[openbeos] Re: BeOS/Zeta is (not) immune to attacks
- From: "Urias McCullough" <umccullough@xxxxxxxxx>
- To: openbeos@xxxxxxxxxxxxx
- Date: Fri, 5 Jan 2007 16:35:53 -0800
On 1/5/07, Niklas Nisbeth <noisetonepause@xxxxxxxxx> wrote:
>There will never be a method to stop *you* from erasing >*your* home
folder. That's not what security is about,
>that's what backups are for.
I think I disagree. Security should make sure that I don't lose data, full
stop.
That's not the definition of security... what you're referring to is a
combination of things ranging from security, hardware failure, software
failure, and user failure. Security actually plays a very small role in
your definition.
What if the OS prevented data loss completely - is that all that makes it
secure? NO! If someone makes copies of your private data without your
knowledge, there is a security problem. If someone uses your computer all
day long to send SPAM without your knowledge, then there is a security
problem. Data loss is only data loss - whether as a result of an insecure
system or not. The OS and applications should not prevent it, but should
prevent it without the user's consent. (I think this is what you really
meant)
Security is the promise that nobody else can access/use/destroy your
resources unauthorized.
Resources include files and data, access to APIs, use of CPU time, use of
the network, etc. As Ryan pointed out, the examples on Maurice's page
demonstrate that a user has 'authorized' access to the APIs by choosing to
run the software on the machine in the first place.
I suspect most people classify security as the ability to come in contact
potentially-harmful content/resources, while being assured that their
data/resources are shielded from hidden access or destruction that cannot be
detected or prevented.
Other related posts:
