Hacker News new | past | comments | ask | show | jobs | submit login

> 1) As per the article, to actually prevent ring -3 malware. The implemented signature is the best way to do this. If we could run our own "libre" code there, so could the attacker.

Why can't computers have physical switches that enable/disable writing the memory that this piece of software is located in?

Good question. Why don't phones have physical switches on GPS and microphones?

In this case, the RSA sig is still better, though. Imagine that anyone sitting between the Intel plant and your local computer parts supplier could flip the switch.

It's a weak argument, I admit. There should be both protections at the same time.

There are phones that do have these switches.

Care to elaborate?

Asked from my N900, the only one I am aware of.

That is actually slightly less secure - sometimes people do have physical access to your machines.

For example, the NSA intercepted deliveries of switches and installed their malware on them. Would be easy if there is a physical switch. Not so easy if you need signed firmware (I'm sure the NSA could still do it, but it would definitely be harder).

If they have physical access, it's over regardless of what authentication mechanisms are employed.

I'd argue that not being able to modify software subjects you to a higher risk because you wont be able to fix security vulnerabilities yourself.

Software and hardware outlive the companies that produce them.

The NSA could just produce their own chips, and put them onto your system.

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact