Blog

2021-08-18

In regards to LWTWJO episode on "Ransomware".

Let me tell you a secret: The security model of major operating systems is seriously flawed. It's not really a secret, it's just that many are not aware of it. What is this serious flaw? Software a user runs (either on purpose or not) has access to everything. If you get a person to run an .EXE - it's game over. If the user runs a software that has a vulnerabilty (vulnerability allows hackers to run code on your machine) - it's game over as well. Your Image Viewer has access to all your .doc files. If that Image Viewer has a vulnerability an attacker can craft a special .PNG file that will delete all your .doc files. It's as simple as that. And this shouldn't be the case. But this is how it works in all major operating systems.

But what's the solution

You need a much more fine grained security model. Let's say you want to view an image. The way it should work is that the operating system launches the image viewer but only gives it access to exactly the image that you want to look at. If the image viewer has a vulnerability the damage it can do is restricted. It won't be able to delete your .doc files. It can delete the image file you were trying to view but at least not more harm than that.

But why don't have major operating systems such a security model?

Because the customer isn't asking for it. Any manufacturer delivers what the customer wants (or at least should). There's no need to add in security if the customer isn't asking for it. Additionally it would require users to be more aware of what they're doing and it's questionable whether your 60 year old person who already struggle to use computers wouldn't be put off by an operating system that requires more knowledge on the user's part. Let's say you open up word and try to open a document and the first thing you see is a pop-up "MS Word is trying to access Budget.doc. [ ] Allow [ ] Don't allow.". It doesn't sound that hard to me but it's probably too hard for the majority of users and that's why Microsoft or Apple doesn't really have the motivation to put this into their operating system. Ease of use is a selling point. Security is also a selling point but it all depends on your target audience. I'd be thrilled to have a more secure operating system - but your grandma is probably going to favor ease of use over security.

2021-08-04

Ever since I sustained some form of brain damage (which I'm after 3 years still not fully recovered from so I assume I have to live with some lasting sustained brain damage). But anyway... my brain quickly turns foggy and chaotic after watching movies or reading a lot of stuff. This is why I had to give up my job I originally learnt and studied. However, I feel like I could improve by not watching any movies or series at all. It sounds easy in theory but in practice trying to overcome the boredom without movies or series is going to be tough as a single person who also lives alone. There just isn't much to do. It's not that I have no program - I go kickboxing on Mondays, Tuesdays and Thursdays is bouldering and fryday is gymnastics and sunday is usually a Parkour session. Additionally Wednesday is lower body day and Friday is upper body day. But due to my health working 100% is currently out of the question (even in another field) as well so I'm only working 50% and trying to deal with the boredom isn't that simple because I can't fill the entire afternoon with watching movies or series... that'd be way too much. I can watch some but even that has a price that I'd probably be better off not paying. I'm currently doing garden/forrest work every morning.

Therefore let me really try to get rid of almost all screen time except the necessary amount for administrative tasks (and some blogging I guess).