I'm In Ur Minesweepr, Pwning Ur Codez

Ivan Krstc is the director of security for the 'One Laptop Per Child Project', and in a speech at the AusCert 2007 conference recently he offered an interesting take on the underlying problem with desktop security: Everything does everything - and that's bad.

"The No. 1 broken assumption of desktop security...is this very simple premise that all executing software should execute with the full permission that its user possesses," Krstic said.

"There are a bunch of programs that ship with all major operating systems--including Linux, Mac OS and Windows--that can format your hard drive, spy on your computer, spy on you with your microphone and camera, and turn over control of your computer to third parties," Krstic said.

One example of such a program, he said, is Minesweeper, a single-player game that has shipped with virtually all versions of Microsoft Windows.

"This is no exaggeration. There is nothing in place to say that Minesweeper cannot do these things. That tells me something is pretty badly broken," he said.

I don't know how far this guy is going to get with the general public by saying that software is too powerful and versatile for its own good.  But there's a reason why many thinking people immediately configure their firewall to 'Block All Access' when they've loaded even the most innocuous program onto their desktop. Do you wish your computer did less, but faster and more safely? (Raises hand)

Tags:  EZ, NES, CoD, code, Mine
Via:  ZDNet
blog comments powered by Disqus