Real security vs security theater

[mr tribute]

There is a strong push for "increased PC security" regardless of platform. The role model is the smartphone. Things include verified boot ($ecure Boot), app permissions and full disk encryption.

While there might be value in added security there is also a usability trade-off and a sense that the user is now owned by the system. The sysadmin is no longer in charge of the system, the OS maintainer is.

What is a good balance between security and usability for a PC system?

There is a trend that userspace gets less and less meaningful. Proprietary UEFI software is a full OS and might take a long time to initialize before the boot loader starts loading the user-facing OS. Proprietary drivers might be the biggest RAM consumers once your desktop has loaded. Both UEFI and proprietary drivers run with root permissions, but aren't FOSS so can't be trusted from a FOSS perspective.

Personally, I never really cared about security. The way I see it I only have to worry about my email passwords. Apart from those there isn't much interesting on my computers. My email passwords are protected by a login password and a password for the email client. A knowledgeable person might be able to break those with physical access to the PC. On the other hand it's not like my email accounts give them access to money or anything else of immediate value.

Therefore I conclude that limited security is enough for my needs. However, needs vary greatly. What do your requirements for security look like?

[Pentium4User]

Personally, I never really cared about security.

This is a problem, you should care about YOUR security because it affect you and your data.

[Moonchild]

What is a good balance between security and usability for a PC system?

That depends entirely on your environment.

I personally don't have a problem with UEFI since it is just a different way of dealing with system initialization. Your BIOS also runs with the lowest level access to your hardware, by design. I do think secure boot is way over the top for home users, but in a managed environment or high sec/mil workspace it's essential. If someone breaks into my house to get local access to my system to boot an "unauthorized OS" from USB stick or what not, then I have bigger problems than data security .
Disk encryption is similarly not necessary on stationary PCs, IMHO. I do however use it if I feel there is a risk of a portable PC being stolen or confiscated (veracrypt).

As far as drivers are concerned, you have to place your trust somewhere. FOSS is not a guarantee that everything is kosher either; and I do think that hardware manufacturers have a lot to lose if they make their drivers be anything but the best they can be or embed malware in them. So I tend to trust OEMs for having at least an agenda that will not ruin their reputation overnight

[Pentium4User]

and I do think that hardware manufacturers have a lot to lose if they make their drivers be anything but the best they can be or embed malware in them. So I tend to trust OEMs for having at least an agenda that will not ruin their reputation overnight

Some already installed malware on their computers, e.g. Lenovo with the Superfish software.
Also Intel motherboards contain the ME that is a proprietary blob that offers to control the computer remotely. No one can check if it contains backdoors or not because it is closed source.

Most people don't care about this.

Disk encryption is similarly not necessary on stationary PCs

I also use it there. People may break in, government may go crazy in the future and goes inside the house to confisticate computers.
I don't trust them, so I encrypt my disk.

[Mæstro]

One should first define security. Intuition suggests that a system is secure if nothing stupid happens. Files stay in place, and do not vanish, modify or transmit themselves on their own. Processor cycles and store go idle; nobody else can access them for their own ends, even to read them. Accounts are secure when they are immune against others using them for identity, financial or other fraud. Outsiders cannot read files’ or messages’ contents; security blends here into privacy. A secure system rejects any influence but from the user himself, and releases only what he will. Security only contradicts third parties’ use; the proper user sacrifices nothing.

Many measures meant to secure a system fail this definition by forcing surprises. Forced upgrades, though I have not suffered these in many years, are exemplary. I am wont to reject a software upgrade if it would involve a disruptive interface change, which would be something stupid in itself. For example, the Debian 11 repository’s version of Gajim, my main IM client, has reformed the UI to resemble Discord, which I despise, has motivated my choice presently to slipstream Debian 10 LTS security upgrades.

I have under twenty distinct accounts, most seeing very little use. A leak on one, like the ongoing Neopets breach, leaves the others intact, for I use different passwords on all sites. I save these within Pale Moon, without a password manager. My financial accounts use an authenticator. I encrypt my hard drive and, redundantly, my home directory, though I am the only one who uses this computer. I have installed all software upgrades for Debian 10 packages, these being tame. I keep Flash installed to be activated by site, and as it is no longer much used outside China, I doubt the attack surface is as broad as a dozen years ago. Beside Iptables, I have my VPN’s and router’s inbuilt firewalls. I scan Wine files with ClamAV before running them. I copy my files every other month to a USB drive, also encrypted, which I keep on my shelf. My only digital commerce involves supporting Japanese artists through Pixiv.

Even when I was using Windows 7, for which I had disabled all updates since 2015 and where I would often run older versions of software, I had never felt unsafe. My script blocking and general caution have, based on constant monitors of network usage and processor temperature (which would betray any covert background task), preserved me, notwithstanding that Windows’s firewall had broken. I attribute this survival for six years without mishap to my hardened browser and how rarely I downloaded executables.

On drivers, the licence itself is a toy for the men in wigs. One can survey software through reverse engineering tactics, leaked source or simply by watching how it behaves.

[Pentium4User]

Even when I was using Windows 7, for which I had disabled all updates since 2015 and where I would often run older versions of software, I had never felt unsafe.

Your feeling doesn't matter at all. If your system is vulnerable - Windows systems run network services by default that were often vulnerable in the past - other people might abuse it.
The only way around this is installing security patches to close the holes and disable functionality you don't use.

[THX-1139]

Speaking of Security and UEFI, I found this little tidbit recently: https://arstechnica.com/information-technology/2022/07/researchers-unpack-unkillable-uefi-rootkit-that-survives-os-reinstalls/3/
Oops.

[Mæstro]

Your feeling doesn't matter at all. If your system is vulnerable - Windows systems run network services by default that were often vulnerable in the past - other people might abuse it.
The only way around this is installing security patches to close the holes and disable functionality you don't use.

Assuming you are right, my way about it in the end has been replacing Windows with Linux. I have not used a Windows computer since Ⅻ 2020. I recall also that I had deliberately broken Windows’s remote network access feature. Moreover, I consider the feeling as vital to what security is. My system was safe enough as long as I was managing it that way, and I had felt safe using it then; this is all that concerns me. My feelings are important to me.

[Pentium4User]

You feelings might be important for you - but they are worthless for your security. Security is the state of your computer. If your computer is vulnerable to certain attacks, it might be possible to break in. Attackers also don't care about any feelings, laws or anything else, they only care about the technical facts.
If you want a secure environment, you must ensure that nobody can attack you. This can't be reached 100%, but the probability that somebody can break it can be reduced.

[Mæstro]

My feelings are vital to my security: if I do not feel safe using my computer, my computer is not safe for me to use. If the computer is vulnerable, I can protect myself in ways that I find comforting. If a standard method is upsetting to me, then that method is worthless for me precisely because it makes me feel unsafe.

[mr tribute]

What is a good balance between security and usability for a PC system?

As far as drivers are concerned, you have to place your trust somewhere. FOSS is not a guarantee that everything is kosher either; and I do think that hardware manufacturers have a lot to lose if they make their drivers be anything but the best they can be or embed malware in them. So I tend to trust OEMs for having at least an agenda that will not ruin their reputation overnight

I don't want to put trust in proprietary drivers that run with root privilege. This thinking is inspired by my conviction that the FOSS model is better for security than the proprietary model. I know why people install proprietary drivers on Linux, but I die a little bit inside.

I'm also convinced that OEMs are sloppy beyond comparison. They have ruined the reputation of Windows. Microsoft itself has some sort of procedure to produce and verify software. OEMs ship cheap bloatware on machines just to save a few bucks. I believe OEM images should be avoided at all costs and only original ISOs from Microsoft used. There are even instances when OEMs have shipped computers with the wrong OS image installed so that they barely functioned.

One should first define security. Intuition suggests that a system is secure if nothing stupid happens. Files stay in place, and do not vanish, modify or transmit themselves on their own. Processor cycles and store go idle; nobody else can access them for their own ends, even to read them. Accounts are secure when they are immune against others using them for identity, financial or other fraud. Outsiders cannot read files’ or messages’ contents; security blends here into privacy. A secure system rejects any influence but from the user himself, and releases only what he will. Security only contradicts third parties’ use; the proper user sacrifices nothing.

So nice to read this. I think the same way. It's my computer and anything else is unwanted intrusion and a security risk. This includes updates that have to be checked before installing unless it's just a security patch to an LTS platform. This is what made Windows unmanageable. Microsoft started mixing security updates and feature updates into cumulative updates. Long gone are Windows "security patches", even though they still might be called that. You don't know what these Windows updates contain, because they are proprietary. The FOSS model is better for security, but not commercially viable.

Logging in with an online account might be an unwanted security risk. Better to use a unique password for OS login that isn't connected to your email provider. Unfortunately, Microsoft has now made this hard in Windows 11.
https://www.bleepingcomputer.com/news/s ... revent-it/

This week there has been a lot of news about a flaw in Windows that could be used by web sites to easily gain access to a visitor's Windows login name and password. When I tested this flaw it was downright scary.

Using a test site for this flaw, the site was able to get my test Microsoft Account login name and the hash of its password in a few seconds. Then it took the site less than 30 seconds to crack the password! What is even scarier, is that this flaw is not new and was discovered in March 1997!

[Pentium4User]

My feelings are vital to my security: if I do not feel safe using my computer, my computer is not safe for me to use. If the computer is vulnerable, I can protect myself in ways that I find comforting. If a standard method is upsetting to me, then that method is worthless for me precisely because it makes me feel unsafe.

Again, feelings don't matter when it comes to security. If the breaks in your car do not work, but you still feel safe, it doesn't mean that driving this car is safe.
If you have a vulnerability and you still feel safe, this won't change the fact that you aren't.

[mr tribute]

I personally don't have a problem with UEFI since it is just a different way of dealing with system initialization. Your BIOS also runs with the lowest level access to your hardware, by design.

UEFI is much more capable than BIOS. For example, Windows (at least Windows 8) supports code injection from UEFI during boot. This is how Lenovo reinstalled malware on their consumer line despite people reinstalling clean copies of Windows. I'm not making this s--t up. I don't think tiny BIOS is capable of code injection, but UEFI is and for some reason Windows allows that. Lenovo only did this on their consumer line so I don't think ThinkPads were affected. I have been trying to find a link, but this happened almost 10 years ago on Windows 8 PCs. One would think that Secure Boot should be able to prevent code injection from UEFI.

[Mæstro]

Again, feelings don't matter when it comes to security.

The feeling of safety is needful for safety, but not enough in itself: I express a condition, not equivalence. Thus, I do not feel safe steering a car, no matter how well designed, making driving unsafe for me. One can shield a weak point elsewhere.

[vannilla]

The (open) secret of security is that it's situational. As Moonchild said, I don't have to worry about securing boot for a stationary machine in my home, because the only way to do that is to break in, which is worse than an unauthorized boot (this example intentionally ignores things like the Intel ME for remote access).
The problem with the current-days approach to security is that everyone is disregarding the secret and is trying to find a one-size-fit-all solution. This means you often get overzealous solutions for things that don't need it and lacking implementations where they do.
Some people might do this to push an agenda, like some kind of walled garden, but most are probably just doing it because is cheaper: why pay a lot of people to mantain different kind of firmware for different kind of security levels, when you can pay less people and provide an universal solution with a good enough advertising?
If you then add the misinformed people that inevitably exist, you get today's mess.

[athenian200]

Assuming you are right, my way about it in the end has been replacing Windows with Linux. I have not used a Windows computer since Ⅻ 2020. I recall also that I had deliberately broken Windows’s remote network access feature. Moreover, I consider the feeling as vital to what security is. My system was safe enough as long as I was managing it that way, and I had felt safe using it then; this is all that concerns me. My feelings are important to me.

I would agree that if newer versions of Windows are not your cup of tea, something like Linux or Mac unfortunately has to be the answer instead. Running Windows 7 in 2030 like some dude from the MSFN forums is not a reasonable answer. Sooner or later, you will be messing around with thunking kernel function, installing hacked Chinese drivers from god-knows-where to get newer hardware to work, and desperately trying to get newer software to run, eventually relying on older or hacked versions of that too. I think a lot of people have not started to really feel the pain yet because it's only been out of support for a couple years, and look how long XP held on before people started feeling the pain there. I think it took another three or four years after the end of support for most people to get off Windows XP, and Windows 7 now is about where Windows XP was in 2015 in terms of popularity. If past trends hold, my projection is that the last 13% of the Windows 7 hold outs will move on to something else by the end of 2024.

I'm also convinced that OEMs are sloppy beyond comparison. They have ruined the reputation of Windows. Microsoft itself has some sort of procedure to produce and verify software. OEMs ship cheap bloatware on machines just to save a few bucks. I believe OEM images should be avoided at all costs and only original ISOs from Microsoft used. There are even instances when OEMs have shipped computers with the wrong OS image installed so that they barely functioned.

I would have to agree with that. I feel as though one of the reasons I don't have as many problems with Windows as other people do, is because I always do a clean install on hardware that I know Windows has decent driver support for before I buy it. Most of the issues people have with Windows are either OEM bloatware, buggy drivers, or buggy software coded for an older version of Windows than the one they're using. There are times when Windows itself is buggy, but eliminating those first three eliminates something like 70-80% of Windows issues. About the only legitimate I complaints I hear about newer Windows are telemetry, excessive security restrictions, and ugly UI/frustration with not being able to use themes.

[Moonchild]

Just one more brief clarification: when I say "hardware manufacturers" I'm not talking about system integrators who don't actually design and make the (chip) hardware itself, just the systems they go in - while they may do PCB design and make proprietary boards (maybe you should call them "board partners" then...) they don't control the fundamental design of chips and how they are driven. Lenovo, Dell, etc. are not hardware manufacturers in that respect and their bloatware is not what I mean when I say "drivers".

[Mæstro]

I would agree that if newer versions of Windows are not your cup of tea, something like Linux or Mac unfortunately has to be the answer instead. Running Windows 7 in 2030 like some dude from the MSFN forums is not a reasonable answer. Sooner or later, you will be messing around with thunking kernel function, installing hacked Chinese drivers . . . to get newer hardware to work, and desperately trying to get newer software to run, eventually relying on older or hacked versions of that too.

I respect the MSFN community for what it does, and I could name them as showing extremely what I had said: a weakness somewhere can be reinforced elsewhere. I know little about how they keep their computers safe enough for on-line commerce and so on; my guesses are network isolation and heightened vigilance. (Since the XP source has leaked, one could even conceive a team preparing its own patches, hosting them in any territory free enough from US business influence.) Maybe it is unreasonable to onlookers, but if they love the old system and do not want to change, I can see why they would, and I believe they can indeed keep it. It shows commitment over convenience.

Off-topic:
I have always rejected the idea that, while a script for a play 20, 200 or 2000 years later is to be kept for ever, an operating system or other programme somehow goes bad after a few years.

[athenian200]

I respect the MSFN community for what it does, and I could name them as showing extremely what I had said: a weakness somewhere can be reinforced elsewhere. I know little about how they keep their computers safe enough for on-line commerce and so on; my guesses are network isolation and heightened vigilance.

I don't agree that what they do is safe, hacking up binaries of software that will never be updated again. It's not like an open source fork where you can actually legitimately improve the code.

(Since the XP source has leaked, one could even conceive a team preparing its own patches, hosting them in any territory free enough from US business influence.) Maybe it is unreasonable to onlookers, but if they love the old system and do not want to change, I can see why they would, and I believe they can indeed keep it. It shows commitment over convenience.

Now that might be possible, but in that case it moves into the realm of being a legal/moral problem that I won't bother debating here. You do have a point that with the source code they do have a chance. But my point is more that using a binary-only piece of software that you just hack up forever without understanding how it really works and without any hope of extending it would be completely unreasonable, and that is what most of these people propose doing and have been doing that I find objectionable. If we're talking about active development on a fork of Windows XP from the actual leaked source, hypothetically (and they legally get away with it), that obviously changes the discussion entirely.

Off-topic:
I have always rejected the idea that, while a script for a play 20, 200 or 2000 years later is to be kept for ever, an operating system or other programme somehow goes bad after a few years.

That mentality makes perfect sense when it comes to games or word processors. But I don't think it works well when it comes to the base operating system of something connected to the Internet. The reason I see them as a bit unreasonable is only because they believe using such a machine with known vulnerabilities that hackers have already exploited on the modern Internet without security updates is a reasonable course of action. I see it as a bit like leaving your door unlocked and saying that because no one broke in, that means you're safe. That's not how it works... you could potentially leave your door unlocked for years and never get robbed. But that doesn't mean it wasn't a risk.

I do remember you saying earlier in the thread that you think as long as you "feel safe" things will be okay. It just makes me picture this odd scenario of an old lady who refuses to lock her door because she believes God will protect her from getting robbed, and that locking the door would demonstrate a lack of faith. I might well feel bad for her and think her decision doesn't make sense, but I can't argue with someone's belief. And if it comes down to that rather than logic, all you can do is shrug and say people will believe what they want, and act accordingly. Sometimes people's models of reality keep them from seeing the truth... I suspect if this hypothetical lady did get robbed, she would either think she was being tested, or blame herself for not having led a good enough life or having done something wrong rather than acknowledge there was anything wrong with her perspective. Belief in a particular model of reality is a powerful thing that can keep you from seeing things you don't want to see. I see Windows XP users on MSFN as having a similar "block" to that old lady, though obviously not of the exact same type.

[Mæstro]

I don't agree that what they do is safe, hacking up binaries of software that will never be updated again. It's not like an open source fork where you can actually legitimately improve the code. . . . But my point is more that using a binary-only piece of software that you just hack up forever without understanding how it really works and without any hope of extending it would be completely unreasonable, and that is what most of these people propose doing and have been doing that I find objectionable.

Having the source available surely makes the work much easier; I concede this. Nevertheless, I deny that having it is essential; the difference between editing the code and hacking at the blob is, in my eyes, instrumental. As a non-programmer, both look like black magic to me, and they yield the same result: something that somehow works, if why is unclear. I think the hope of extending a hacked script is there. Any software can, in time, be reverse engineered.

The reason I see them as a bit unreasonable is only because they believe using such a machine with known vulnerabilities that hackers have already exploited on the modern Internet without security updates is a reasonable course of action.

I think I can understand their mentality. My body has known vulnerabilities. If I eat arsenic, I will die. I doubt patches for this will come this side of doomsday, so I compensate in other ways. They know about their computers’ weaknesses, and it would indeed be foolish to neglect them altogether. The juggling act is doubtless a lot to handle, but I believe it possible in principle.

you could potentially leave your door unlocked for years and never get robbed. But that doesn't mean it wasn't a risk.

You are right here. I must be careful to avoid falling into the same trap as the smoker thinking himself safe as he has not got lung cancer himself.

I do remember you saying earlier in the thread that you think as long as you "feel safe" things will be okay.

This gets it backwards, as I have tried to clarify later in the thread. For things to be alright, I must feel safe. Of course, feeling safe alone is no guarantee. Nevertheless, I own that, at least for me, as somebody who is frightened even by slight dangers, feeling secure, or rather, being in the place where I can feel secure, is most of the way towards being secure. This is no universal law, and for other personalities it can indeed be dangerous.