Re: A small security feature proposition

[Grzegorz Staniak <gstaniak zagiel pl>]

"Sourav K. Mandal" wrote:

Hello, thank you for your response and sorry for the delay in answering
it.
 
> In response to Grzegorz Staniak:
> 
> The fundamental issue is that most computer users in the world at
> present see computers as appliances, rather than working
> environments, though this is certainly changing.  

Is it? I was under the impression that the trend is exactly the opposite
- the appliances market is a rising star, and the traditional dekstop
computer is slowly but surely being replaced by palmtops, handhelds,
network computers, thin clients, Internet appliances, TV set-tops that
access applications through network. Even servers are following the
path, cf. Cobalt cubes and other turn-key appliance-like server/firewall
products.

> People don't need
> need graphical utilities to lock the doors of their house at night
> before going to bed (though that would be cool), because they deem
> it important and go to the trouble.  The proposed utility might be
> useful in "training" users to care about such things, but in the end
> a user must care enough to even push that one widget button;

That's absolutely true, and the consciousness of the user is definitely
the key to better security. However, it's not really about security,
it's about control. I just wonder sometimes why such a - at least
potentially - useful feature as ext2 file attributes is never present in
GUI file managers. I would certainly welcome the possibility to set the
attributes using right-click in 'gmc' or 'nautilus' - it _could_ be used
for securing data, but I'm definitely not saying it will make anything
more secure by itself. For a more conscious user though, I still think
it's a nice feature.

[...]

> I think a better strategy overall is to impress upon people the
> importance of making backups that are secure and physically separate
> from their machine in case disaster strikes (as demonstrated
> innumerably by the US State Department).  Also, to use "recoverable"
> file deletion utilities, like safedelete or delete/undelete, which
> can be time-sprung to keep things clean automatically.

Definitely agreed. A home user however is in a difficult position as far
as backups are concerned. Not a single one of my friends has a tape
drive, and only a small percentage owns a CD-writer.

> In short, things will run much more smoothly (and without bitching)
> in the future if "defensive" computer use (like "defensive driving")
> is emphasized with the aid of certain tools (like those suggested),

That was all I was suggesting - giving people the possibility to use the
filesystem attributes through graphic shells once they are conscious
enough to use them.

> rather than attempting to engage in an arms race with malicious
> parties to shield naive users.  Playing devil's advocate, what is to
> stop a virus from doing a "chattr -i" on everything owned by the
> user?  

It would need superuser's password - this particular attribute is set by
root only, that's why I mentioned the 'gsu' wrapper.

> Also, many programs, like mail clients, manipulate a number
> of files behind the scenes -- would not each program have to follow
> this security convention as well?

Well, they could at least use the file attributes more. I know it's not
portable, but at least optionally, for Linux builds, I would love to see
programs give me the option to lock e.g. configuration directories.

> To summarize, I am stating that user-learned, user-implemented
> protection methods, rather than opaque protection services, devices,
> programs or program features are the most logical course to
> alleviate future mental anguish.

Agreed.
 
> One caveat is that I am simply a long-time Unix user, and no
> security expert, so perhaps I have mistaken the depth of Mr.
> Staniak's suggestion -- corrections welcome. 

I don't think there was any particular depth in it - just a request for
a feature that I would find welcome and that might also be helpful to
some people security-wise.

[...]
 
> Regards,
> 
> Sourav Mandal

-- 
Grzegorz Staniak <gstaniak@zagiel.pl>