[LUAU] Its time to simply ban Windoze machines from the Internet
Jim Thompson
jim at netgate.com
Thu Oct 19 16:53:28 PDT 2006
On Oct 19, 2006, at 1:05 PM, Tim Newsham wrote:
>> Safely running Windows on the Internet is possible, but its a lot
>> like being locked in a souring, mildewed terror-bunker watching
>> black water pour in over the sill as a society poisoned by
>> Lysenkoist (*) denial drowns in its own spew.
>
> I'm not sure what purpose this comment serves. It doesn't convey any
> information other than "Jim Thompson really really thinks running
> windows
> securely isn't very easy." It doesn't say why or provide any facts to
> back up your point of view. It doesn't even say that the situation
> is any better on other platforms (although I'm betting you believe it
> is).
The first phase of the comment say, explicitly, that safely running
Windows is possible.
It doesn't say anything about the ease of doing so. It does say
that the experience would make good material for a good horror
flick. Picture a lone guard, constantly scanning the surroundings
for new attacks by unknown foes, while the blood continues to rise in
his bunker.
> The truth is -- the security on windows platforms today is roughly
> comparable to the security of linux and OS X platforms today.
An assertion offered with no facts. Weren't you just chewing me up
over same? Isn't your statement parallel to the Lysenkoist metaphor
I offered. Lysenko campaigned against real science (genetics),
offering nothing but propaganda.
> There exist attacks against all the popular platforms. They are
> found on a regular basis. Attackers can and do exploit them, but
> there are more automated attacks found against Windows platforms
> due to their popularity. Any interested observer can find a long
> list of new and recent vulnerabilities for all platforms in
> security mailing lists and databases run by security vendors,
> operating system vendors, security organizations and government
> agencies.
Sorry, there are secure platforms. (Not linux, bsd, osx or windows,
to be sure. The whitehouse.org webserver ran on a lisp machine prior
to Bush, and the security of that environment is miles ahead of what
followed.)
No "long list" there.
A working secure environment would be a system like the E language
[http://www.erights.org/elang/index.html] running on top of a Lisp
Machine.
BTW, to date the best resource for capability based systems is the
PhD thesis
"Robust Composition" by MarkS [http://www.erights.org/talks/thesis/
index.html].
Unfortunately the first implementation of E runs on top of Java, but
that's just the sad state of affairs we currently have to deal with.
I could rant about this for hours. Let's just say, it's not in the
interest of anyone in the "services" or even the "services industry"
to have a really secure computing platform.
More information about the LUAU
mailing list