Thread: Security on Nits?
View Single Post
meanwhile is offline meanwhile
2008-04-16 , 14:53
Posts: 66 | Thanked: 17 times | Joined on Apr 2008
#46
Originally Posted by mwiktowy View Post
Security is about layering. To say that something is absolutely insecure because it is missing a single layer is simplifying the topic to meaninglessness.
That's a strawman argument. I never claimed that there weren't alternative methods of security. I discussed the Windows approach of firewall and other defensive software, virtual machines, and OS enforced certification and privileges: maemo isn't insecure because it fails to implement any particular one of these but because it implements *none* of them. It has no security strategy at all, and Nokia doesn't claim otherwise - the only thing they on the subject is that you're screwed if you install an app with hostile intent. (P42 of the N800 User Guide, which possibly shows someone has a sense of humour.) By comparison they have entire whitepapers showing why the qtopia and the version of Symbian they use on smartphones are safe.

There are many layers of security that still exist on the tabletOS:

1) It is built on a Linux foundation. Linux developers (especially kernel developers) do think a lot more about security than the average.
Expressing concern is NOT a security measure!

3) It is an obscure platform to write an exploit for. Malicious attackers will look to get the most bang for their buck and the tablet is not it. Not exactly a feature that Nokia marketing wants to use but it does help with security somewhat.
Yes. As I've noted. This doesn't promise well for maemo's future, especially now that nokia have spent 100ME to buy Trolltech and qtopia, with its safe execution environment.

4) Linux generally does not run applications as a superuser. After they are installed, apps on the tablet generally run as the user "user" and that gives them much less leverage on the system. They can affect files in /user/home and /media/mmc*, maybe communicate via the various communication interfaces but that is about it.
So a rogue app could steal passwords and creditcard numbers and stage a dos attack, but not do any *serious* damage?

Btw, given the openess to attack, does anyone expect to see maemo run on a phone, wiith the the potential for telecommunications dos attacks?


5) The tablet is not always on and always connected to the network. Being mobile, it is jumping from network to network and spending a lot of the time sitting off and not talking to anyone. Most of the other part of the time, it is connected to an wireless access point that masquerades the network connection and often has a firewall built in. This greatly reduces the opportunity for network-based remote attackers to even try to exploit servers running on your tablet.
i. Normal people buy nits to use with public access points.

ii. One of the previous posters already thought of a way around the above, even on the occasions that your logic is correct...

iii. Which will probably be quite rare. Most people will use their nit at home and won't have nearly so paranoid an environment.

The addition of the Wimax line of tablets sheds this significant layer though. Another axiom that goes along with "security is layering"; "Security is also always a trade-off".
Wrong again. Better security doesn't always come with compensating drawbacks - there is such a thing as simply being more competent and making more of an effort. In fact, this is a general rule in programming and life. Trade offs do exist, but so do variations in quality in an absolute sense. For example, can anyone think of any reason why they would implement an e-commerce site without using encryption for transferring credit card information?

So that is a (by no means exhaustive) list layers that provide a security
You actually haven't named a single genuine method of security. Honestly; try the above arguments on a real security mailing list - I encourage you.

attempts to have 100% coverage of all possible exploits. Never can any anything ever achieve this goal. The security of the available application trust system is certainly a problem that throwing out buzz-phrases like "sandbox" is not going to solve ... sandboxes can be breached too
Once again, do you have and use locks on your doors? I suspect the answer is yes, even though a skilled locksmith could defeat them. A decent sandbox can provide a much higher levels of security again, so you will understand if I conclude you don't really accept the logic behind your own argument. You do lock your house, your car, your hotel room and bicycle, yes?