Interesting People mailing list archives
on kill switches
From: David Farber <dave () farber net>
Date: Mon, 11 Aug 2008 19:09:13 -0400
Begin forwarded message: From: "Steven M. Bellovin" <smb () cs columbia edu> Date: August 11, 2008 12:56:32 PM EDT To: dave () farber net Cc: "ip" <ip () v2 listbox com>Subject: Re: [IP] Re: iPhone can phone home and kill apps? - says yes
On Fri, 8 Aug 2008 09:01:20 -0700 David Farber <dave () farber net> wrote:
The question is why is OS/X on the iPhone so vulnerable and, for that matter, why are the cellular protocols so vulnerable.
Unfortunately, the state of the art is such that we can't solve the problem. We fundamentally do not know how to build large-scale software platforms that are secure or even robust against non-malicious failures. Now -- "can't be secure" is not the same as "can't be better". We can build better systems than most we see today. Some of it requires better education of system architects and programmers (buffer overflows, anyone?), some of it requires more humility (to a security guy, the phrase "active content" translates to "game over, we lose", which means we don't want to see it in our systems), and some of it requires a much more expensive development process. This -- especially the last point -- translates to money: how much security (or robustness) can Apple (or Microsoft or whomever) afford and still make money? How much are you willing to pay, whether in money or in decreased functionality or glitz, for a stronger system? I don't like kill lists and the like, but there are good and bad reasons for having them. It's interesting to read the URLs on the Mozilla kill list -- most refer to plug-ins that are (a) known to be buggy, and (b) kill the browser. One -- the Vietnamese language pack -- is known to be contaminated with a Trojan horse. Kill lists can be abused, of course -- would Mozilla some day ban the adblock or noscript plug-ins because they interfere with web sites making money? -- but they can also be seen as an engineering response to real problems: if you run this code, you *will* be hurt. --Steve Bellovin, http://www.cs.columbia.edu/~smb ------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- on kill switches David Farber (Aug 11)