Monday, February 06, 2006

The problem with walls

This article on OSN makes a point about Windows vs. Unix security that is important for Java and sandbox security models in general: Walls are good but they only work so well, if your users have to let the wolf inside the wall to do their work they get eaten.

The big challenge in developing an operating system for home use is how to know what to protect. Traditional O/S distinguish between mere users and administrators. But in the home those two people are one and the same. It may make perfect sense to the computer geek but there is no way to explain to the ordinary person that some of the time they log in as one person and some of the time they log in as another.

Windows XP and later do a great job of introducing ordinary people to the concept of 'accounts' and in particular the idea that you don't run as root all the time. Then PC software undoes all that work, most of my 4 year old son's computer games insist as being installed as root, some insist on running as root.

Separating the O/S and core applications from unauthorized modification is good, but as the OSN article points out all the users crown jewels, the data they actually care about is outside the protection barrier. If Office gets corrupted by a virus they can re-install. But not that word file they spent a month working on or the pictures of Johnny aged 3 months.

Try to introduce controls inside the barrier and we have a major problem, we are outside the scope of traditional security systems and Unix does not help any more than anything else.

No comments: