Schneier on Security

Thank you to the person (or people) who took the time to create the transcript for us. Not everyone can get access to audio and video feeds in their place of work.

For people like me who want to take it with them: LinuxWorld podcast feed, or mp3 link.

"But it’s just easier for me in my life right now to use the thing that my peers are using."

Mom always asked: "If all your friends jumped off of a bridge, would you jump too?"

Herd mentality is great, unless you're a lemming.

Hi Bruce -- off topic, except that you might be happy to see a major government and industry understanding security as a trade-off: http://www.cbc.ca/money/story/2007/02/15/threat-oil.html

@John T.: ... and of course a transcript is faster read than a stream listened.

Since Bruce's answer to the "Why not Linux?" question is that he doesn't do his own tech support, and it would be difficult to use a different tool than his peers, I wonder... if you don't do your own tech support, how do you really know your machine is secure? Are you certain that the person doing the support understands every possible vulnerability.

This is why I fear that computer security for the general populace will never be achievable. I'm a software professional, and I have a hard enough time securing myself (and I'm sure I'm missing some things.) How can my grandma be expected to be secure.

For instance, the cable internet people hooked my mother's unpatched windows 98 computer directly to the cable modem "for her". Causing her computer to be complete infested within hours. Luckily she has me to fix such situations for her. But many don't.

I plan on migrating completely to Linux when MS stops providing security updates for XP. I can't tolerate Vista, and I see no other choice than to become more knowledgeable about Linux, and bite the bullet and switch to it.

@Josh O.

"how do you really know your machine is secure?"

Good question. The best answer I can come up with is 'how well do you understand your OS?'

Now and again, we hear pleas to switch from windows to Linux/BSD/Mac or whatever. The real question is:

Do you know the strengths and weaknesses of you OS?

If you are hot on Linux security, then sure! Use Linux.

If you understand Windows, it is also a quite reasonable choice (heresy! heresy!)

The *REAL* issue is understanding your OS platform - everything else is fashion/dogma/ignorance.

"This is why I fear that computer security for the general populace will never be achievable."

Yes, there is a big problem there. Unfortunately, systems are sold on market penetration and features - not security.

@Imperial,
"""The *REAL* issue is understanding your OS platform"""

While that is certainly true to a point, I don't care how well you understand your Ford Pinto, I'd still rather driver a Mercedes.