Re: No need for AV tools on Linux, eh?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2011-02-10 at 23:57 +0000, Alan Cox wrote:
> > The real issue is two fold:
> > 
> > 1. The vast number of compute systems across the Internet that are not 
> > managed at all.
> > 
> > 2. The inability of platform creators to consider security as a priority.
> 
> This is driven by economic realities
> 
> - Users don't understand what poor security costs them so won't pay
>   for it
> 
> - The legal system is curiously lax when it comes to software and people
>   get away both with contractual opt-outs no physical device maker could
>   and end users somehow manage to dodge all sorts of liabilities for
>   carelessness on their part they couldn't with a car
> 
> - Most users aren't able to tell good and bad security (the lemon problem)
> 
> - Particularly in business the users don't actually care about security
>   or taking insecure actions. It's not *their* problem if the hotel front
>   desk gets a virus because they installed games on it.
> 
> As with most things - if you want to fix it make it more expensive not to
> do so than to fix it, the rest then just happens.
> 
> Alan

What I also find is that the average business user is focused on his
job, not on security.  Most have seen the news, but so far it hasn't
affected them personally, so it must have been some thing that other
person did that got them in that fix.  Lack of personal expense is more
than economic.  Moreover most things people use do not expose their
bodies and persons to the kinds of threats that affect their computers,
resulting in the threat not being internalized.

It doesn't help that the governments of the world and the business
admins want back door access to the users systems.  The legality of that
access is for another thread, but one of the side effects is that really
effective security would make that access nearly impossible.  Remember
the hassels over PGP when it came available?  And now China has copies
of the Microsoft core software source code, so that they can have better
access to the control of the internet within their own country.

Add the DMCA, DRM software, the Sony Blu-Ray software scandal and the
vision that Hollywood uses to glamorize crackers (note the use of the
word cracker, the evil doer on networks, vs hacker, which is the legal
expression of new uses for existing software and hardware).

The question becomes not how to secure a system, but rather how much
should it be secured.  The tines of that fork are governmental, user
need/requirements, reuse as a hacker might do, and access by ones
business supervisors on business systems or access by ones business
supervisors on ones personal systems, and the ultimate decisions of what
should or should not be legal use of ones personal computer (porn, file
sharing, personal email, financial dealings, personal communications,
and facebook type uses etc.)

	Then there are archivists, who look toward archeology of the future,
and the future analysis of our society and how we should protect and
preserve the content not just of our production, but of our culture and
society.

	Then we have to balance those interests against the desire of each
person for their own personal freedom or lack thereof in their
particular culture, such as socialism, sharia law, mosaic law and so on
for all the distinct cultures/theologies/societies that exist on
earth.  

	There is not a single point of security, but rather a sphere in a
complex dimensional space.  Where one falls within that sphere will
determine the value they place on security and privacy.

	As we go from where we are today into a future where everything will,
or may anyway, be on line, how does each society deal with these issues?
What will cause the next civil war and where will it occur?  

	This all ties into the security question because total security is at
center of care space and none at all is the exclusionary border.
Economics, status, and personal feelings are all spaces that overlap and
overlap the security space. Your particular comfort zone is likely
within the space described by the union of your particular spheres of
interest somewhere within that global space.

	So the questions that this poses are:
1.  Do you need security?
2.  How much security do you need?
3.  How much would you pay to get that security?
4.  How much effort would you expend to maintain that security?

Know the answers to the questions and you begin to answer the question
about security from the individual perspective.  

Repose the questions to your particular government and you begin to
outline the space of permissible security.

Ask those questions again to your community, church, or peer group and
you get the societal view.

Ask the one final time to your business colleagues and you get the
business perspective.

Each of these perspectives outlines a potential area of security that
would be acceptable to that group.  Find the AND area of all these
spheres and you get the answer that will fit the current market place.
If you want more system security, you have to take steps to change the
answers at the origin of the answers, whatever they may be.

Regards,
Les H





-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux