable media that can be passed control
of the processor outside (i.e., before) the scope of your VM
leaves the system vulnerable. Hence the reason many PC's
are configured without (or with *disabled*) floppy and/or CD-ROM
drives in business environments.
Getting a robust system into a consumer's hands is considerably
harder than one sitting in a machine room :>
Well, I agree that this is an
attack vector. But I believe it's picking
nits; the primary source of "infection" on your average user's PC are
either 1) exploiting the code in the OS (buffer overrun, etc.) or 2)
Lame security in the OSes involved (running as root/admin as default, etc.) It'd be quite a bit more difficult for
malware/viruses/trojans to
get onto a user's PC and propagate themselves if it required physical
means to do so (i.e. an e-mail that says "Hey! Please burn this software
to a CD, put the CD in your drive and reboot from it! It'll be cool!...
Yes, but not all "infections" are intentional. I.e. installing
buggy code is still buggy code. Even if the manufacturer
didn't intend it to be so.
trust me.") There's only so much you can do,
in the end -- users will
always find ways to screw up their computers. Doesn't mean it's not
worth researching new strategies for security elsewhere.
Of course! As I said in a previous post, this is something
near and dear to me as I have to build products that are
potentially compromised by these avenues. Each time you
raise the bar, "clever" (??) users find some other stupid
thing to do that compromises the measures you've taken to
maintain system integrity. I pity those folks who design
"PC-based" products! (it's just too easy for users to think
"Oh, this is a PC! I can ________ "