[LUAU] Its time to simply ban Windoze machines from the Internet

Thu Oct 19 16:53:28 PDT 2006

On Oct 19, 2006, at 1:05 PM, Tim Newsham wrote:

>> Safely running Windows on the Internet is possible, but its a lot  
>> like being locked in a souring, mildewed terror-bunker watching  
>> black water pour in over the sill as a society poisoned by  
>> Lysenkoist (*) denial drowns in its own spew.
>
> I'm not sure what purpose this comment serves.  It doesn't convey any
> information other than "Jim Thompson really really thinks running  
> windows
> securely isn't very easy."  It doesn't say why or provide any facts to
> back up your point of view.  It doesn't even say that the situation
> is any better on other platforms (although I'm betting you believe it
> is).

The first phase of the comment say, explicitly, that safely running  
Windows is possible.

It doesn't say anything about the ease of doing so.   It does say  
that the experience would make good material for a good horror  
flick.  Picture a lone guard, constantly scanning the surroundings  
for new attacks by unknown foes, while the blood continues to rise in  
his bunker.

> The truth is -- the security on windows platforms today is roughly  
> comparable to the security of linux and OS X platforms today.

An assertion offered with no facts.   Weren't you just chewing me up  
over same?  Isn't your statement parallel to the Lysenkoist metaphor  
I offered.  Lysenko campaigned against real science (genetics),  
offering nothing but propaganda.

> There exist attacks against all the popular platforms.  They are  
> found on a regular basis.  Attackers can and do exploit them, but  
> there are more automated attacks found against Windows platforms  
> due to their popularity. Any interested observer can find a long  
> list of new and recent vulnerabilities for all platforms in  
> security mailing lists and databases run by security vendors,  
> operating system vendors, security organizations and government  
> agencies.

Sorry, there are secure platforms.  (Not linux, bsd, osx or windows,  
to be sure.  The whitehouse.org webserver ran on a lisp machine prior  
to Bush, and the security of that environment is miles ahead of what  
followed.)

No "long list" there.

A working secure environment would be a system like the E language  
[http://www.erights.org/elang/index.html] running on top of a Lisp  
Machine.

BTW, to date the best resource for capability based systems is the  
PhD thesis
"Robust Composition" by MarkS [http://www.erights.org/talks/thesis/ 
index.html].

Unfortunately the first implementation of E runs on top of Java, but  
that's just the sad state of affairs we currently have to deal with.

I could rant about this for hours. Let's just say, it's not in the  
interest of anyone in the "services" or even the "services industry"  
to have a really secure computing platform.