Wednesday, January 19, 2011

Taking back our computers.

Apparently the US and Israel hired some hackers and managed to set back the Iranian nuclear program a few years. I'm pissed that it's even possible for this type of subversion to take place, but not because I believe in the freedom to enrich uranium.

I believe that we should own our computers, and not have them subject to the whim of others. The only practical way of achieving this that I'm aware of is by using something I call CABsec,  which is least privilege, CApability Based Security.

Our current systems are based on the opposite concept... which is to allow everything, and add roadblocks in the appropriate places to prevent mischief.  It's this way for lots of reasons, including that it matches up with the way we view the world in general.

The cost of checking everything against a list of privileges is small, but non-zero, likely on the order of 1% of the computers time for a typical user, if that.  Compare that to the at least 50% speed loss caused by our current crop of antivirus and anti-spyware... and that will seem like a bargain.

It's a matter of replacing a lot of things in order to build a CABsec based system... in computer programming circles its a "Boil the Ocean" type of solution, so it's not likely to arise unless someone gets out and pushes... and keeps pushing.

I'm pushing... will anyone else help?


You can read up on the concepts, starting with the Principle of least privilege.

No comments: