Linus's Thoughts on Linux Security (washingtonpost.com) 291
Rick Zeman writes: The Washington Post has a lengthy article on Linus Torvalds and his thoughts on Linux security. Quoting: "...while Linux is fast, flexible and free, a growing chorus of critics warn that it has security weaknesses that could be fixed but haven't been. Worse, as Internet security has surged as a subject of international concern, Torvalds has engaged in an occasionally profane standoff with experts on the subject. ...
His broader message was this: Security of any system can never be perfect. So it always must be weighed against other priorities — such as speed, flexibility and ease of use — in a series of inherently nuanced trade-offs. This is a process, Torvalds suggested, poorly understood by his critics. 'The people who care most about this stuff are completely crazy. They are very black and white,' he said ... 'Security in itself is useless. The upside is always somewhere else. The security is never the thing that you really care about.'"
Of course, contradictory points of view are presented, too: "While I don't think that the Linux kernel has a terrible track record, it's certainly much worse than a lot of people would like it to be," said Matthew Garrett, principal security engineer for CoreOS, a San Francisco company that produces an operating system based on Linux. At a time when research into protecting software has grown increasingly sophisticated, Garrett said, "very little of that research has been incorporated into Linux."
His broader message was this: Security of any system can never be perfect. So it always must be weighed against other priorities — such as speed, flexibility and ease of use — in a series of inherently nuanced trade-offs. This is a process, Torvalds suggested, poorly understood by his critics. 'The people who care most about this stuff are completely crazy. They are very black and white,' he said ... 'Security in itself is useless. The upside is always somewhere else. The security is never the thing that you really care about.'"
Of course, contradictory points of view are presented, too: "While I don't think that the Linux kernel has a terrible track record, it's certainly much worse than a lot of people would like it to be," said Matthew Garrett, principal security engineer for CoreOS, a San Francisco company that produces an operating system based on Linux. At a time when research into protecting software has grown increasingly sophisticated, Garrett said, "very little of that research has been incorporated into Linux."
Nailed it (Score:5, Interesting)
'The people who care most about this stuff are completely crazy. They are very black and white,' he said ... 'Security in itself is useless. The upside is always somewhere else. The security is never the thing that you really care about.'"
This nails it entirely on the head, and is why a lot of security and privacy nutters gain so little traction when dealing with the masses. Security and privacy are important, but they need to be balanced pragmatically with what people actually want to do with the system.
Re:Nailed it (Score:5, Insightful)
No.
It's the very height of arrogance to not consider safety. Security isn't about paranoia, it's about bad guys, and there are a huge number of them, using coder stupidity and this sort of arrogance to rob people of real money, or ransom systems.
It's an enormous failure of engineers that don't put safety first while trying to be faster, cooler, or wittier than the next engineer. You can call it artistic creation, egalitarianism, but without the concern for the safety of others, it's boorish, arrogant, and rife for misdeed.
The point is that safety alone is not productive. (Score:5, Insightful)
We are talking about securing tools. But the point is that tools do things. We want tools to help us to accomplish the things that the tools do.
A perfectly safe hammer is entirely possible. Make it out of flame-resistant, soft, synthetic materials and fill it with something equally soft. Shape it more like a ball than like a stick, so no-one can accidentally stick it in their mouth and suffocate.
Of course, now you have something that can't be used to pound in nails—but it's entirely the safest hammer on the planet.
Will anyone buy it or use it? Of course not. And they'll still need something with which to pound in nails. That's Linus' point.
Re: (Score:3)
It's not that black and white at all. The OSHA-like examples of stupidity in motion don't apply here. What is present is an enormous crime effort to make money from other's computing misery. Look at what's happened, in terms of breaches, thefts, extortion, and just plain misery.
The problem starts with every coder everywhere, every sysadmin, network engineer, and web designer. The culture of security starts at the top, and here, at the Top of Linux, Linus brushes it off. These aren't nutters or nutjobs, thes
Linus isn't trying to make it black and white. (Score:5, Insightful)
He's trying to say that if people want powerful, flexible networking, they'll choose an 80% safe OS that enables this easily over a 90% safe OS that imposes lots of overhead costs to make it possible; that people will choose a 60% secure OS that runs their processing jobs in 3 hours over an 85% secure OS that runs their processing jobs in 6 hours.
He's pointing out that people like security well enough, but they want to get stuff DONE even more, and that most people will take the calculated risk to be less secure if it makes them more productive at lower costs. That if there is a less secure but more productive option, up to some arbitrary point (that is different in each case, but that can be inferred by the movement of markets and communities as a whole), they'll choose the more productive option.
And that there is no point in saying "then all of us that produce these things must get together and make highly secure, if less capable stuff, so that all choices are equally highly secure!" because as soon as that happens, a garage coder somewhere is going to have a project on github that says "I got tired of waiting for jobs to finish, so I wrote my own from scratch. It's totally insecure, but damned if it doesn't finish the job in half the time!" and that people will immediately flock to it.
In other words, his goals for Linux aren't for Linux to be the most secure OS on the planet, but to be one of the most useful and used ones.
Re: (Score:2, Insightful)
I believe you're putting words in his mouth. Sleazing on security to get as you put it "stuff DONE" is what got us here. The ends don't justify the means.
And look at the means! Systems security has become battle #1 for many, many IT people.
And the IT people are hired and fired (Score:2)
based on a multiplicity of factors, notably including their ability to support the company's operational needs, NOT ONLY how "secure" the systems are.
QED.
Re: (Score:2)
Re:Linus isn't trying to make it black and white. (Score:5, Interesting)
Yes, I administer a small network of about 150 bodies and roughly double that number of devices.
I take security seriously.
However, there are trade offs.
For example. I *could* implement a sandbox environment for all apps, do application whitelisting, strip attachments and links from e-mails and a bunch of other stuff... but these things add complexity and reduce productivity as they inevitably run head-on into usability.
As it is, I do everything reasonable to avoid the worst, but security is definitely second fiddle to productivity.
Re: (Score:2)
People in this thread mistake that I believe in draconian security. I don't. I do, however have the facts that systems security is taking a beating like no other time in history, and the assets at stake are now huge. To blow off security as an after thought of some sort of da Vinci-worthy code still strikes me as the height of arrogance. It doesn't speak to the real pain that occurs.
Re: (Score:3)
Never said IT was a monolith. I fully appreciate the many responsibilities, many are now heavily distracted by the fireman's drill of dealing with security issues.
Security is indeed a process, but insufficiently applied as a discipline across IT-- including coders, viz the incredible breaches across industries, governments, and personal equipment. It's now slowing down, it's become vastly more damaging.
Re: (Score:3, Insightful)
"He's trying to say that if people want powerful, flexible networking, they'll choose an 80% safe OS that enables this easily over a 90% safe OS that imposes lots of overhead costs to make it possible; that people will choose a 60% secure OS that runs their processing jobs in 3 hours over an 85% secure OS that runs their processing jobs in 6 hours."
Not all people want to make the same tradeoffs, which I thought was one of the points Torvalds was making. In any case the issue is about system security where t
The Garbage Compacter Rule (Score:3)
He's pointing out that people like security well enough, but they want to get stuff DONE even more, and that most people will take the calculated risk to be less secure if it makes them more productive at lower costs.
Also, too much security can backfire. I call this the Garbage Compacter Rule: In Star Wars it was too difficult to shut down all the garbage compacters on the detention level, so R2-D2 just shut them all down. Similarly, when you run up against a security system that's stopping you doing what you want, but it's hard to poke a hole in it, you sometimes just "shut them all down" to get some work done. You're left with less security than if the original block wasn't there.
Re: (Score:3)
Were this true, a culture of security would have indeed stanched many of the problems found. Certainly the Linux kernels have been well-thought through. They are not immune.
Re: (Score:3, Insightful)
Your analogy doesn't seem accurate. It's more like if you had a hammer - all hammerlike and useful, but because of the laziness of the hammer creator, can be remotely made to fly around your workshop smashing into things by anyone wishing to make it do so.
The security holes which do not affect functionality should be fixed, and commonly are not. That is the problem.
Re:The point is that safety alone is not productiv (Score:5, Insightful)
Yup. And when security is a key to operational (Score:3, Interesting)
goals, this is close to what happens. Where truly "hard" computing is necessary, resources are disconnected from networks, etc. People know which side their bread is buttered on, they're not fools. Sure, security is an important "nice to have" but it's not bigger than the task at hand in most cases.
Witness how the public continues to use cloud services, social media services, online commerce, and mag-stripe credit cards, despite regular breaches. They'll bitch and moan, but they're not going to stop doing t
Why safety "alone" is productive: (Score:2)
There are different ways to implement security, and I think this discussion of Torvalds' and ours is a sign that security ingrained within large monolithic kernels is a demoted (if not dead) model.
Hypervisors like Xen are at the forefront of security. They embody a sandboxing-done-right philosophy where the baremetal system runs only a small, dedicated hypervisor and all of the rich functionality is contained within VMs. In a system like Qubes, which adds an integration layer on top of Xen that is very smal
Re: (Score:3)
You make it sound like no one has [securityweek.com] ever [securityweek.com] hacked a hypervisor [qualys.com].
Re: (Score:3)
The problem is that invoking the word 'security' by itself can be speaking to reasonable application of good practices to pretty insane stuff.
This is a problem that continues to plague the industry, where you have 'developers' who are forgiven for not understanding security practices and try to work around that by adding a 'security' team who do not understand the actual functional goals or a lot of reality of how things are used. Both sides are at fault, but the developers producing the actual requested f
Re: (Score:3)
On the other hand - the most secure you can make a computer is to pull out the power cord and dump it in a smelter.
Unfortunately trade-offs do have to be made because generally all that security is absolutely *useless* if you cannot subsequently actually USE the thing for it's intended purpose.
Re: (Score:2)
If you're a real hacker, you should be immune to this kind of binary thinking. People hack stuff, and look at the damage now done given criminal motives. Nothing is foolproof, but security is a culture, a mindset. It's nice to make something nice and artistic, but if it melts like an ice sculpture, what's left?
Re: (Score:3)
There was no "binary" thinking there - on the contrary the very idea of "trade-offs" suggests thinking on a sliding scale.
"This security patch we should add because it gives a high degree of coverage with little negative impact" but "that one we should skip because it gives only a small bit more while hugely impacting performance" and "this one over here we should never contemplate regardless of it's coverage because it seriously breaks user-space".
Re: (Score:2)
Underscoring your reply was a theme of trade-offs. Some people want to live a life with minimal patches, because the code was right to begin with, and withstood barrages of overflow/etc attempts because the code was well-designed, and used as one of the pragmas for its underlying theme: security.
Coders aren't getting message that security comes first. Sure, take an idea and make it into code. And if you're going to distribute that code, prevent others from coming to harm. This is the theme, this is the cult
Re:Nailed it (Score:4, Insightful)
Ahem ... I think maybe you don't fully understand, It's not that kernel security is entirely unimportant. It's that the idea that you can or should fix imaginary security problems in the kernel seems kind of ditzy. It's sort of like protecting New York City from terrorists by hiring more police and assigning them to florist shops. Yes, that would presumably discourage terrorist floral attacks. But since when are those a known or potential problem?
If you want to secure computing, then reduce attack surfaces dramatically. Don't hook everything in sight up to the same internet. Cut way back on the number of protocols in use. Lose idiocy like Javascript. Fix eccentric cookie behavior, etc, etc, etc.
If, after doing that, it turns out there are exploitable holes in the kernel -- say a flaw that allows a carefully crafted IP packet to make arbitrary changes to the system or a way for the janitor to inject a privileged process from a USB stick into people's desktop PC startup while he/she is emptying the wastebaskets -- I doubt there will be any resistance from Torvalds or anyone else to fixing them.
Re: (Score:2)
I'm fully aware of kernel functionality. "Imaginary" security problems become discovered often. Linux is not just the kernel, it's also all of the apps depending on kernel functionality. Yes, it's FOSS and the kernel is freaking huge, a life's work of astounding achievement.
Your pragmatist's instructions are great. This said, allowing a carefully crafted packet to push a process into an overflow that permits privileged code execution is a hideous failure. Suddenly, a machine is cracked like an egg, and rife
Re: (Score:2)
It's the very height of arrogance to not consider safety.
When a distribution comes out that actually makes decent use of selinux, then Linus can be asked to do more about security. As it is, most distributions are ignoring or at best underutilizing most of the security functionality built into the kernel. Even for apparmor there's typically only a handful of profiles, and they're only really being used to try to band-aid known-insecure applications.
Re:Nailed it (Score:4, Insightful)
Depends on your definition of 'decent'.
Distributions that have made strict use of SELinux to tightly lock things down may be 'decent' to security folks, but terrible to use, causing people to just turn it off.
Distributions that have piled tons of permissive policies to make some moderately useful environment get derided by security folks as being too lax, though they at least get to enforce the restrictions they designed.
It's impossible to make both people trying to get their work done and hard core security guys happy...
Re: (Score:2)
The Linux kernel has quite strong security but if every single thing that went into the kernel had to justify its security first and foremost then development would slow to a crawl. If you want to see the kind of impact that might have then look at something like OpenBSD.
Re: (Score:2)
Aaaaaand fail. This discussion is about security, not safety. These are two entirely different things.
Re: (Score:3)
Re: (Score:2)
Christ Microsoft
When did Microsoft become Lord and Savior? That's a whole different realm of monopoly power.
Re: (Score:2)
With roughly 5000 gods worshipped on earth currently - it's not much of a monopoly though the christ one does seem to have the largest market share. If Microsoft was able to acquire that though - then I am not sure what still separates it from the Satan one ?
Re: (Score:2, Insightful)
It's not about Microsoft. It's about Lucky Linus not getting the message, being arrogant, and permeating a culture where loose-and-fast is better than thinking of security risks.
Re: (Score:3, Interesting)
He gets the message but he doesn't agree with your core ideals, there is a big difference.
Also, you accused aussersterne of putting words in Linus mouth, but here you are not only doing the same but also in an arrogant and insulting fashion.
Double irony does not cancel itself out.
I think Linus point is very clear. Security has no value by itself. It is nice, but it should never get in the way of getting the job done.
This is very similar to the reasoning that is used when considering life critical applicatio
Re:Nailed it (Score:5, Insightful)
that doesn't inconvenience the user.
That's the real key take away, and the point people like to talk past. It's like a full harness versus a seat belt. A full harness would be objectively safer if used, but fewer people are going to go to the hassle of connecting up a full harness every time they drive and so the seatbelt from a practical standpoint is the better choice to offer to customers of the automotive industry.
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
I sometimes wonder what the world would look like if developers were financially liable for software security failures.
It'd look like the cost analysis of the current US healthcare industry. The fear of a malpractice lawsuit is rampant, which leads to ass-covering every which way imaginable, and fees and insurance costs that match.
I'm not saying malpractice lawsuits are bad, but that level of scrutiny is what we're all paying for out of our pockets.
Re: (Score:2)
Re: (Score:2)
because a problem with a couch is much less likely to be either dangerous to life/limb or expensive to business processes, is my guess. All the cases where software security (heck, IT security) is getting significant press are cases where it's potentially lethal (medical stuff, cars) or expensive (in money or some other prized commodity, like privacy... but mostly money)
My Experience, Too (Score:2, Interesting)
I've been involved in IT security in one guise or another since 2002. The single most important thing I have learned about IT security was learned attending a security conference where Bruce Schneider was one of the speakers. His one-sentence line has always stuck with me: "Security is a process, not a product." This one sentence changed the entire way I see security and, as a result, I am free to make better decisions about what I'm doing and why because I'm not focused on say, a firewall, or a router, bu
Re: (Score:2)
Something Jennifer Laurence learned the hard way.
Re: (Score:2)
'The people who care most about this stuff are completely crazy. They are very black and white,' he said ... 'Security in itself is useless. The upside is always somewhere else. The security is never the thing that you really care about.'"
This nails it entirely on the head, and is why a lot of security and privacy nutters gain so little traction when dealing with the masses. Security and privacy are important, but they need to be balanced pragmatically with what people actually want to do with the system.
Agreed. My experience with computer security people is that they're only happy with a system's security if the machine is still in the box -- and a few are still a little twitchy about that. Unfortunately, the system is fairly unusable in that state - but the security people are fine with that.
Re:Nailed it (Score:5, Insightful)
As a security expert, I fully agree. Security is something that you need to think about from the beginning, but you only ever need enough that your residual risks are acceptable.
These "critics" often do not get how to do professional risk management (Linus does) and, quite often, I get the impression they do not have any significant coding experience, as they seem to think the changes they would like are easy to implement. I run into these black vs. white people in security quite frequently. These are the amateurs that do not understand that actually building things that work is already very, very hard and if you keep changing things all the time you just end with a dysfunctional, insecure mess. Also, you want a stable product, you incorporate research results only after they have been tested out in practice for a few years and only if they bring you a significant gain.
The Linux kernel has an excellent security track record in its core. Some drivers are not that good, but that is why if you need high security, you only compile those that you really need.
Re: (Score:3)
"A ship at port is a safe ship; but that is not what sailing ships are for."
Re: (Score:2)
You have a typo there. You wrote computer when you meant user, right? Applied vigorously to any user
Security as a trade-off (Score:5, Insightful)
Linus Torvalds: ...Security of any system can never be perfect. So it always must be weighed against other priorities — such as speed, flexibility and ease of use — in a series of inherently nuanced trade-offs....
Fortunately, there are open source operating systems available where security is less of a trade-off and more of a priority, such as OpenBSD [openbsd.org], where the developers maintain a laser focus on security.
Re:Security as a trade-off (Score:5, Interesting)
On the other hand, OpenBSD is perfect proof that Linus is right: The trade-off is that for the increased security, you suffer in terms of the computer being useful for other things. It's useless for anyone wanting to do 3D modelling and animation for example, or working with video editing.
Re: (Score:3)
What are you even talking about? How is OpenBSD useless for 3d modelling and animation? If the software is available for Linux it should compile on OpenBSD. Oh and there is virtually no video editing software for Linux. What is around is buggy and still in alpha stages in terms of what Adobe pushes.
Re: (Score:3, Insightful)
That is not the idea behind OpenBSD. If you use only the packages available and tested on OpenBSD, the people of OpenBSD guarantee you that they have done everything in their power to make those packages as secure as possible. Note that they don't guarantee there are no security issues at all. But at least they are very open when problems occur and immediately start working on fixing any security issues.
OpenBSD is not meant to be used as a 'normal' consumer OS where you just install whatever software you ne
Re: (Score:2)
What I'm talking about is the fact that due to the focus on security, other things have been set aside, such that working with the things I mentioned in an interactive fashion is a sluggish and annoying proposition, especially as your scenes grow more and more complex. So what if the program compiles under OpenBSD? If it doesn't work in a satisfactory manner, then there is a problem. On my i5 2500 with 8GiB RAM, Blender running on top of OpenBSD feels as sluggish and clumsy as Blender under Linux back on my
Re:Security as a trade-off (Score:5, Interesting)
Re:Security as a trade-off (Score:5, Insightful)
...OpenBSD is probably unbreachable but it's terribly useless as anything but a firewall; to use it as a general OS, you have to turn a lot of its security precautions off....
OpenBSD's security is not some superficial thing, it goes deep into the OS You don't just "turn it off", indeed some aspects of it cannot be turned off because some aspects of the security are the coding conventions used.
.
To your comment about OpenBSD being useless for anything but a firewall, I've used OpenBSD on my notebook and it fits the job quite well.
Re: (Score:2)
That being said, if you're just talking about the kernel and core apps of OpenBSD, maybe they are indeed more secure than Debian or RHEL. But then again, Debian and RHEL are secure *enough* that you never hear about major breaches to them. But once you start talking about non-core software (e.g. webserver utilities),
Re: (Score:2)
OpenBSD is probably unbreachable but it's terribly useless as anything but a firewall; to use it as a general OS, you have to turn a lot of its security precautions off. Linux (and by that I mean "GNU/Linux" e.g. RHEL, SUSE, Debian; not Android) gives us a healthy balance between usefulness and security. That's why almost every webserver runs Linux.
So OpenBSD makes a poor "general" (workstation?) OS, which is why "almost every webserver runs Linux"? Huh? Something being used for running as a server doesn't (and probably shouldn't) have to run well as a general OS.
Sure really tight system security probably would make a desktop OS more difficult to use, but the same doesn't apply to servers where security is more important.
Re: (Score:2)
OpenBSD is probably unbreachable but it's terribly useless as anything but a firewall; to use it as a general OS, you have to turn a lot of its security precautions off.
Which why I have been using OpenBSD on my laptops for... Let's see... About 10 years now?
I'll grant you this: I don't do video editing or 3D modeling (I am, after all, a system administrator) but OpenBSD has proved perfect to surf the net, send emails, edit complex documentation (using OpenOffice or LyX), do some serious programming, edit images (Gimp and Dia), listen to music, watch videos and even play a game or two. As well as the usual SSH and Ansible into dozens of servers. And, yes, VNC and RDP are bo
Re: (Score:3)
Re: (Score:3)
BUT, until we can look at the code, we can't really say that it's "every bit as secure as a standard Linux setup is."
This article blunts that point at least a little bit.
You can look at the Linux kernel code all you want, but if the suggestions of the security experts who *do* review the code and find the bugs are ignored, is that actually any better than what you get with Windows? All you get is that you *know* Linux is insecure as opposed to just assuming it with Windows.
You have to fix the bugs or implement the security features for the code review to actually have an effect.
I will grant, code review makes a risk asse
Re: (Score:2)
Re: (Score:2)
bsd.mp and Linux 2.2 (Score:2)
While bsd.mp arrived just in the nick of time as multi-core came on the scene, the architecture strongly resembles Linux 2.2 with one large kernel lock, forcing kernel code to run on only one CPU core at a time.
Linux moved to much finer-grained locks, that allow non-conflicting segments of kernel code to run on several processors at once. While most commercial UNIX has done the same, there is no question that one great big kernel lock is more secure.
OpenBSD is very slowly allowing safe calls out of the kern
Security isn't a product (Score:2)
Security in Linux has been looked at as something you bolt-on after the fact. It was not designed from the ground-up with security in mind. Look at OpenBSD as an example: rock solid security and when a rare remote exploit is found, it's usually news on sites like
Re: (Score:3)
Security in Linux has been looked at as something you bolt-on after the fact. It was not designed from the ground-up with security in mind. Look at OpenBSD as an example:
Uh no. OpenBSD is based on legacy BSD code. It's not designed from the ground up for security. It's being implemented after the fact.
Re: (Score:2)
Not saying Linux sucks, but I sleep better at night knowing OpenBSD powers much of what I am responsible for.
Re: (Score:2)
That is complete nonsense. Any UNIX-like OS comes with a lot of security considerations right from the beginning.
Linux the OS vs. the Kernel (Score:5, Insightful)
Linux the OS certainly has had numerous real-world security problems that need to be addressed. I don't particularly care about the semantics of "Oh it's just a kernel!" because I could play the exact same game with Windows where Windows kernel vulnerabilities aren't super common either. Guess what: Linux and Windows both run the same web browsers these days, and that's a cross-platform security hole no matter who wrote the kernel.
Additionally, the biggest security hole I see now is Android due to the fact that it's damn near impossible to actually get upgraded software to fix the numerous holes.
However, Torvalds' direct responsibility is the kernel, so in this particular context I'm not going to give him too much grief. The Linux kernel does actually include extremely sophisticated mandatory access control systems like AppArmor, SELinux, etc. However... and this goes to his point... these systems are used sparingly because they are REALLY complex and lead to all kinds of usability issues for unsophisticated users (And "unsophisticated" here could easily mean a skilled Unix sysadmin with years of experience. These MAC systems are *not* considered "normal" in UNIX).
So basically: Yeah, Linux is not perfect. Nothing out there is perfect. However, the kernel actually does have a bunch of sophisticated security facilities. Maybe more work should go into making these sophisticated security features more accessible and useful to regular people.
Re: (Score:2)
Almost all of the serious vulnerabilities Linux has experienced over the years had nothing to do with kernel. Shellshock and Heartbleed were flaws in Bash and OpenSSL
This article is pure FUD (Score:4, Insightful)
Re: (Score:2, Insightful)
>Was the author bribed by Microsoft?
It's Matthew Garrett, given his history this is not outside the realm of possibility. But nasty case of sour grapes is a more likely reason.
Re:This article is pure FUD (Score:5, Informative)
No kidding. The thing continually suggests that Linux is insecure on all number of ways (none are mentioned specifically), and that Linus is indifferent toward security. It has this completely useless statement to try to create a false association between Linux and the Ashley Madison hack:
Versions of Linux have proved vulnerable to serious bugs in recent years. AshleyMadison.com, the Web site that facilitates extramarital affairs and suffered an embarrassing data breach in July, was reportedly running Linux on its servers, as do many companies. Those problems did not involve the kernel itself,...
Re: (Score:2)
It blames the "towelroot" Android exploit as being the fault of Linux
But towelroot was the fault of linux, no?
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3153 [nist.gov]
Re: (Score:2)
You might reply "so what?, it's a kernel exploit", but allow me to point out that if you used just about *any* operating system and turned off security patches, there would be similar exploits. OpenBSD included. Security is not a state, it is a process. O
Re: (Score:3)
As a security professional... (Score:5, Informative)
I have to say that if this is his position:
He's absolutely dead right and more people in the security profession need to understand what their job is really about. Security is a support role. Our job is to make someone else's stuff work better. Even if you're secret service protecting the president, the core value in your job isn't security for it's own sake, it's making sure the guy in the suit is able to do his job tomorrow.
You obviously don't work for Sony. (Score:2)
The job of security is to fully understand the risk, penalty, and consequence of system compromises, and then to suggest the proper tools to manage this risk.
Some people work with data that involves enormous consequences should it be compromised. These people are likely not on Linux if they understand the issues properly.
Re: (Score:2)
He's absolutely dead right and more people in the security profession need to understand what their job is really about. Security is a support role. Our job is to make someone else's stuff work better. Even if you're secret service protecting the president, the core value in your job isn't security for it's own sake, it's making sure the guy in the suit is able to do his job tomorrow.
Bingo. And over-zealous security can actually be counterproductive when it gets to the point that frustrated users start to work around it in unpredictable ways in order to get their work done. Case in point: I use a network on a large, open campus that implements highly restrictive network access policies, including "secure" wifi login that requires individual authentication via a custom app. It's a total pain in the ass, and is also notoriously flaky and unreliable. So what happens? Everybody has a rogue
Re: (Score:2)
Well said. Otherwise you could just lock the president away in a box or not even power up the computer. Prefect security, perfectly useless. In fact a major part of being a security expert is explaining this to one sort of people. The other sort you have to explain to that some level of security (always based on what the risks in the concrete situation are) is pretty necessary.
Both black and white are entirely wrong and useless in the security space. It is all about finding the most useful shade of gray.
Re:As a security professional... (Score:4, Funny)
"Yes, the goals of the secpro often conflict with the goals of the desktop support technician, but in the end security is more important than usability"
So take your server, unplug it from the network, lock it in a safe, and throw away the key....since security is more important than usability, as you say.
Re: (Score:2)
I am not responsible for any priapisms this post causes "secpro"s
Re:As a security professional... (Score:5, Insightful)
If the job was only about securing data, then security professional's would recommend destroying the data. The military has been known to do exactly this. Destroying the data creates the ultimate security.
What makes security people into security professionals, is that the professionals can design systems that allow authorized activities happen smoothly while simultaneously keeping out the bad guys. That is a much harder task than simply securing the data against unauthorized access. It requires the professional to focus on the balance between usability, security and profit.
Best way to avoid mistakes is to do nothing (Score:2)
You are exactly right.
At Los Alamos National Laboratory safety and security are much more important than anything else. So that's how we spend most of our time.
If the highest priority is to do nothing wrong, the best strategy is to do nothing.
Re: (Score:2, Insightful)
And you know what happens when some security measures make something unusable? The users create workarounds, making the whole security effort pointless.
Re: (Score:2)
What if that user is an executive?
What about the time between them creating the workaround and you identifying it and closing it?
What if lots of people do it? You can't fire them all.
This is my point: If the thing the user is doing is actually important for the business, the business should be HELPING them do it in a secure way. The security role's job is to support the business so that the decision makers understand the risks of different approaches and can make a reasonable choice of which of those ris
Re: (Score:2)
When a user creates a workaround for an established security policy, that is when that user is fired.
As if the security guy in IT has the authority to fire people.
Security does not trump utility (Score:2)
The Security Professional's job is security.
Yes but that doesn't mean their job gets priority over the actual business being conducted. Security is important and serious but it is not paramount.
Yes, the goals of the secpro often conflict with the goals of the desktop support technician, but in the end security is more important than usability.
Wrong. The only way to get perfect security is to make it effectively impossible to do anything useful. Security is very rarely more important than utility even for organizations like the military whose job is security. That doesn't mean security is unimportant or that some utility cannot be traded for security but a company that is perfectly secure will b
Re: (Score:2)
Let me give you an example. Your security problem is that you just hired a guy who plans to steal documents on your Super Secret Widget. He has no criminal record (yet), or other reason for you not to hire him. He has legitimate access to the system containing the plans, copies them, and goes home. Security problems are often nothing to do with softw
Matthew Garrett again (Score:5, Insightful)
Matthew Garrett again trying to remove Linus from the equation. First they tried with the rants angle, now with the "security" aspect. pure FUD
I wonder if this is the first time (Score:2)
Linux, and Linus, have been on the front page of The Washington Post.
Highly Amusing (Score:3, Insightful)
Zero Installation. (Score:2)
The most secure system is the one with zero installations. At some point though, you need to realise that a system must also be usable, and so you trade some security in order to gain users.
TRANSLATION (Score:5, Insightful)
What Slashdot readers hear: "Linux is not BSD."
What normal people hear: "Linux is a terribly insecure OS from some total asshole, who by the way doesn't give a shit."
Mainstream Media's message: "Better stick with Microsoft Windows; it's the only thing that's secure."
Re: (Score:3)
It's Always a Balancing Test (Score:2)
Security is quality (Score:4, Insightful)
Re: (Score:3, Funny)
Yeah, Linux has now become a commercial, almost for-profit operating system. That's why I'm switching to a Mac.
Fight for your bitcoins! [coinbrawl.com]
Re: (Score:2, Insightful)
With intel vPro or an iLO system, I can just ssh in, turn the machine on, upload a CD image, boot the machine from the virtual image and snarf everything. Being off doesn't mean it is secure these days.
Re: (Score:3)
Incompetent and unaware of it. This person qualifies. For these idiots, it is always others that make the mistakes, never they themselves, and hence they never produce anything good because they do not learn.
Re: (Score:2)
There it is again, that right the social justice zealots assert for themselves but don't allow for people like Linus Torvalds and the Linux community.
Re: (Score:2)