Re: Nokia Plan B
 

Right, the same way apps have read/write access to your address book? Same way apps have a shared space for images (but not for documents/other files?)?

What you don't seem to understand is that the sharing already exists, but for unknown reason its being artificially limited. So please stop touting the "not sharing makes it more secure" excuse.

No doofus, you have a shared space for data that you CHOOSE to save in there. The apps won't have access to private data used by other apps, just those you saved and want to put into the shared space.

On the contrary, you are spouting about fundamentals of security when you seem to know very little. Just because something is "theoretically" more secure, doesn't really mean its more secure.

Longer passwords with mixture of alphanumeric characters and symbols is more secure than shorter ones with just numbers, but is it really more "secure" if all password fields required you to have a 16 character passwords with upper & lowercase, with numbers and symbols?

Now imagine if your iphone, for "security reasons" forced you to do that everytime you unlocked your phone. Perhaps now you can understand why we see it as something stupid.

Security has to balance itself with usability, and the sandboxed app approach doesn't really provide an increased level of security to justify itself.

Re: Nokia Plan B
 

Yes, the same way users have access to their own documents but can access a shared area for shared data. That limitation means some data is accessible by everyone and access to some data is limited, basic security.

Sharing exists to an extent, that extent is a limitation on access and what you don't seem to understand is the absolute fundamental and most basic concept of security which is based upon access restriction, the less access to data an application has the less security risk there is.

Do I? Where? And what OS?
Of course having a shared space is a good thing, fundamentally less secure if the only copy of your data is in that shared space but personally i view that as an acceptable compromise, to let the user choose, i think all OSes should have such a thing.

In this case the theory matches the practise perfectly fine. If the PDF in the example were available to all applications then any one application could corrupt it. Again, it's very basic security.

Of course it is, do you know nothing about security? An idiotic statement like that demonstrates quite clearly that you have no understanding of security. Compare, for example, the difference in using rainbow tables and dictionary hacks to brute force those longer passwords. Building the tables and running those hacks on lower complexity passwords is trivial, doing such a thing on the passwords you describe is almost impossible, so it's almost always worth attempting the trivial attack just to see if it yields results. The most demonstrable example is the recent attack on firm HBGary, had the passwords been *required* to be of the type you describe they more than likely would not have been cracked at all. So yes *requiring* more complex passwords *is* more secure.

Quite clearly it DOES, look at the ubiquity of the platforms that employ it. Not only is it justified, it's widely implemented and accepted. Again a shared data area gives the user choice and my personal opinion is that is the best option but storing the only copy your data there is inherently less secure.

Re: Nokia Plan B
 

The most secure system:

http://www.emporia.edu/earthsci/garden/rock06.jpg

Secure, but boring. To reiterate a statement that I made earlier in the thread, justifying ANY limitation of a system, even for the sake of security, comes only from lack of imagination.

Re: Nokia Plan B
 

Explain how a limitation of a system can only be justified only by a lack of imagination. For one it can be - and indeed often is - quite clearly justified by a need for security. Security is - by it's very definition - limiting, however you seem to suggest we don't need security.

But then of course there are some people who actually believe shared data is just as secure as private data.

I'm not saying it's better, i'm not saying it's more usable, i'm not saying it's not limiting, all im saying is that private data is more secure than shared data and im not even giving a measure on how much more secure it is. However some people seem to think their idea is the one and only way to do things and that no other solution could possibly be of any benefit...now *that* comes from a lack of imagination.

Re: Nokia Plan B
 

Ok, I'll try. When you consider to limit a system*, you are weighing in the benefits from your system working as expected, and the drawbacks from it failing due to the limitations. If the benefits outweigh the drawbacks, you would consider the limitation appropriate. However, one possible outcome is that the limitations that you have imposed on your system would prevent it from achieving something that may have been much more advantageous than you expected. Your set goals may be way below what you could have reached had you not placed artificial limits. Now, with a little more imagination, you could have seen the possibilities, and refrained from limiting the possible outcomes...

To give you an example, you wondered who would want to read a PDF with several readers, but failed to imagine that PDF can not only be read but also created, edited or printed.

I would also like to point out that the security benefits you speak of are mostly imaginary, and the fake sense of security given by crippling the system is another sign of lack of imagination. In my personal experience, the greatest menace to my data has been in no other place but between my chair and keyboard. I see no limitations of the OS that would prevent me from wiping out 3GB of data or the vacation pictures from the last two years. I bet you didn't guess that when you were scheming how to prevent external network access to my hard-drive :D

___
* I referred to systems in general and not OSes on purpose; limiting ourselves to the narrow context of computer systems would be unimaginative ;)

Re: Nokia Plan B
 

Which you said can never happen, because - according to you - you can never justify the limit of a system.

And just as much chance that the ability for everyone to access everything could be more disastrous than you expected.

Which are of course not necessarily good outcomes, most of these system limitations are in place to prevent the foreseen bad outcomes.

No i didn't i just assumed the idea that one would want to do all 3 of those things in multiple programs was a niche. Which isn't necessarily wrong.

Well since we're talking of 'systems' in the broad sense:
We shouldn't use unprivileged user accounts - they place limits on the system - everyone should run as root and have access to everything all the time?
If i log in to my network provider's management system they shouldn't limit me to only seeing my own data? Ditto for banks?
I suppose you don't have a firewall? Use ACLs? Have all your ports open to be accessed by anyone?

These are systems that have limits in place for security and it most certainly is justified.

You seem to be missing the point, it's not about you damaging your own data, it's about protecting your data from being damaged by someone else and vice versa. Hence shared vs private data.