alt Hacker NewsNice work. I wonder whether we are on the right track with such architectures though. It seems with every security framework envisioned to combat some set of attacks, a whole new class of issues pop up. And I don't _feel_ like things are more secure in the end. A bit like dutch tax law, it is just a stack of patches to fix exploits and it might have achieved consciousness already! ;)
Replies
Ultimately security is incompatible with backwards compatibility. All OSes in prod today need to be rebuilt from the ground up to be secure for the next century. That means throwing out a lot of code too. It's the cost to pay.
Funny that you should mention Dutch tax law. I don't think it's controversial to say that some of those "exploits" were deliberately inserted. One may speculate that there are also some powerful forces pushing for more vulnerabilities in consumer computing.
Here are high-profile examples of each:
https://en.wikipedia.org/wiki/Dutch_Sandwich
https://en.wikipedia.org/wiki/Intel_Management_Engine#Assert...
Because many of these systems aren't designed end to end to be properly secure.
The right way to do it usually fails the market due to backwards compatibility or developer pushback to adopt such features (see WinRT sandbox).
Mobile phones security has it easier, because there wasn't backwards compatibility to care about, and so far the stores gatekeeping means that developers that want to play there have to oblige anyway.