> Since Windows HAS BECOME an ActiveX environment, from top to bottom,
> what's needed now is more emphasis on the environments security. Windows
> NT 4.0 represents, somewhat, the environment that all OLE-based
> platforms have to become. An environment where distributed computing is
> possible, but can also be implemented securely. But this discussion
> digresses into issues that shouldn't be debated here.
We've already had this discussion, Russ, so I'll just say that NT at this
time is nowhere *near* an environment where you could even *think* of
running untrusted applications. A Java sandbox, or a chrooted secured
sandbox on certain UNIX implementations, is getting there. The Safe Tcl
sandbox is closer.
I think that you could probably build an extremely useful sandbox using the
NT kernel as a start, though it wouldn't include the Win32 subsystem... or
if it did that subsystem would be so crippled that it wouldn't run any
applications that currently exist out there. I've said before that the
underlying NT security model, while overly complex, has a lot of potential...
but it's never going to acheive that potential in Microsoft's hands, and if
you think otherwise you're fooling yourself.
The UNIX model is less fine-grained, but it's also a lot *simpler*, and there
are ways to shed the parts of a UNIX implementation that don't use that model
without breaking the UNIX API, because it's so much higher level than the
NT one. Just as it's possible to shed the dangerous parts of Tcl without
breaking the ability to do useful things in Tcl... simply because it's such
a high level and simple model.
> Bottom line is that with so little interest by Firewall administrators
> in desktop security, their minds concreted in the idea that everything
> is going to be controlled at the company gates by the GateKeeper,
That's because it's the only place we have any control. We can't control the
desktop, because our users have undeniable business reasons to support the
inherently insecure Windows API. So long as that's true, all we can do is block
the tunnelers. Because the Internet is not near as important as the desktop,
so we can get away with telling people they can't use this or that new internet
toy.
> innovation in favour of time-tested and proven security models. Fine,
> it'll work great for lots of implementations, but while those walls
> crumble and the GateKeeper continues to be assailed from his/her own
> charges, at some point the realization will hit them that desktop
> security and an integrated administration/security platform is the only
> model that can move forward with the technology.
I would dearly like to see that, but I don't believe it will happen. The
desktop is firmly in the hands of a man who can spell security but has no
idea of what it means.
> But if you think you can say that ActiveX is bad so take it way, you'll
> have to tell them to take away all your MS desktops as well.
Love to, but that won't happen. That's like trying to fireproof your
office by banning paper.
> I'm sure
> many of you have been saying that for a while now, but the facts are in
> front of the majority of you and can be seen just by looking around your
> office.
Yep. And those facts say that the desktop will be completely unable to
provide any useful security for the forseeable future.
Follow-Ups:
References:
|
|
