Author Topic: NET OF INSECURITY: The kernel of the argument  (Read 1538 times)

Offline perknh

  • Trusted User
  • Hero
  • *****
  • Posts: 4030
  • Karma: 379
  • Soy un huevo, nada más.
    • View Profile
  • Peppermint version(s): Peppermint 10
NET OF INSECURITY: The kernel of the argument
« on: November 09, 2015, 06:34:55 pm »
NET OF INSECURITY:  The kernel of the argument

Story by Craig Timberg

http://www.washingtonpost.com/sf/business/2015/11/05/net-of-insecurity-the-kernel-of-the-argument/
[T]here are a lot of people happily running Peppermint ICE which hasn't been receiving ANY updates for a while now .. and I personally would STILL consider that MUCH more secure than any version of Windows with up-to-date AV/Anti-malware ;)

--  PCNetSpec, Cornwall, Eng.  Dec 03, 2013 5:18 pm

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26437
  • Karma: 65531
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: NET OF INSECURITY: The kernel of the argument
« Reply #1 on: November 09, 2015, 07:37:43 pm »
It's all drivel perknh .. I'm with Linus on this (and that's a rarity in itself), security at the expense of everything else is a stupid idea.

Just a bunch of blinkered security zealots misrepresenting what Linus means and seeing their particular field of expertise as the most important and a "special case" .. though he does sometimes have a habit of making what he says an easy target because of his short sharp answers.

Security is always a consideration but not at the expense of performance/useability/stability .. the kernel has an excellent security record, and there's nothing stopping you adding the grsecurity/PaX patches if you choose.

Should grsecurity/PaX be added by default .. NO .. too much of a performance hit, and not yet proven necessary.

Should they ever be added by default .. maybe .. but I'm more inclined to think good coding and fixing issues as they come to light in a way that doesn't hit performance is probably a better way forward for MOST people .. and for the few that need/want the extra security, as I said you can easily compile in the grsecurity/PaX patches IF YOU CHOOSE.

People that work in the security field are always going to overstate its importance .. luckily Linus takes a more balanced approach, and doesn't listen to the over reactors

If you read closely you'll see he's not anti-security at all (as the article tries VERY hard to imply) .. he's said, give me good code that achieves extra security without breaking userspace, and without too much of a performance hit and he's VERY open to it .. is that unreasonable ?

Want a 100% safe PC, and damn the performance consequences .. don't turn on your PC .. the rest of us have things to do ;)
« Last Edit: November 11, 2015, 06:25:04 pm by PCNetSpec »
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline perknh

  • Trusted User
  • Hero
  • *****
  • Posts: 4030
  • Karma: 379
  • Soy un huevo, nada más.
    • View Profile
  • Peppermint version(s): Peppermint 10
Re: NET OF INSECURITY: The kernel of the argument
« Reply #2 on: November 10, 2015, 05:18:21 am »
Hi PCNetSpec,

I didn't post this article to raise a red flag.  I posted it because we've been hearing more and more in the press, and within this forum, about security concerns within Linux --especially since Android has become so popular (and also, I believe, because of the alarmist marketing tactics of Sophos security company too.)  Okay, I figured; why not hear these people out?

I think the argument for a need to put more emphasis on security within the Linux kernel is well presented within the article.   And I also think that Linus' argument as seeing security as just one part of a panoply of concerns to be addressed, while still maintaining a balanced approach to developing the kernel, is presented well within the article too. 

The long and short of it:  I, too, came away from the article liking what Linus had to say about the kernel, and about his approach to all of its bugs.  I felt Linus' argument was stronger about the inevitability of all sorts of bugs --security included-- than the argument of the one-theme-only security experts.

Quote
... Linus never took seriously the religious fanaticism around security,” said Dave Aitel, a former National Security Agency research scientist and founder of Immunity, a Florida-based security company.

Good for Linus, I say.  I've seen enough fanaticism now to last me a lifetime. ;)

« Last Edit: November 10, 2015, 05:20:11 am by perknh »
[T]here are a lot of people happily running Peppermint ICE which hasn't been receiving ANY updates for a while now .. and I personally would STILL consider that MUCH more secure than any version of Windows with up-to-date AV/Anti-malware ;)

--  PCNetSpec, Cornwall, Eng.  Dec 03, 2013 5:18 pm

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26437
  • Karma: 65531
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: NET OF INSECURITY: The kernel of the argument
« Reply #3 on: November 10, 2015, 05:52:18 am »
The Linux kernel has an enviable security reputation .. so in the continuing absence of widespread kernel security hacks I'm happy to trust the guy that's kept it that way ;)

[EDIT]

I would however like to see where microkernels such as HURD would go if they received (a lot) more development.
(currently playing with MINIX3 in a VM)
« Last Edit: November 10, 2015, 06:16:54 am by PCNetSpec »
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline perknh

  • Trusted User
  • Hero
  • *****
  • Posts: 4030
  • Karma: 379
  • Soy un huevo, nada más.
    • View Profile
  • Peppermint version(s): Peppermint 10
Re: NET OF INSECURITY: The kernel of the argument
« Reply #4 on: November 10, 2015, 06:48:43 am »
The Linux kernel has an enviable security reputation .. so in the continuing absence of widespread kernel security hacks I'm happy to trust the guy that's kept it that way ;)

[EDIT]

I would however like to see where microkernels such as HURD would go if they received (a lot) more development.
(currently playing with MINIX3 in a VM)

I've been absolutely astonished with my experience of using Linux.  I have two proprietary programs running on my computer --Skype and LastPass (a password manager.)  That's it!  And, thanks to your help configuring my modem, I even have no use for a software firewall.  (mrs.perknh's computer has a software firewall only because she always on Wi-Fi, but even then, it's off our modem, so it's still redundant.)

I hope this demonstrates how fearful I am of the open source experience.  Who uses Linux?  Form memory and off the top of my head:  the U.S. Navy (the submarine division, I believe), the United States Postal Service, the Bank of China, etc... ad infinitum.  Why?  Because of Linux' innate built-in security.  Although Linux's security record may not be perfect, it is still nothing less than phenomenal. :)

When somebody can show me something better, I'll try it.  But, until then, forget about it --I'm a Linuxite! ;)

P.S.

The UK's government was supposed to go with Ubuntu years ago as its default OS  To my knowledge Ubuntu 12.04 has spotless security record to this day.  Who pulled the plug on that idea, I do not know.

P.S.S.

I need to read more about microkernels --but they sound interesting.

P.S.S.S

Now has my Gmail ever been spoofed?  I do not know.  But, I still don't see how that could possibly be the fault of the Linux kernel even if such a thing did happen --which I'm still not sure about to this day.

« Last Edit: November 12, 2015, 03:14:16 am by perknh »
[T]here are a lot of people happily running Peppermint ICE which hasn't been receiving ANY updates for a while now .. and I personally would STILL consider that MUCH more secure than any version of Windows with up-to-date AV/Anti-malware ;)

--  PCNetSpec, Cornwall, Eng.  Dec 03, 2013 5:18 pm