
The Six Dumbest Ideas in Computer Security - neic
http://www.ranum.com/security/computer_security/editorials/dumb/
======
bryanrasmussen
I sort of feel that whoever made this site should have read an article
somewhere entitled The Six Dumbest Ideas in Web Design.

Also, amusing quip 'if "Penetrate and Patch" was effective, we would have run
out of security bugs in Internet Explorer by now.' although I guess the real
case would be the less pithy if "Penetrate and Patch" was effective, we would
have run out of security bugs in Internet Explorer 6 by now.'

also if Penetrate and Patch could be replaced by someone just writing a
browser that was not hackable because it was not supposed to be hackable which
browser is that?

I mean I understand that a system hardened by trial and error is not as
enticing as a system made hard from the start, without holes, but I guess
there is very few of these to be found and probably what is best is a system
that has been tried to be made as hard as the programmers could from the
beginning and then tested for holes after that.

I mean listing penetrate and patch as a dumb idea sounds like one of those
jokes - The only thing stupider than using Penetrate and Patch to fix security
holes is not using it at all. Probably I exaggerate there but (given the
number of companies that don't even do that) I don't think I exaggerate by
much.

On Edit: I mean I sure use the phrase I mean a lot. Sorry about that, have
some long running conflicts at work that are boiling over right now. Probably
shouldn't comment on articles, but I do it to take my mind off things.

~~~
Eridrus
Chrome was designed to be harder to exploit by having a content sandbox from
day 1, so that even if you exploited a bug in chrome, you'd have to exploit
another bug to get out of the sandbox. It also came with auto updates you
couldn't disable so that you couldn't just hack people when they fell behind.

That was close to a decade ago.

This hasn't stopped nation states who are perfectly ok rolling out windows
kernel exploits, but we dont really see chrome exploits in typical exploit
kits, so that seems like a win for most users.

I hope Rust/Servo become our next leap forward. If they manage to make it
productive enough that browser devs accept Rust we'll be in a really good
place.

------
cestith
The author states that learning how to compromise a system is wasteful and
stupid. On the level of learning to use a particular exploit that's hot this
week, that's true. Learning how a class of exploits takes advantage of a class
of security bugs is a good way to spot where those bugs are in your code and
to evaluate how well you're avoiding them.

------
CM30
This point sounds like it wasn't thought out very well:

"In fact, if I were to simply track the 30 pieces of Goodness on my machine,
and allow nothing else to run, I would have simultaneously solved the
following problems:"

Well, yes. If you're like your mum, dad or granparents and barely install new
software at all it could work fine.

Not so much if you're a web developer that regularly installs new software to
make your dev environment easier to use or you like playing computer games
(even less those available through digital services/on sale/made by amateurs
or fans).

Cause in cases like those, I can see any 'good apps' list rivalling the virus
ones in the anti virus programs he mentions.

~~~
inlineint
> Not so much if you're a web developer that regularly installs new software
> to make your dev environment easier to use

If you are a web developer you can run all untrustworthy tools in
containers/virtual machines that doesn't have access to your system, it would
be an implementation of these principle.

Not all developer tools can be run that way, but pretty much of them can.

------
bradknowles
I'm tempted to use Marcus' words against him. With much love, of course. ;)

If tallying up the six dumbest ideas in computer security was a good way to
fix the problem, then the industry would have solved this issue years ago.

But man, did I always love the idea of a Network Flight Recorder.

~~~
walter_bishop
Has anyone actually tried to implement Ranums ideas?

~~~
bmer
Yeah, that's key. If the ideas were implemented, and then didn't work, we
could say that "it's a dumb idea" (because it didn't work). Except, things are
pretty much the same, or even worse if one considers his point on perception
of hacking: "hacker culture" has become even "cooler", and strangely
synonymous with "freedom".

~~~
yellowapple
> and strangely synonymous with "freedom".

That's because this synonymousity (is that a word?) was co-opted from a
different definition of "hacker" (i.e. in the "Jargon File" sense of "someone
who demonstrates creative ingenuity"); in that sense, having the freedom to
tinker with things is strongly desirable to someone possessing the "hacker
ethic".

'Tis one of the side-effects of the term "hacker" having multiple meanings,
for better or (in my opinion) worse.

------
dsfyu404ed
It's often a lot less resource intensive to enumerate and filter out the first
hundred thousand kinds of badness you encounter on a daily basis leaving you
with a smaller pool of stuff that requires more than a cursory check. There's
no need do more than a simple analysis on plain text emails, without
attachments where all senders/recipients are in the organization.

You actually need to do the whole penetrate and patch thing as a part of your
entire security system. It can't be relied upon to tell you everything but not
doing it at all is similarly dumb.

------
nxzero
>> "hacking is a social problem"

There a lot of social problems in the world, but hacking in the true sense is
more like a social cure than problem.

