"Guru" is probably the right word to use for Schneier at this point, and here's another great example of him inserting himself into a story he has no involvement in, making comments that betray a complete lack of awareness of the context of the story he's commenting on. Par, unfortunately, for the course.
It is doubtless the case that Schneier is fielding constant phone calls from trade reporters asking for his opinions on the security news of the day. Taking those calls, and writing the op-ed-style pieces that generate them, is probably the bulk of his job description. And so it's to be expected that he's going to be asked questions about things like Chrome's "virus-proofness", and having given no thought to Chrome or its architecture, be at a loss for pithy commentary. Hence, "2+2=3". Thanks, Bruce.
But before you feel too much sympathy for him, remember that he always has the ability to tell the reporter, "sorry, I don't know enough to comment intelligently on this story".
You've been interviewed by a reporter, yes? His very next sentence could have been something like, "It's not going to be virus-proof, but I'm glad to see they're thinking about security early. There is still a lot that can be done at the operating system level to improve security for the user."
The reporter would have cut that part out. It's not controversial enough. You could do the same thing with his blog post on homomorphic encryption if you took the phrases, "Gentry’s scheme is completely impractical," and "I think he’s being optimistic with even this most simple of examples," in isolation from "practicality be damned -- this is an amazing piece of work," and "I never expected to see one [a secure fully homomorphic cryptosystem]."
I don't understand this need to pull Schneier down. He's a smart guy, most of his writing is good, and he helped design a cipher that came pretty close to being selected for AES. Anyone who enters the media game is going to end up getting a bit caricatured.
You'll note that I didn't comment on his post about Gentry's homomorphic encryption scheme, for two reasons: (1) homomorphic encryption is a very boring topic, and (2) I don't feel like I have an authoritative argument for Schneier not being qualified to talk about it. Having dispensed with the straw man in your second graf, I'll take the 1st and 3rd in order.
I have been interviewed by reporters. And I have, in fact, made lots of mistakes with them. Security researchers are unnaturally attractive to trade reporters, and there's business value in cultivating contacts with them, and I've definitely let that process run too far in the past.
So, a mistake is a mistake. And thus, regarding your first graf, two responses:
(1) I stand by my original argument that Schneier doesn't appear to be close enough to Chrome OS security to comment on it, and his comments appear to misconstrue what Chrome OS is aiming for, and
(2) I stand by my original argument that this is an example of Schneier's business objective of inserting himself into every conversation about computer security again coming at a cost of his credibility.
Finally, you want to understand my need to pull Schneier down. I don't care if he's smart. I care that he's a guru. He's listened to uncritically by lay professionals, and his opinions about the problems they face are often not valuable. I'll add that Schneier's reputation in cryptography --- a field I am not a part of --- is not ironclad. If you want to stick up for a scientist, start with their citation record. Let us know what you find.
Don't you kind of think homomorphic encryption is a big deal for what it allows? I mean, at it's core, running arbitrary computation on encrypted data for the later consumption of the decrypter is a very big deal, and can be a Cloud game-changer.
Schneier may not be the world's greatest guru, but he knows a lot and he writes well, which makes his opinion more relevant on average than almost anyone else's. If you want a similar amount of "street cred", write a book.
No seriously, I'd read a book by you guys, just write it, please.
I start caring about crypto (and security) when it gets deployed in the real world, so I can break it. We ship a product, but for the most part, I am myself a professional abuser of software. So there you go, re: homomorphic encryption.
As regards "street cred", look, you can assign whatever credibility you want to the guy. I'm telling you, from the trenches, you are often going to be worse off for basing decisions based on what he says. Sure, you'll say, you don't base decisions off what some random pundit on the Internet says, and I say to you, "good on ya". But lots of people do, and so taking the piss out of him is a noble enterprise in my view.
"It was mathematically proved decades ago that it is impossible -- not an engineering impossibility, not technologically impossible, but the 2+2=3 kind of impossible -- to create an operating system that is immune to viruses." Does anyone know what he's referring to? That would be an interesting read.
He's talking about the halting problem, which isn't "2+2=3" impossible, but undecidable. Of course, the average engineer at Google has vastly more CS education than Schneier, would never have claimed to have solved the halting problem (or "program intent" as the AV people put it), and would have responded to this question more succinctly and accurately than Schneier did.
An infinite loop does not a virus make. With a multithreaded OS an infinite loop is not really a problem. Limiting resources to some defined level is a "solvable" problem.
The antivirus problem isn't a resource consumption problem. "The halting problem" is a CS synecdoche for the limitations of static analysis and the fundamental generality of what a "virus" is.
He's saying, "we mathematically figured out a long time that trying to look at a computer program and predetermine what it will do before running it is a task that reduces to the halting problem."
That this is a stupid way to look at the antivirus problem is besides the point here.
Sorry, that's a better explanation of what you meant but it's still not a problem.
You don't need to figure out what a program can do ahead of time if you limit what it can do at run time. You don't even need to let the user do anything at run time.
Lol, ok sorry I just had a someone is wrong on the internet moment. Which had nothing to you just the idea about the limits on what an OS could do. http://xkcd.com/386/
PS: I also just noticed that that was commic #386.
Allowing friendly programs to access resources but disallowing unfriendly ones is impossible, because it is impossible to distinguish between the two without some form of enforced signing that is impossible for the user to subvert(and who wants that?). And no, defaulting to reduced permissions for some programs is insufficient. People will still click "Ok, allow higher permissions" on programs if prompted.
What's the difference between 'rm -rf foo', for example, and 'run-virus'?
Not much, but nothing says the user needs to be able to type 'rm -rf foo'. Most people are used to OS that are designed to be fast and permissive, but you can code a defensive OS.
What sort of defensiveness do you think will work to effectively prevent -- to make up an example -- an application from popping up a fake login screen that asks them to enter the details, then mails the login info to the attacker and the program to all the victim's friends, without making the system unusable? Signed binaries where the signature describes the level of access might work if you don't allow it to be subverted by the user, but at the cost of essentially losing control over what you can run.i
I can't think of an especially usable uber-paranoid defensive system, although I'd definitely love to be proven wrong. Essentially, the problem isn't a totally technological one. The core of the problem is that the user can effectively be convinced to be their own attacker.
Listen, Bruce, they don't literally mean that their OS will be completely and 100% totally impervious to any sort of malware or virus attack of any kind ever to exist ever in the future ever ever ever to infinity times infinity.
They mean that their OS will be considerably more resistant to any sort of reasonable malware attack in the foreseeable future, and they're 100% correct.
Windows, even just because of its target market, will be the low hanging fruit for as long as I think anybody can foresee. Simply because of this, linux and bsd-kernel based operating systems that are using proper user isolation (meaning not running as the freaking root account by default) are going to be more secure than windows.
It would be good if we could look at his actual statement/blog post rather than an analysis. Given how so few of his words are mentioned in the "article", it makes me wonder if the 'press' is misinterpreting what he really said.
True. Although this might enable an undesirable behaviour, since anything you pay attention to grows. So if one can't vote down. Voting something 'up' is effectively a vote down for all others.
I think making a claim like users don't have to deal with viruses, malware, and security updates is potentially more dangerous than having an OS with a less robust security model.
Even linux and BSD systems are vulnerable if malicious programs are given the necessary permissions to run. If a casual user hears something like, "This OS is immune to viruses", they're likely to be a lot less cautious about running programs that might auto load from websites. By now most Windows users know better than to click OK when a website wants to install something on your PC.
You're right in spirit, but let's kill the "permissions" meme. There's no normally-used Unix permissions that make viruses difficult to implant on Unix systems, and there's nothing on most people's machines that a virus would want access to that intrinsically requires "root".
The leading causes of malware are single-user machines and point-and-click software installation from the web. To the extent that any OS allows these, it's susceptable.
Perhaps "most" is an overstatement, but certainly a greater proportion know better today than did 10-12 years ago. As time goes on that segment of the Windows user population is only going to increase.
"Google, while announcing its new Chrome operating system late Tuesday, said users would no longer have to worry about viruses, malware and security updates"
Good marketing. Tough to live down when you're first discovered to be "human" (developed by software engineers) - as it will be when Apple's first takes a major hit [which news suggests the iPhone may be vulnerable to].
"Google... said users would no longer have to worry about viruses, malware and security updates"
I'm guessing since most applications on Chrome will be web-based, the vendor will worry about them. They will be able to more easily and quickly detect + destroy phishing schemes, viruses etc. Kind of like how Facebook has responded to malicious wall posts.
For me the bigger concern would be the loss of productivity due to downtime of web services, or loss of internet connectivity.
Perhaps a needed dose of sanity (even if hyped) to counter Google wishful thinking/marketing: "Google, while announcing its new Chrome operating system late Tuesday, said users would no longer have to worry about viruses, malware and security updates"
Good marketing. Tough to live down when you're first discovered to be "human" (developed by software engineers) - as it will be when Apple's first takes a major hit [which news suggests the iPhone may be vulnerable to].
Whatever they do, I just hope they release the code. That way even if their redesign fails, the FOSS community will have something to learn from it, and if it's the best thing ever, it can be ported over to other Linux distros.
Just report, don't scoff experts. It makes you look stupid. Now what was the context? Ah, I see you were so busy trying to claim intellectual superiority (failed) that you forgot about that.
It is doubtless the case that Schneier is fielding constant phone calls from trade reporters asking for his opinions on the security news of the day. Taking those calls, and writing the op-ed-style pieces that generate them, is probably the bulk of his job description. And so it's to be expected that he's going to be asked questions about things like Chrome's "virus-proofness", and having given no thought to Chrome or its architecture, be at a loss for pithy commentary. Hence, "2+2=3". Thanks, Bruce.
But before you feel too much sympathy for him, remember that he always has the ability to tell the reporter, "sorry, I don't know enough to comment intelligently on this story".