Security - eWeek

Page 2 - One Bot Per Child?

	LATEST STORIES
	- IDC: HP, IBM Remain Server Revenue Leaders i... - Novell Puts Platespin Data Center Management... - Wireless Security: A Partial Glossary of Wir... - Where Virtualization Will Be Going in the Ne... - Ex-AOL Boss Looking to Raise Cash for Yahoo ...

	eWEEK EDITORIAL CALENDAR
	For a list of what eWEEK is covering this year, go to our editorial calendar.


	NAC 2.0: A New Model For A More Secure Future from Sophos PBX Buyer's Guide from VoIP-News Giving Service Companies a Fast Start from SAP See All Resources >


	Server Virtualization The Windows Server Virtualization Platform Hardware virtualization introduces significant new hardware requirements and new management, support, and licensing challenges. Join presenters from Unisys on December 10 as they outline the hardware virtualization software that Microsoft offers, looks at the tools Microsoft provides for managing virtualized servers, and examines licensing and support implications of deploying hardware virtualization. Register Now!

Security

One Bot Per Child?

By Larry Seltzer
2007-06-18

Article Views: 817
Article Rating:

/ 0

Table of Contents:

Rate This Article:

Add This Article To:

Digg this

Del.icio.us

Slashdot

Y! My Web

E-mail

Furl

Google

Simpy

Spurl!

PDF Version

One Bot Per Child? - ' When Programs Get Complicated '
( Page 2 of 2 )

My problem with this is that once programs get complicated, as they often do outside of the Unix command line, tracking all these privileges gets complicated. Users want their programs to do useful things like send e-mails and save to a flash drive. Expecting the "IT support" at the school to decide how to handle errors is not a reasonable thing to do. There are other complicated decisions, such as default numbers for rate limitation on network access, that are left to some authority I dont assume will be present.

Bitfrost doesnt specifically address the issue, but I think it expects a lot of someone at the school administering systems. As we know from the sad story of Julie Amero, who was prosecuted because her class PC had become infected with a porn popup-spamming program, even in the filthy-rich United States of America school IT may not get the job done on security.

Check out eWEEK.coms for the latest news, views and analysis of technologys impact on government and politics.

And the basic issue of social engineering is not specifically addressed, except to the extent that technical measures in Bitfrost may prevent operations the user may be prompted to do by an attacker through a social engineering attack. But Im sure that still leaves some leeway for dangerous operations, and the possibility that the permissions administrator can be fooled into allowing the installation of a dangerous program. Its really not that hard to envision a school of OLPC notebooks becoming infested with bots, if a resourceful attacker tried to get them in there.

And there are people at OLPC who envision such attacks. If enough of the notebooks are out there, they automatically become a target just because of their numbers. The standard configuration and relative naiveté of the user base make them more tempting targets. Other people at OLPC recommend that the activation and central backup projects be postponed, if necessary, in order to get more effective prevention in place against social engineering attacks.

As highly as I value education, including computer education, I think there are better ways to aid the desperately poor parts of the world than to send them cheap computers. I think OLPC will fail because even such countries will see their money better spent in other ways. But I wouldnt be surprised to see some useful experimentation coming out of the project. Even if Im right about mistakes made the first time around, I suspect theyre not afraid to learn from them and fix them, and thats an effort worth supporting.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers blog Cheap Hack

MOST READ SECURITY STORIES
PAST 7 DAYS

1 - Microsoft Vulnerability Faces New Round of Attacks (10388)
2 - Thinking Consumer Security for the Holidays (5402)
3 - Smartphone Security Good Filler for Christmas Stockings (3372)
4 - Intel Arms Lenovo ThinkPad Laptops with New Anti-theft Technology (2801)
5 - It's Time to Sign the Root Zone Already (2727)
6 - Santa Thinks IT Security This Christmas (2565)
7 - How to Strengthen Your Enterprise Wireless Network Security (2175)
8 - Enterprise Security Requires Shared and Privileged Account Password Management (997)
9 - Wireless Security: A Partial Glossary of Wireless Security Terms (985)

Videos Sponsored by:

EWEEK E-MAIL NEWSLETTERS bring you reliable, timely information to stay on top of the business of technology -- and technology in business -- and get more out of the Web. Make your choices and start your subscriptions today!

EWEEK RSS NEWS FEEDS contain a daily feed of our latest stories from over 30 different categories including Enterprise Apps, Business Intelligence, Security, VOIP and more!

Subscribe to our RSS feeds today for free...

	Issue Index \| Contact Us \| About \| Advertise \| Magazine Customer Service \| Site Map
	Security: Enterprise Security Network Security Infrastructure Security How To: Data IT Security News Cheap Hack Blog Security Watch Blog Storage: Data Storage Cloud Storage Storage Virtualization Network Access Storage Storage Reviews Data Storage News How To: Storage Storage Station Blog Computing: Apple OSX Linux Systems Windows Vista Managed Print Services Cloud Computing PC Reviews Microsoft Watch Blog Apple Watch Blog Google Watch Blog Communications: VoIP Solutions Wireless Technology Messaging Software Web Services Mobile Applications Wireless News Mobile Reviews Apps & Development: Application Development SAAS Search Engines Database Software Web 2.0 IT Project Management Emerging Tech Blog CIO Insight Blogs CIOs
	Vertical Markets: Federal Government IT Health Care IT Finance IT Mid-Market Channel Partners Careers Blog Value Added Resellers More eWeek Links: Green Computing Center Tech Knowledge Center Tech Newsletters Tech RSS Feeds White Papers Tech Podcasts Tech Videos eWeek Magazine Subscriptions Enterprise Websites: ZDE Home Baseline Channel Insider CIO Insight eSeminars eWeek Mid-Market Publish Online Web Buyers Guide Developer Websites: Dev Shed DeveloperShed ASP Free MS DevSource SEO Chat Codewalkers Tutorialized Scripts.com Dev Mechanic Dev Articles Web Hosters Dev Hardware Technology Websites: Device Forge Desktop Linux Linux Devices Windows for Devices iGrep Search Engine PDF Zone Linux Watch
	Use of this site is governed by our Terms of Use and Privacy Policy Copyright ©1996-2008 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited. eWeek is your best source for the latest Technology News. ZDE Cluster 5 hosted by Hostway.