Re: Biometrics
- From: "Steve Riley [MSFT]" <steve.riley@xxxxxxxxxxxxx>
- Date: Tue, 22 Jul 2008 10:29:53 -0700
A standalone telephone certainly is secure, and keeps its users safe. For such a phone will never receive or transmit unwanted conversations, and the users of such phones will never be bothered with advertisements, thoughts that challenge their perceptions, or interesting and surprising opportunities.
A standalone computer certainly is secure, and keeps its users safe. For such a computer will never receive or transmit unwanted software, and the users of such computers will never be bothered with advertisements, thoughts that challenge their perceptions, or interesting and surprising opportunities.
No risk = no reward.
The value of a networked system increases as the square of the number of elements in that system. A single system has a value of 1^2=1; a two-element network has a value of 2^2=4; a three element network has a value of 3^2=9; and so on. (Bob Metcalfe, "It's all in your head," Forbes Magazine, 7 May 2007: http://www.forbes.com/forbes/2007/0507/052.html.)
Chris's distinction between the Internet and "a network" (presumably private, for Chris doesn't specify) isn't useful today. The network effect is clearly evident on the Internet; I'd argue that in a private network, the network effect is diminished. Why else would we all be rushing headlong into the eventual recognition that private corpnets truly belong on the Internet, and that continuing to make the distinction means a loss of real business value? (Scott Charney, "Creating a more trusted Internet," http://download.microsoft.com/download/2/f/7/2f752ae4-7e1d-4dbd-b75a-aa2dcb0eff5b/End_to_End_Trust_Statement_of_Purpose_Charney.pdf; Steve Riley, "Directly connect your corpnet with IPsec and IPv6," http://blogs.technet.com/steriley/archive/2008/06/25/directly-connect-to-your-corpnet-with-ipsec-and-ipv6.aspx.)
I quote our own materials here as evidence of the demand from forward-thinking customers that the industry envision new practices and develop new technologies that allow for the full realization of the network effect. Chris's argument that per-user security "creates artificial scopes" doesn't reflect reality. On the contrary, _stronger_ per-user (and per-machine) identity and authentication are critical for allowing the network effect to flourish. Indeed, the lack of strong identity and authentication has been a hindrance, and that's why you see technologies like smart cards and TPM chips becoming more common. When we reach the point where all communications are in the context of validated identities, carried in transactions with integrity and confidentiality protection, between endpoints that mutually authenticate their identities and their configurations, then who cares whether the underlying network is trusted or not?
--
Steve Riley
steve.riley@xxxxxxxxxxxxx
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com
"Dan" <Dan@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:64852B3D-D174-4D66-8F12-36323BC788D2@xxxxxxxxxxxxxxxx
Courtesy of Chris Quirke, requesting his feedback be copied and copied due to
his inability to view this post. From Chris Quirke posted via Windows Live
Mail (aka Hotmail)
-------------------------------------------------------------------------------
I can't find the thread, but you could paste from this reply if you like...
In summary; because 9x was designed as a stand-alone rather than
network client OS, it is indeed potentially safer than NT. But the code
base is too outdated to deal with modern hardware, and what makes it
safer as a stand-alone OS, also makes it less secure as a network OS.
As pro-IT folks will point out; 9x has no effective per-user security, as
NT on NTFS can provide. Server-centric networks need this security
to work, to manage users (rather than PCs) and to create artificial
scopes in a pervasively networked environment.
The underlying technologies of this security could be more useful for
consumers, if freed from the user-centric mindset that pervades pro-IT.
If you were to align these technologies according to code, and to
maintain scopes between data vs. code, local vs. remote, etc. then
they could play a meaningful role in keeping stand-alone consumer
PCs safe from web and malware attack.
But as long as the design is based on user accounts and logon,
with the ASSumption that all code running during the user's session
represents the will and intentions of the user who logged in, we aren't
going to get anywhere. As long as all code within even the most
limited of user accounts giving all code the right to see, change and
destroy user data, this system won't protect user's interests.
As long as the Internet is treated as a big network, safety failures
will abound. The core difference between Internet and networking
is that the former requires interaction between untrusted parties;
that is in fact the standard interaction in that environment.
It's not helpful to prove a stranger has a particular name, if you have
no template of expectations for that proven identity. Only when a
proven identity can be matched with such expectations, do you
shift into networking between trusted entities.
Instead, you need to limit the potential impact of interactions - and
that boils down to the distinction between data that is safe to view
or edit, vs. code that is dangerous to run.
Pro-IT could not tolerate the inability to scope between users, via
NT's user rights security. As Internet consumers, we need a similar
ability to scope between data safety and code risk.
Both scopes are artificial; just as there's no hard line between users,
so it is argued there is no hard line between data and code. However,
just as pro-IT strives to create an artificial line between users, so we
should strive to create and maintain a line between data and code.
------------------------------------------------------------------------------
"Steve Riley [MSFT]" wrote:
Dan, I recommend you rethink your logic.
The Windows 3.1/9x code was designed and written in an entirely different
age -- one in which TCP/IP was not the standard networking protocol, one in
which indeed networks were rare, and one in which everyone (we and our
customers) assumed that only good guys used computers.
The world no longer lives in that age. If you take any kind of system
(operating system, engineering system, whatever) and place it in an
environment that is wildly different than the original assumptions, that
system will fail catastrophically. There is simply no way we can retrofit
that very old code to function correctly in today's world of intentional
attacks.
I'm not exactly sure how you can make the statement that "a 9x machine with
the proper safeguards such as a wired router that has wireless broadcast
signal turned off" is more secure than XP or Vista. Firstly, an XP or Vista
box behind such a router would be equally "safe" from attack. Secondly,
disabling SSID broadcast in reality does not accord you any security -- see
my article here:
http://blogs.technet.com/steriley/archive/2007/10/16/myth-vs-reality-wireless-ssids.aspx.
You quote a specific vulnerability below, about DNS, and you then make the
argument that this is a reason the military should be using 9x instead of
XP/Vista. How does that follow? How do you know that 9x doesn't have the
same vulnerability? No one can know, because we don't test 9x anymore. It's
simply too old.
And you mention our password checker. Actually, I think its recommendations
aren't strong enough, and I'm working with the folks who own that feature to
improve its strength.
--
Steve Riley
steve.riley@xxxxxxxxxxxxx
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com
.
- Follow-Ups:
- Re: Biometrics
- From: Dan
- Re: Biometrics
- References:
- Re: Biometrics
- From: Dan
- Re: Biometrics
- From: Steve Riley [MSFT]
- Re: Biometrics
- From: Dan
- Re: Biometrics
- Prev by Date: Re: POSSIBLE HACK...PLEASE, PLEASE HELP!
- Next by Date: Re: POSSIBLE HACK...PLEASE, PLEASE HELP!
- Previous by thread: Re: Biometrics
- Next by thread: Re: Biometrics
- Index(es):
Relevant Pages
|
