
The Immutable Laws of Computer Security - waitwhat
http://technet.microsoft.com/en-us/library/cc722487.aspx
======
qixxiq
The Law #1 seems to have been proved wrong. I'm against closed systems but
what the iPad/iPhone have done in terms of security is fantastic.

It would be great if other systems worked as smoothly. I'm particularly
disturbed by Android's permission system (only tested on stock Nexus S). You
are shown a list of permissions but I don't see why I have to allow Twitter
access to my contact information and gps location.

I understand it improves the experience but personally I would rather have
those turned off and the twitter application should be able to deal with that
choice (rather than me having to deal with Twitter having access to my
location and full contact list)

~~~
javert
_The Law #1 seems to have been proved wrong._

I can't agree with you more. It seems to me that with interpretation (e.g. a
Java virtual machine, for example), exactly what a program can do can be
controlled precisely. Build a _trusted_ interpreter, which should be possible
(right?), and you're golden.

One question: How does the security in iOS differ from that in Android? I'm
only familiar with Android. I would imagine iOS must also have some kind of
selective permission system?

~~~
jerf
If you run a program on a virtual machine, then it is not "running on your
computer". It is "running on a virtual machine, running on your computer", and
the security implications are different. Law #1 still holds. Especially if you
are unwilling to simply take as given the perfection of the virtual machine...
which history says is not a wise thing to take as a given.

That's also which qixxiq is wrong in the GP post; it's only true if you assume
that Apple's security is perfect. As a practical matter as a user it's a
tolerable approximation, especially if you have no personal assets of value on
your phone, but if you're really concerned about security it is not something
you can assume.

~~~
comex
Anything in a modern operating system other than the kernel can be considered
to be running in a virtual machine; when people refer to running a program on
their computer, they're not usually talking about kernel modules.

Apple's security is not perfect, of course, but these are supposed to be
_immutable_ laws: we can't fix problems caused by them because they are
fundamental to how computers work. It is possible in theory to build a
completely secure kernel.

~~~
waitwhat
_Anything in a modern operating system other than the kernel can be considered
to be running in a virtual machine_

The level of isolation between processes running on the same machine doesn't
really come close to that afforded to processes running inside different VMs.

~~~
justincormack
Some resources are virtual, so yes it is a vm.

Processes are one level, then there are bsd jails, linux containers, lots of
vm types. All have different security issues, once processes seemed enough
isolation.

In the end the bugs matter most, and vm isolation has bugs too, they have just
been harder to find and exploit.

Security is not absolute, just a matter of degrees.

------
schwit
#9 says "Read the privacy statements on the websites you visit, and only do
business with ones whose practices you agree with."

This statement is incredibly naive. Websites can change their privacy
statements daily or they may not adhere to their own privacy statement.

------
16s
Number 5 is _so_ true. I've seen it first hand many times. If the password on
your TrueCrypt volume is "password" (or something similarly trivial) then
you've just given away everything. And you need to understand this.

Strong encryption with a weak password means nothing. You've undone all the
power of AES encryption when you select a weak password. So please use strong
passwords and understand why they are important.

------
jules
Most of these are a failure of technology of which virus scanners are the most
obvious symptom. Why is it that if I run a program on my computer it can do
basically anything I can do? It can delete my files and depending on your OS
all files. It can run a keylogger. It can add toolbars to my browser. It can
send emails from my email account. It can access the saved passwords in my
browser.

This doesn't have to be the case. OSes should have been designed so that it is
safe to run any program, unless you explicitly grant it permission to e.g.
delete your files. If I open foo.png in an image editor, the editor should
only have access to that file and the image editor's directory, not the entire
filesystem. Nor should it be able to add a program to run at startup or to
observe the things I'm typing in the password box of my online banking login
form.

Facebook at least got this partially right. When you run an application it
asks you "Application X wants permission to: access your phone number, send
messages on your behalf, etc.".

------
jayfuerstenberg
Law 7 is the most poignant for me.

Some people believe you can get security along with convenience. This COULD
NOT be further from the truth.

Convenient for you = convenient for hackers!

You need to be accountable regarding your passwords and how you choose them.
There is no system that makes passwords magically secure.

You need to just stay away from the commonly abused passwords and go with
combinations of characters, numbers and punctuation to increase the possible
permutations a hacker would have to exhaust before discovering yours.

------
jwatte
Ten years after, and it's still true. There have been malware on iOS too. They
ought to teach this stuff in grade school...

~~~
Xuzz
What malware on iOS?

~~~
justincormack
Well one click jailbreak is proof of concept. It could do something worse. It
is hard to know if your iOS device has been rooted...

~~~
Xuzz
I designed the website for JailbreakMe, but I seriously have not seen a single
malicious implementation of that exploit of that — or of any malware, through
the App Store or not — for the iPhone.

~~~
plantain
[http://www.smh.com.au/digital-life/mobiles/mixed-response-
to...](http://www.smh.com.au/digital-life/mobiles/mixed-response-to-astley-
iphone-virus-20091110-i74f.html) Not directly related, nor very malicious. The
JailBreakMe exploits still could have been used maliciously on a major site to
easily create the worlds largest botnet overnight.

~~~
Xuzz
Theoretically could. But it didn't happen, and nobody even made a PoC or
demonstration. And full source code was released within three weeks of the
initial JailbreakMe release, so it's not like it was made particularly hard if
someone wanted.

(I don't count that thing you linked; it only affected jailbroken devices who
installed a specific package and didn't change their password.)

------
thedufer
Re: Law #1; This is what the idea of a super user is supposed to help with,
and not properly using that concept is part of the reason Windows has
developed such a poor reputation for security. To some degree, a program run
by a normal user can do damage, but nowhere near what a program run by a super
user can do.

~~~
contextfree
I would say that a program run by a normal user can do most of the damage that
the owner/user of a personal system (as opposed to an admin of a multi-user
system) actually cares about.

------
tehjones
I really disagree with the use of bad guy in any of those laws. It biases the
reader from the get go to only worry about the bad guy, you should worry about
every user.

~~~
crenshaw
The articles says this, "If a stranger walked up to you and handed you a
sandwich, would you eat it? Probably not. How about if your best friend gave
you a sandwich? Maybe you would, maybe you wouldn't—it depends on whether she
made it or found it lying in the street. Apply the same critical thought to a
program that you would to a sandwich, and you'll usually be safe."

Which I thought was pretty good.

------
rohit89
Laws #1 and #2 for all intents and purposes mean the same. If an unauthorized
person is allowed to modify anything on your computer, you could be in
trouble.

------
shithead
_Law #1: If a bad guy can persuade you to run his program on your computer,
it's not your computer anymore

Law #2: If a bad guy can alter the operating system on your computer, it's not
your computer anymore

Law #3: If a bad guy has unrestricted physical access to your computer, it's
not your computer anymore _

s/bad guy/vendor/g, looking at phones and e-readers.

Computer for which someone else has the root password and a comm link: not
yours.

