Thread: Security on Nits?
View Single Post
tabletrat's Avatar
tabletrat is offline tabletrat
2008-04-15 , 17:41
Posts: 481 | Thanked: 65 times | Joined on Aug 2007 @ Westcountry, UK
#35
Originally Posted by meanwhile View Post
Bold added to show where the logic of this argument breaks down. By analogy, one might say "Locks and policeman are worthless in preventing burglary; because an effective burglar will overcome them." An effective burglar being defined, for the purposes of TA's argument, as someone capable of overcoming locks and guards! The point is that locks and similar security devices alter the effort-reward ratio of an attack.*
What a bizzarre argument!

OK, lets go with your argument. Do you have the capability of walking through an unlocked door? Yes? good. Do you know anyone else who knows how to walk through an unlocked door? Good so far.

ok. Do you know how to make a linux keylogger? Yes? Do you know anyone else who knows how to make a linux keylogger? yes? Do you know an equal amount of people who know how to walk through an unlocked door as can write a unix keylogger? yes? Good, that means your argument is valid.
Whats that? You don't? hmm..

Do you know anyone who can write a unix keylogger who couldn't write an application to disable a software firewall? I certainly couldn't think of anyone.

Originally Posted by meanwhile View Post
This the most basic thing to understand about the economics and psychology of security, and variants of TA's argument above have been repeated throughout the thread without anyone being willing to come to grips with the answer: all security is about raising the effort barrier to attackers.
and what you seem to not be able to grasp is that you are not raising the effort barrier to attackers, you are tricking yourself into thinking you are nice and safe.
You know when you are in a car and the brakes have failed and you are heading towards a truck? Closing your eyes doesn't actually work!

Originally Posted by meanwhile View Post
With Android (sandbox virtual machine) and Symbian (privilege and certification system), or even a decently configured Windows system (firewalls and virus checkers with daily updates) this barrier is enormously higher than for the Nit. In fact, Nokia don't seem to have thought about security at all with the Nit - and it should have been the starting point and key feature for a consumer device designed for accessing the Internet.
That is why windows has no viruses and I don't get any spam.

Originally Posted by meanwhile View Post
Of course, Nokia haven't been alone in their mistakes. Apple have made exactly the same errors with the iPhone, and are now rushing to correct them:
Indeed, that is why we have so many iPhone viruses.

Originally Posted by meanwhile View Post
Shutting down a firewall - especially on a system with decent anti virus and malware - is not easy.
It really is. Unless you are one of the things that the anti-virus knows about. The first people to pick up a new virus get no benifit from anti-virus. The people do later one.

Originally Posted by meanwhile View Post
It's much harder than merely adding a keylogger to a PIM; if its doable at all it will probably only be because of a temporary vulnerability that will get patched before 999 in 1000 attackers have a chance to use it. By comparison, the Nit is a house with no locks on its doors and a big "Come on in!" sign.
OK, your right. It is too dangerous. I suspect it is better if you just get rid of the nokia and go back to your nice safe windows.
 

The Following 3 Users Say Thank You to tabletrat For This Useful Post: