From owner-freebsd-questions@FreeBSD.ORG Wed Jun 11 23:53:20 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E01E21065676 for ; Wed, 11 Jun 2008 23:53:20 +0000 (UTC) (envelope-from jeffrey@goldmark.org) Received: from out1.smtp.messagingengine.com (out1.smtp.messagingengine.com [66.111.4.25]) by mx1.freebsd.org (Postfix) with ESMTP id AF5338FC18 for ; Wed, 11 Jun 2008 23:53:20 +0000 (UTC) (envelope-from jeffrey@goldmark.org) Received: from compute1.internal (compute1.internal [10.202.2.41]) by out1.messagingengine.com (Postfix) with ESMTP id 31A8911496F; Wed, 11 Jun 2008 19:53:20 -0400 (EDT) Received: from heartbeat2.messagingengine.com ([10.202.2.161]) by compute1.internal (MEProxy); Wed, 11 Jun 2008 19:53:20 -0400 X-Sasl-enc: JqElTTiDRFosknYeQKpG/MVlHqwnk1gWqnVm4qx55XqG 1213228399 Received: from hagrid.ewd.goldmark.org (n114.ewd.goldmark.org [72.64.118.114]) by mail.messagingengine.com (Postfix) with ESMTPSA id 92832235FB; Wed, 11 Jun 2008 19:53:19 -0400 (EDT) Message-Id: <81D4CA85-1FE1-48BD-9089-F90B2674B2E2@goldmark.org> From: Jeffrey Goldberg To: YANSWBVCG In-Reply-To: <20080611210313.6D88F8FC1C@mx1.freebsd.org> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v924) Date: Wed, 11 Jun 2008 18:53:18 -0500 References: <20080611210313.6D88F8FC1C@mx1.freebsd.org> X-Mailer: Apple Mail (2.924) Cc: David Naylor , freebsd-questions@freebsd.org Subject: Re: FreeBSD and User Security X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Jun 2008 23:53:21 -0000 [mailed and posted] On Jun 11, 2008, at 4:03 PM, YANSWBVCG wrote: > It is my understanding that since 1995 all computers must have a > hardware back door that permits undetectable access by the > government to > the computer. This capability can be implemented using System > Monitor(Maintenance) Mode which is built into all x86 computers now. > It > would appear that, if you are connected to the internet, the > government > has access to your computer. This is not the place to get into this debate, but I think that someone should state for the record that the vast majority of security experts would disagree with you. However, I fully acknowledge that if the National Security Agency or GCHQ or the like wanted to break into any one of my systems, I'm sure that they could. But the question wasn't about making a system that could withstand something like the NSA but instead about defending against run of the mill spyware. Switching from Windows to FreeBSD would obviously improve matters for that kind of attack, but the real answers to the original question require an understanding of the nature of the threats and the nature of the counter measures far beyond what was evident in the question. After all, most spyware is installed with the users' consent (though the user may not know that it is sypware.) For just about everyone, I recommend pretty much anything written by Bruce Schneier. As as start there is his very brief "How to think about security" essay: http://www.schneier.com/crypto-gram-0204.html#1 -j -- Jeffrey Goldberg http://www.goldmark.org/jeff/