I agree with pretty much everything you said. Current OSes, protocols, and practices all conspire to destroy any guarantee of complete security.<p>But 99% of the time for 99% of people, a complete guarantee of security is overkill. With a few exceptions, as long as breaches are quickly discovered and fixed, the damage is relatively minor. Stolen credit card? Report it to your card company. Charges are blocked and you get a new card. Website vandalized? Shut it down, clone the disks on any compromised machines (for postmortem examination), restore from backups, blah blah blah standard panic procedures.<p>In areas where security and reliability <i>really</i> matter (basically: medical devices and avionics software on planes that carry people), software is <i>expensive</i>. Certain software development processes are required by law (See <a href="http://en.wikipedia.org/wiki/MIL-STD-2167" rel="nofollow">http://en.wikipedia.org/wiki/MIL-STD-2167</a> and <a href="http://en.wikipedia.org/wiki/DO-178B" rel="nofollow">http://en.wikipedia.org/wiki/DO-178B</a> ). Greatly increasing the costs to create and use software kills new ideas in the womb. It becomes impractical for startups or small groups to build stuff.<p>So is Internet security a failure? Yes. But really, I'm glad we're not so risk-averse as to paralyze ourselves with more draconian measures.
It's all about defense in depth. Local root exploits are part of why I run my stuff chrooted on an OpenBSD system. It's not perfect, but it's pretty much the best you're going to do. Still, you can't just stop there.<p>Having a one-time-password setup (SecureID, for example) to a cental "admin" system that can access the remote servers directly is one layer of defense against certain workstation compromises. Using properly-configured RBAC (or better, Mandatory Access Control) with separation of duties and remote logging gives security staff tools to enforce and analyze policies and incidents.<p>I'm not saying it's possible to be 99% secure. To that end, I suppose Security is a "failure" (<i>rolleyes</i>) and as was mentioned before: you don't need 99% security, but you certainly should be able to go back and look at that other 1% after the fact.<p>The truth is that you really don't see security's boundaries when it's working properly. You can tell when it's getting in the way, but security is truly the most visible when it fails.
Internet security, like any kind of security can never be absolute (as is pointed out in a couple of comments).<p>So it's really a question of achieving whatever level of security is practicable in relation to its costs in time, money and energy and as for the rest...<p>Well read David Brin's novel "Earth" as well as his work on transparency.<p>The war against an Orwellian world may be better won by making EVERYBODY a potential 'big brother'... which gives no oppressor an edge.<p>Not sure how it'll work out, but I'd rather have everyone on a level playing field.<p>Should put quite a crimp in hypocrisy though... which is already happening.
I think the only way that computer software is going to get radically more secure is if software creators can be sued for negligence if they create secure software.<p>This would mean a fairly big change in the process by which software is created, but if OpenBSD can do it why do commercial companies still have problems.<p>Do I think this will happen? No. Will security improve much with out it? Google Chrome has some decent mechanisms and Windows 7 appears to be better, but without some kind of government legislation or regulation designed to protect John Q. Citizen, I doubt much of substance will actually happen.
Two complaints with the linked "local root kernel exploit":<p>1) The linked page says that it's a local DoS bug. Being subject to denial-of-service from local users is hardly critical.<p>2) Even if it were, as the link text seems to imply, a local privilege escalation vulnerability, it is my understanding that that sort of vulnerability is generally not considered critical, because an attacker needs to have compromised a local account to use them. Of course, if you're a shared hosting service, I suppose you might beg to differ, depending on how you're set up.
Two key points here:<p>firstly there is pretty much nothing you can do to stop a determined attacker. All the trust based security in the world will break down at some point because, ultimately, computers are complex things.<p>Secondly the rant about law enforcement is partially bull. The major problem is catching and prosecuting hackers is involved, expensive, usually cross border and difficult to convict. How do we solve those problems? I really don't know.