- CNET NETWORKS UK BUSINESS SITES:
- atlarge.com
- BNET UK
- silicon.com
- SmartPlanet.com
- ZDNet.co.uk
Legacy of bad design...
Published: 21 May 2007 08:49 BST
The director of security architecture for the One Laptop per Child project has blasted the IT industry over a legacy of failed desktop security.
Making a keynote speech at Australia's AusCERT 2007 security conference, Ivan Krstić said the fundamental problem is desktop PCs are based on a 35-year-old premise where software can run with the same privilege as the user. "The number one broken assumption of desktop security... is this very simple premise that all executing software should execute with the full permission that its user possesses," he said.
Read all about IT…
Check out the Editor's Blog for the silicon.com chief's take on the hot tech issues of the moment.
His criticism was not limited to Microsoft's Windows OS. "There are a bunch of programs that ship with all major operating systems - including Linux, Mac OS and Windows - that can format your hard drive, spy on your computer, spy on you with your microphone and camera and turn over control of your computer to third parties," he said.
According to Krstić, one example of such a program is Minesweeper - a game that has shipped with virtually all versions of Microsoft Windows. "This is no exaggeration. There is nothing in place to say that Minesweeper cannot do these things. That tells me something is pretty badly broken," he said.
Krstić said programs such as Minesweeper have the ability to affect other programs because of a premise that dates back to 1971, when the first version of Unix was released by Dennis Ritchie and Ken Thompson, and loading code onto a computer was no trivial matter.
He explained: "[In 1971] the only way that code could get from one place to another was with punch-cards or tapes. You carried it physically, put it on the machine and then ran it. If you did that then you should take responsibility for whatever that program does to your computer.
"Thirty-five years later we are using the same fundamental premise of security."
Krstić added that modern computers "run untrusted code every time they visit a website".
Munir Kotadia writes for ZDNet Australia
Campaign Management - Lead & Opportunity Management - Account / Subscription Management - Customer Interaction Management - Order Management - ...
Programme Manager / Project Manager (IT Manager) - London, South East CollabNet, the main corporate sponsor behind OS Subversion and the providers of ...
Based in Belfast my client is a Global Investment Bank who is recruiting for a Desktop Support Engineer. You will be responsible for remote ...
CIO Agenda 2008
The exclusive silicon.com CIO Agenda 2008 survey looks at the CIO's tech shopping list for the year, examines whether IT budgets are rising or falling and reveals what the pain points are for tech chiefs this year. Find out more in our latest special report.
Staffing Service Coordinates Sales Activities, Utilizes Business Intelligence With...
Maximizing Revenues in Troubled Times: Proven Methods of Extracting Water From a...
Teachers Association Turns to Centralized Data Repository to Improve Member Service
Service Management Companies: Will You Grow With or Outgrow QuickBooks?
Stories from the web...
Copyright ©1995-2008 CNET Networks, Inc. All rights reserved. Top of page
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
RSS Feeds
silicon.com Dear silicon.com... XP lives, the femtocell 'truth', BlackBerry bashing… Reader Comments of the Week
Martin Brampton The Brampton Factor: Open source 'brotherhood' closed to co-operation Where's the real sharing?