Linked by Eugenia Loli on Wed 8th Dec 2004 20:48 UTC, submitted by Nicholas
Editorial I just spent the last several days reading the lengthy essay "Ying and Yang of Security" which explores the origins of security on the personal computer and explains why the current models are outdated. It seems to argue that security systems designed to keep the system safe are relics of the days of mainframes when the system was more important than the user, but for a personal computer the user is more important than the system.
Permalink for comment
To read all comments associated with this story, please click here.
mac ad
by sociopatanonymous on Wed 8th Dec 2004 23:23 UTC

All of the various chat clients uses their own standard set of ports to communicate to their various servers, and if they find them to blocked both inbound and outbound will usually try to drop back to port 80 and go out over http. This isn't ideal, but it often isn't blocked.

How can something reach the im server via port tcp 80 when both inbound and outbound is blocked.I supose you forgot to mention that there are default blocking policies and additional rules that open only the ports one needs,being port 80 in this case.

Good that you mentioned listening services,if you would use nmap for nt and would scan your network address or your local loopback you will discover there is quite a lot listening of which services some can't being stopped to listen even if you wanted it on a default install.On lets say Linux,xBSD,Solaris to name a few (and all i forgot to mention) it's pretty simple to get a all closed or even all ports closed + try nmap -P0 <host> cause the host doesn't listen to icmp message.One could assume that if one would like to setup a webserver he/she knows something has to be done in order the server can be reached.As we like you said are talking about end-user systems it's not good for business to be disproportional.It's however in my opinion not only a paradigm but a myth that user-convenience is disproportional to the learning curve of a particular OS.

but find they can't do so because incoming connections over that port are blocked by the firewall.

Simple task for the developer to provide the user both a wizzard or manual configuration option.There is a line you could draw when considering how user convenient an desktop OS has to be.The society as a whole is becoming complexer so are the machines options and equipment we work with.At shool most childeren get in touch with computers at a young age.It
doesn't take very long till you are just as illiterate when you know absolutely nothing about PC's as when you can't read and write.If you can chat with some im client and add contacts to your list you could configure with an good implemented firewall.

To give an example, an eight-character password is much more secure than a four-character password, yet much harder to remember. If your computer required you to enter two separate passwords before you did anything, it would again be much more secure, but again more of a hassle.

Why not a USB stick as some sort of encrypted key?Nobody complains that it's a burden to wear the key of your house,or car in order to enter or start the engine.If you loose your password you can't get in, if you loose your car keys and don't have the spare one at hand you can't drive.

If your computer required you to enter two passwords, plugin a dongle, then required your thumbprint, then a retina scan while a second person turned a key in exact time with your own from ten feet away,

You can make a joke of it all in any way you like.But what about the buffer overflows with which you don't have to have a password at all because it takes advantage of an opportunity to feed instructions when there should be read data.You stated listening services but didn't mention with what credentials they are running,as setuid root,user etc.

This is somewhat at odds with the idea of 'sane defaults', because unfortunately, just like in real life, sanity has a habit of being relative.[i]

It's pretty sane default to not go on the internet logged in as admin.

[i]In a system like Mac OS X, and some of the newer Linux distros, the default user is called an 'administrator'. Some of the capabilities get blurred between what a 'historical' administrator might be able to do, but suffice to say they're able to act globally through the command line interface via the use of a sudo command after they've given their password.[i]

I don't know the mac unfortunately but on Linux you don't use sudo in order to get root.That's only an option ( nessecity) for the users in the wheel group.

[i]However, there isn't really a 'sudo' functionality built in via the GUI, where if the user does want to mess with things globally they can by entering their password.

Wrong,press the windows key + F2 and type in: runas /user:admin "cmd /k "C:Documents and SettingsUserDesktopBatch.bat,it will start a batch file that's on the users desktop with admin right in fact quite similar to sudo or dosu.