AusCERT 2007: IT Industry Has Failed in Desktop Security
Munir Kotadia writes on ZDNet Australia:
The AusCERT 2007 conference kicked off this morning with a keynote speaker who blasted desktop computer security -- including that of Windows, Linux and Apple Mac -- because it is based on a 35-year-old premise where software can run with the same privilege as the user.More here.
Ivan Krstić, director of security architecture for the One Laptop per Child project, told delegates that the IT industry has failed when it comes to desktop security.
"The number one broken assumption of desktop security ... is this very simple premise that all executing software should execute with the full permission that its user possesses.
"There are a bunch of programs that ship with all major operating systems -- including Linux, Mac OS and Windows -- that can format your hard drive, spy on your computer, spy on you with your microphone and camera and turn over control of your computer to third parties," said Krstić.
One example of such a program, said Krstić, is Minesweeper -- a game that has shipped with virtually all versions of Microsoft Windows.
"This is no exaggeration. There is nothing in place to say that Minesweeper cannot do these things. That tells me something is pretty badly broken," he said.
0 Comments:
Post a Comment
<< Home