Comments on: Show 009 – An Interview with Bruce Schneier http://www.cigital.com/silver-bullet/show-009/?utm_source=rss&utm_medium=rss&utm_campaign=show-009 Cigital CTO Gary McGraw discusses software security with security gurus. Mon, 31 Oct 2011 00:04:20 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: gem http://www.cigital.com/silver-bullet/show-009/#comment-36 gem Mon, 22 Jan 2007 20:12:16 +0000 http://www.cigital.com/silverbullet/show-009/#comment-36 Good pointer to Peter's paper. I wrote about that in my darkreading column here: http://www.darkreading.com/document.asp?doc_id=114587&WT.svl=column1_1 BTW, Microsoft has a response here: http://windowsvistablog.com/blogs/windowsvista/archive/2007/01/20/windows-vista-content-protection-twenty-questions-and-answers.aspx gem Good pointer to Peter’s paper. I wrote about that in my darkreading column here:

http://www.darkreading.com/document.asp?doc_id=114587&WT.svl=column1_1

BTW, Microsoft has a response here:

http://windowsvistablog.com/blogs/windowsvista/archive/2007/01/20/windows-vista-content-protection-twenty-questions-and-answers.aspx

gem

]]> By: N. E. http://www.cigital.com/silver-bullet/show-009/#comment-35 N. E. Sun, 24 Dec 2006 10:57:34 +0000 http://www.cigital.com/silverbullet/show-009/#comment-35 Bruce seems quite sanguine about Microsoft's ability and willingness to secure its platform. But I think it could be argued that, even if it wishes to secure Windows, it may not be able to. And Microsoft has, in any case, shown over a long period of time that it is quite prepared to put security on one side whenever it has an economic motive for doing so - for example, binding the browser into the OS and using Active X to get the drop on Netscape and Sun respectively. There seems no reason to believe that is likely to change its ways. Peter Gutmann considers that Vista Content Protection (for which there is an obvious economic motive) has bad implications for reliability and security: "As a user, there is simply no escape. Whether you use Windows Vista, Windows XP, Windows 95, Linux, FreeBSD, OS X, Solaris (on x86), or almost any other OS, Windows content protection will make your hardware more expensive, less reliable, more difficult to program for, more difficult to support, more vulnerable to hostile code, and with more compatibility problems." http://www.cs.auckland.ac.nz/~pgut001/pubs/vista_cost.txt We've yet to see what new round of security problems may issue from these moves, which are fundamentally about who controls distribution of content, security of users coming a very poor second. Bruce seems quite sanguine about Microsoft’s ability and willingness to secure its platform. But I think it could be argued that, even if it wishes to secure Windows, it may not be able to. And Microsoft has, in any case, shown over a long period of time that it is quite prepared to put security on one side whenever it has an economic motive for doing so – for example, binding the browser into the OS and using Active X to get the drop on Netscape and Sun respectively. There seems no reason to believe that is likely to change its ways.

Peter Gutmann considers that Vista Content Protection (for which there is an obvious economic motive) has bad implications for reliability and security:

“As a user, there is simply no escape. Whether you use Windows Vista, Windows XP, Windows 95, Linux, FreeBSD, OS X, Solaris (on x86), or almost any other OS, Windows content protection will make your hardware more expensive, less
reliable, more difficult to program for, more difficult to support, more vulnerable to hostile code, and with more compatibility problems.”

http://www.cs.auckland.ac.nz/~pgut001/pubs/vista_cost.txt

We’ve yet to see what new round of security problems may issue from these moves, which are fundamentally about who controls distribution of content, security of users coming a very poor second.

]]>