Schneier on Security
A blog covering security and security technology.
« "One Laptop per Child" Security System |
| Scanning People's Intentions »
February 14, 2007
Interview with Me for LinuxWorld
Earlier today I spoke at the Linux World Open Solutions Summit. This was a verbal interview that LinuxWorld did for me in advance of my talk, transcribed.
Posted on February 14, 2007 at 2:57 PM
• 8 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Thank you to the person (or people) who took the time to create the transcript for us. Not everyone can get access to audio and video feeds in their place of work.
"But it’s just easier for me in my life right now to use the thing that my peers are using."
Mom always asked: "If all your friends jumped off of a bridge, would you jump too?"
Herd mentality is great, unless you're a lemming.
@John T.: ... and of course a transcript is faster read than a stream listened.
Since Bruce's answer to the "Why not Linux?" question is that he doesn't do his own tech support, and it would be difficult to use a different tool than his peers, I wonder... if you don't do your own tech support, how do you really know your machine is secure? Are you certain that the person doing the support understands every possible vulnerability.
This is why I fear that computer security for the general populace will never be achievable. I'm a software professional, and I have a hard enough time securing myself (and I'm sure I'm missing some things.) How can my grandma be expected to be secure.
For instance, the cable internet people hooked my mother's unpatched windows 98 computer directly to the cable modem "for her". Causing her computer to be complete infested within hours. Luckily she has me to fix such situations for her. But many don't.
I plan on migrating completely to Linux when MS stops providing security updates for XP. I can't tolerate Vista, and I see no other choice than to become more knowledgeable about Linux, and bite the bullet and switch to it.
"how do you really know your machine is secure?"
Good question. The best answer I can come up with is 'how well do you understand your OS?'
Now and again, we hear pleas to switch from windows to Linux/BSD/Mac or whatever. The real question is:
Do you know the strengths and weaknesses of you OS?
If you are hot on Linux security, then sure! Use Linux.
If you understand Windows, it is also a quite reasonable choice (heresy! heresy!)
The *REAL* issue is understanding your OS platform - everything else is fashion/dogma/ignorance.
"This is why I fear that computer security for the general populace will never be achievable."
Yes, there is a big problem there. Unfortunately, systems are sold on market penetration and features - not security.
"""The *REAL* issue is understanding your OS platform"""
While that is certainly true to a point, I don't care how well you understand your Ford Pinto, I'd still rather driver a Mercedes.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.