
Bruce Schneier: Chrome OS's Security Claims "Idiotic" - Shakescode
http://www.readwriteweb.com/archives/security_guru_calls_chrome_oss_security_claims_idiotic.php
======
tptacek
"Guru" is probably the right word to use for Schneier at this point, and
here's another great example of him inserting himself into a story he has no
involvement in, making comments that betray a complete lack of awareness of
the context of the story he's commenting on. Par, unfortunately, for the
course.

It is doubtless the case that Schneier is fielding constant phone calls from
trade reporters asking for his opinions on the security news of the day.
Taking those calls, and writing the op-ed-style pieces that generate them, is
probably the bulk of his job description. And so it's to be expected that he's
going to be asked questions about things like Chrome's "virus-proofness", and
having given no thought to Chrome or its architecture, be at a loss for pithy
commentary. Hence, "2+2=3". Thanks, Bruce.

But before you feel too much sympathy for him, remember that he always has the
ability to tell the reporter, "sorry, I don't know enough to comment
intelligently on this story".

~~~
tc
You've been interviewed by a reporter, yes? His very next sentence could have
been something like, "It's not going to be virus-proof, but I'm glad to see
they're thinking about security early. There is still a lot that can be done
at the operating system level to improve security for the user."

The reporter would have cut that part out. It's not controversial enough. You
could do the same thing with his blog post on homomorphic encryption if you
took the phrases, "Gentry’s scheme is completely impractical," and "I think
he’s being optimistic with even this most simple of examples," in isolation
from "practicality be damned -- this is an amazing piece of work," and "I
never expected to see one [a secure fully homomorphic cryptosystem]."

I don't understand this need to pull Schneier down. He's a smart guy, most of
his writing is good, and he helped design a cipher that came pretty close to
being selected for AES. Anyone who enters the media game is going to end up
getting a bit caricatured.

~~~
tptacek
You'll note that I didn't comment on his post about Gentry's homomorphic
encryption scheme, for two reasons: (1) homomorphic encryption is a very
boring topic, and (2) I don't feel like I have an authoritative argument for
Schneier not being qualified to talk about it. Having dispensed with the straw
man in your second graf, I'll take the 1st and 3rd in order.

I have been interviewed by reporters. And I have, in fact, made lots of
mistakes with them. Security researchers are unnaturally attractive to trade
reporters, and there's business value in cultivating contacts with them, and
I've definitely let that process run too far in the past.

So, a mistake is a mistake. And thus, regarding your first graf, two
responses:

(1) I stand by my original argument that Schneier doesn't appear to be close
enough to Chrome OS security to comment on it, and his comments appear to
misconstrue what Chrome OS is aiming for, _and_

(2) I stand by my original argument that this is an example of Schneier's
business objective of inserting himself into every conversation about computer
security again coming at a cost of his credibility.

Finally, you want to understand my need to pull Schneier down. I don't care if
he's smart. I care that he's a guru. He's listened to uncritically by lay
professionals, and his opinions about the problems they face are often not
valuable. I'll add that Schneier's reputation in cryptography --- a field I am
not a part of --- is not ironclad. If you want to stick up for a scientist,
start with their citation record. Let us know what you find.

~~~
alexgartrell
Don't you kind of think homomorphic encryption is a big deal for what it
allows? I mean, at it's core, running arbitrary computation on encrypted data
for the later consumption of the decrypter is a very big deal, and can be a
Cloud game-changer.

Schneier may not be the world's greatest guru, but he knows a lot and he
writes well, which makes his opinion more relevant on average than almost
anyone else's. If you want a similar amount of "street cred", write a book.

No seriously, I'd read a book by you guys, just write it, please.

~~~
tptacek
I start caring about crypto (and security) when it gets deployed in the real
world, so I can break it. We ship a product, but for the most part, I am
myself a professional abuser of software. So there you go, re: homomorphic
encryption.

As regards "street cred", look, you can assign whatever credibility you want
to the guy. I'm telling you, from the trenches, you are often going to be
worse off for basing decisions based on what he says. Sure, you'll say, you
don't base decisions off what some random pundit on the Internet says, and I
say to you, "good on ya". But lots of people do, and so taking the piss out of
him is a noble enterprise in my view.

And I am all about the nobility.

------
jgfoot
"It was mathematically proved decades ago that it is impossible -- not an
engineering impossibility, not technologically impossible, but the 2+2=3 kind
of impossible -- to create an operating system that is immune to viruses."
Does anyone know what he's referring to? That would be an interesting read.

~~~
tptacek
He's talking about the halting problem, which isn't "2+2=3" impossible, but
undecidable. Of course, the average engineer at Google has vastly more CS
education than Schneier, would never have claimed to have solved the halting
problem (or "program intent" as the AV people put it), and would have
responded to this question more succinctly and accurately than Schneier did.

~~~
Retric
An infinite loop does not a virus make. With a multithreaded OS an infinite
loop is not really a problem. Limiting resources to some defined level is a
"solvable" problem.

~~~
tptacek
The antivirus problem isn't a resource consumption problem. "The halting
problem" is a CS synecdoche for the limitations of static analysis and the
fundamental generality of what a "virus" is.

He's saying, "we mathematically figured out a long time that trying to look at
a computer program and predetermine what it will do before running it is a
task that reduces to the halting problem."

That this is a stupid way to look at the antivirus problem is besides the
point here.

~~~
Retric
Sorry, that's a better explanation of what you meant but it's still not a
problem.

You don't need to figure out what a program can do ahead of time if you limit
what it can do at run time. You don't even need to let the user do anything at
run time.

~~~
tptacek
You are arguing with the wall. I'm just explaining what Schneier meant by
"2+2=3".

~~~
Retric
Lol, ok sorry I just had a _someone is wrong on the internet_ moment. Which
had nothing to you just the idea about the limits on what an OS could do.
<http://xkcd.com/386/>

PS: I also just noticed that that was commic #386.

------
blhack
These sorts of arguments really make me facepalm.

Listen, Bruce, they don't _literally_ mean that their OS will be completely
and 100% totally impervious to any sort of malware or virus attack of any kind
ever to exist ever in the future ever ever ever to infinity times infinity.

They mean that their OS will be considerably more resistant to any sort of
reasonable malware attack in the foreseeable future, and they're 100% correct.

Windows, even just because of its target market, will be the low hanging fruit
for as long as I think anybody can foresee. Simply because of this, linux and
bsd-kernel based operating systems that are using proper user isolation
(meaning not running as the freaking root account by default) are going to be
more secure than windows.

~~~
tybris
> They mean that their OS will be considerably more resistant to any sort of
> reasonable malware attack in the foreseeable future

By the way, that's what Microsoft meant when they released Windows 98... and
98SE and ME, and 2000, and XP, and 2003, and Vista, and 2008, and 7.

Pointless claim. Just deliver and we'll see.

~~~
blhack
Linux has had a pretty long history of delivering on that claim...microsoft
has not.

~~~
tptacek
Linux isn't resistant to malware. It's resistant to users who want point-and-
click installation of software downloaded from the web.

------
param
It would be good if we could look at his actual statement/blog post rather
than an analysis. Given how so few of his words are mentioned in the
"article", it makes me wonder if the 'press' is misinterpreting what he really
said.

~~~
brown9-2
The statements were given in an interview with Yahoo News:
[http://tech.yahoo.com/news/pcworld/20090708/tc_pcworld/googl...](http://tech.yahoo.com/news/pcworld/20090708/tc_pcworld/googlesossecurityclaimscalledidiotic)

------
datums
Not worth reading. Let me save you a few minutes of your life. How do I vote
this down ?

~~~
beeker
True. Although this might enable an undesirable behaviour, since anything you
pay attention to grows. So if one can't vote down. Voting something 'up' is
effectively a vote down for all others.

------
imgabe
I think making a claim like _users don't have to deal with viruses, malware,
and security updates_ is potentially more dangerous than having an OS with a
less robust security model.

Even linux and BSD systems are vulnerable if malicious programs are given the
necessary permissions to run. If a casual user hears something like, "This OS
is immune to viruses", they're likely to be a lot less cautious about running
programs that might auto load from websites. By now most Windows users know
better than to click OK when a website wants to install something on your PC.

~~~
moe
_By now most Windows users know better than to click OK when a website wants
to install something on your PC._

Have any data to back that up? Because my impression is the opposite.

~~~
imgabe
Perhaps "most" is an overstatement, but certainly a greater proportion know
better today than did 10-12 years ago. As time goes on that segment of the
Windows user population is only going to increase.

------
OperaLover
"Google, while announcing its new Chrome operating system late Tuesday, said
users would no longer have to worry about viruses, malware and security
updates"

Good marketing. Tough to live down when you're first discovered to be "human"
(developed by software engineers) - as it will be when Apple's first takes a
major hit [which news suggests the iPhone may be vulnerable to].

~~~
doosra
"Google... said _users_ would no longer have to worry about viruses, malware
and security updates"

I'm guessing since most applications on Chrome will be web-based, the _vendor_
will worry about them. They will be able to more easily and quickly detect +
destroy phishing schemes, viruses etc. Kind of like how Facebook has responded
to malicious wall posts.

For me the bigger concern would be the loss of productivity due to downtime of
web services, or loss of internet connectivity.

------
OperaLover
Perhaps a needed dose of sanity (even if hyped) to counter Google wishful
thinking/marketing: "Google, while announcing its new Chrome operating system
late Tuesday, said users would no longer have to worry about viruses, malware
and security updates"

Good marketing. Tough to live down when you're first discovered to be "human"
(developed by software engineers) - as it will be when Apple's first takes a
major hit [which news suggests the iPhone may be vulnerable to].

------
GeneralMaximus
Whatever they do, I just hope they release the code. That way even if their
redesign fails, the FOSS community will have something to learn from it, and
if it's the best thing ever, it can be ported over to other Linux distros.

------
brown9-2
I really don't think anyone should view this claim as anything more than
marketing claims and statements, not actual technical claims or guarantees.

------
tybris
Just report, don't scoff experts. It makes you look stupid. Now what was the
context? Ah, I see you were so busy trying to claim intellectual superiority
(failed) that you forgot about that.

