I would have thought this was obvious, but your analogy is critically <span style="font-style: italic;">shit</span>. We don't "choose" to be exploitable. Or if we do, we don't have another viable choice.<br>
<br>We're professional software developers. We have to make software, otherwise we get hungry and they shut off the power.<br>That said, we don't have the option of making our software unexploitable, because we have things called
<span style="font-style: italic;">contracts</span> and <span style="font-style: italic;">budgets</span> and at the end of the day, it's not efficent to fix holes before release, because nobody's going to find <span style="font-style: italic;">
all</span> the flaws that you release the software with.<br><br>Your idea has a very limited potential userbase, because not having such things as cookies and personal files adds a lot of work and makes the people who use our software less efficent, which makes
<span style="font-style: italic;">us</span> poor. You might suggest that we store such data off-system (say, on a centralised storage system, online or on personal USB keys) but USB keys would make it much easier to steal information and with each of those 'fixes' you just force the attacker to move their attacks to programs that are stored on the writable disk.
<br><br>That being said, I've used systems which restore all their settings at the start of each day. They're most commonly used in public libraries, highschools and universities, where customization is inappropriate to start with.
<br><br>Yirimyah<br><br><div><span class="gmail_quote">On 11/2/07, <b class="gmail_sendername">Drsolly</b> <<a href="mailto:drsollyp@drsolly.com">drsollyp@drsolly.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
> Things are in fact FUBAR. We need new ideas and new solutions as honestly,<br>> although we want to feel we make a difference by taking care of this or<br>> that malware or this and that C&C we are powerless and have not made a
<br>> real difference in the past 6 years while things got worse.<br>><br>> We need new solutions and new ideas, and would be more than happy to have<br>> new people exploring operational security.<br><br>My new idea is a computer that cannot have new software installed on it by
<br>the user, or by someone logging in as root, or in any other way, other<br>than by physical replacement of the OS medium.<br><br>My first proposal was Grannyx, which I proposed a couple of years ago. No<br>work has been done on this, because none of the people who think it's a
<br>good idea, have the time to make it happen. The OS is on a CD Rom, and the<br>medium on which data is stored, is unable to run software.<br><br>> The current state of Internet security is you get slapped -- BAM! -- and
<br>> you write an analysis about it. (when speaking at ISOI I actually slapped<br>> myself -- HARD -- when I said it on stage, not a good idea for future<br>> reference).<br><br>A better analogy might be "you see someone else being tapped gently on the
<br>wrist", which explains why no-one does much to stop it happening in future.<br><br>> Well, we can't choose the risks. They choose us. Sometimes they are cool,<br>> sometimes they're not.<br><br>Well, we can choose the risks, actually. Having chosen the risk, you can't
<br>choose the outcome. But we do choose the risks.<br><br>For example, I climbed a tree yesterday. The outcome was good (it might<br>not have been), but *I* chose the risk.<br><br><br>_______________________________________________
<br>Full-Disclosure - We believe in it.<br>Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html">http://lists.grok.org.uk/full-disclosure-charter.html</a><br>Hosted and sponsored by Secunia - <a href="http://secunia.com/">
http://secunia.com/</a><br></blockquote></div><br>