[Leaplist] Why Open Source won't work on "Vista computers"

[Chris]

Phil Barnett wrote:

>On Monday 25 December 2006 17:53, ray wrote:
>
>  
>
>>MS is doing a lot of things with Vista to "kill" competition including
>>any kind of FOSS and OSS hardware.  It is also trying to kill off small
>>business with its IE7 anti-phishing tool.  no small business can get a
>>certificate that IE7 will recognize, so my school will NEVER be trusted
>>by IE7 and Vista.  Same goes for all of us as people and owners of small
>>businesses.
>>
>>Way to support the little guy Mr. Gates.
>>    
>>
>
>Upon further thought, the entire reason that we are in the pickle we are in 
>now with viruses, phishing sites and email is that the software that ran 
>every computer up to now trusted every other computer as a basis for 
>universal communication. We bitched about it very loudly and now that the 
>behemoth is doing something about it, we bitch again. Oh, well.
>
>In truth, we should be applauding MS for breaking the ground on making what 
>I'll call 'Untrusting Computing' ubiquitous. It will take a long time to 
>migrate to it, but it's the right thing to do. Eventually, it will be the 
>norm. Either that or we will continue with internet anarchy. Nearly every 
>original security model was upside down up to today. This is a model that 
>flips it, ie: Nothing can run or connect unless we (the SA) allow it.
>
>I would have preferred that we start with email, but building an operating 
>system that refuses to be compromised because it can only run trusted 
>software is a good thing no matter where it comes from. We do something like 
>that today in Linux by making sure that our package management systems have a 
>key to unlock our downloaded packages so that we know they come from a 
>trusted source. A similar concept, but nearly as deep.
>
>It would not hurt my feelings to have a Linux distribution that could 
>eliminate the ability of untrusted software from executing at the kernel 
>level. I can envision a Linux box with a CD-ROM or other RO media that has a 
>list of what can execute and who or what can connect. That would be cool.
>
>  
>
Phil,

As much as I'd like to agree with you, because, well, I pretty
much always agree with you... I have misgivings.

Misgiving one: Counting on Microsoft to be the arbiter of
trusted computing on the Internet seems akin to giving Ted
Bundy a passkey to the girls' dorms. Their track record in
the security arena is, in a word, uninspiring.

Misgiving two: Their track record when they get their hands
on standards of any kind is even less inspiring - they always,
always, always jump in the public pool and start throwing the
other kids out. Think of one exception in their history.

Misgiving three: What's upside down about the current perception
of Internet security, IMHO, is that it's based on the catastrophic
results of flawed operating systems being allowed to play on
the Internet. It's as though we suddenly believed our entire
highway system to be unsafe because we allow rolling junk piles
driven by idiots to be on the road.

Somehow, even we, who should know better, subscribe to this.
It's my contention that a hypothetical Internet with no MS
machines allowed would be virtually free of the stream of sewage
currently flowing through it's "tubes". We have been conditioned
to the point of hypnosis to think in terms of Internet exploits,
computer viruses, PC trojans - and it's just not true. We really
need to break the trance and force ourselves to mentally
substitute the word "Microsoft" as an adjective anytime we
hear these expressions, because that is the reality.

Further, I've been writing code for a long time, at a variety of
levels, from low-level firmware to large network apps. You
always try to solve problems at the lowest level possible. In
other words, it's better to fix a buggy cd-rom driver than it is
to try to handle all the garbage a buggy cd-rom driver might
create in all the various media players.

Which leads us to:

Misgiving four: Folks, most of the junk we put up with on the
Internet comes not from software "trusting" other software -
it comes from crap software trusting other crap software.
This isn't going to change things much - letting your
theiving neighbors dictate the locks used on the entire
neighborhood isn't going to cut down on crime - honest.

This extra layer of security is useless if XP/Vista computers
still "trust" other XP/Vista computers, and Windows still
"trusts" MS applications - which they will, I promise. Your
high-priced gated community is no more secure than the
integrity of your next-door neigbors and their crack-smoking
kids - at best, at very best, all this does is move the level
of the hacks up one layer.

Whatever smokescreen is used to promote this effort, I can
bet that the thrust of the effort is 99% to hinder competition -
which is a reasonable thing for Microsoft to do. But it really
doesn't make me feel like handing them Internet Humanitarian
awards.

My idea of a secure Internet is one secured at the lowest
level, and as irritating as he may be at times, Theo de Raadt
has the right idea. Security starts at the bottom.

Cheers,

Chris