• Total Members: 12781
  • Latest: vlaneo
  • Total Posts: 28055
  • Total Topics: 8056
  • Online Today: 899
  • Online Ever: 51419
  • (01. January 2010., 09:27:49)

Author Topic: Expert: IT industry has failed in desktop security  (Read 1300 times)

0 Members and 1 Guest are viewing this topic.


  • SCF Administrator
  • *****
  • Posts: 7152
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • - Samker's Computer Forum
Expert: IT industry has failed in desktop security
« on: 21. May 2007., 20:54:23 »
The IT industry has failed when it comes to desktop security for all major operating systems, a security specialist told delegates attending a conference in Australia.

Ivan Krstic, director of security architecture for the One Laptop per Child project, kicked off the AusCert 2007 conference Monday morning with a keynote speech that blasted desktop computer security--including that of Windows, Linux and Macintosh machines--because it is based on a 35-year-old premise where software can run with the same privilege as a user.

"The No. 1 broken assumption of desktop this very simple premise that all executing software should execute with the full permission that its user possesses," Krstic said.

"There are a bunch of programs that ship with all major operating systems--including Linux, Mac OS and Windows--that can format your hard drive, spy on your computer, spy on you with your microphone and camera, and turn over control of your computer to third parties," Krstic said.

One example of such a program, he said, is Minesweeper, a single-player game that has shipped with virtually all versions of Microsoft Windows.

"This is no exaggeration. There is nothing in place to say that Minesweeper cannot do these things. That tells me something is pretty badly broken," he said.

Now on
From bots to Woz, Maker Faire sizzles
Images: Blizzard counts down to 'Starcraft II'
MySpace to help AGs track sex offenders
Extra: Recreating the feel of water
Video: Dell's cool tech
 Krstic explained that programs such as Minesweeper have the ability to affect other programs because of a premise that dates back to 1971, when the first version of Unix was released by computer scientists Ken Thompson and Dennis Ritchie, and loading code onto a computer was no trivial matter.

In 1971 "the only way that code could get from one place to another was with punch-cards or tapes. You carried it physically, put it on the machine and then ran it. If you did that then you should take responsibility for whatever that program does to your computer.

"Thirty-five years later we are using the same fundamental premise of security," said Krstic, who reminded the delegates that modern computers "run untrusted code every time they visit a Web site."


Samker's Computer Forum -

Expert: IT industry has failed in desktop security
« on: 21. May 2007., 20:54:23 »


With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters)

Enter your email address to receive daily email with ' - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising