--- On Mon, 10/20/08, Chad Perrin <perrin@apotheon.com> wrote:
> > As you know though, security v.s. usability/features
> is a tradeoff.
>
> I disagree:
>
> http://blogs.techrepublic.com.com/security/?p=390
>
>
> >
> > Proper development requires rigorous testing and code
> auditing
> > to prevent bugs and security holes.
>
> . . . which in no way trades away usability for any gained
> security.
>
Please note I'm not a security expert, but this is the way things logically seem to me, at least.
Usability - no, features - yes. Or at least it takes longer for features to get pushed to the stable release of a product. What I mean is that if you haven't rigorously tested something, it takes longer to make that product available in a secure environment (i.e. rigorous testing takes time, and the longer something takes the more consumers get restless as they wait for feature 'x'). Once it is available, yes you can have a secure system with secure features.
Plus certain 'features' are a security hazard by some. For instance most web hosts provide ftp. This is a security risk because the ftp protocol allows for sending passwords as clear text. If you wanted to be security minded you wouldn't allow ftp access to your server.
Why is ftp insecure - probably because it wasn't written with security in mind, like you mention in your article, Chad. However, the fact remains that it is insecure (for anything other than anonymous access) and yet used by many.
Telnet is another example of this, though that at least seems to not be used anymore for remote sessions, but rather other uses (like port knocking) where logins aren't needed.
One could counter-argue that one could just use sftp but the issue there is that sftp is not available by default on every major operating system like ftp is.
In any *nix system it is not generally straightforward for a normal user to be able to install anything, especially using a normal installation program. Most binaries are prepackaged with system directories hardcoded in the binary itself. Hence you have to resort to installing via source if you're stuck on a system where you don't have admin rights.
This is an example of security v.s. usability. You could add a sudo clause which gives them access to a program like apt-get but then they could install anything/everything and worse yet into system directories, not just their own home directory.
Yes, the installation program could have been written to account for users being able to install applications on something like a whitelist into a specific user directory, but that hasn't been done, and giving users acccess to the current install programs that install programs into system directories wouldn't be a secure solution.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:26:33 EDT