2007-02-06

Protocol

It's not just zealotry, Linux really is more secure than Windows. The reasons are visible in the Sana Security diagrams posted by Richard Stiennon on ZDNet. But really this goes back to good protocol.

The issues I reported on earlier that both the VA and Johnston County suffered from are not really issues about security. They are problems with protocol. If you have poor protocol you can use the strongest encryption in the world and it won't help.

What good is a great cipher if you spray paint the key on the side of a bridge? What good is a pad lock if you write the combination on the door? Good protocol can secure bad encryption more easily than good encryption can help bad protocol.

The Sana Security diagrams show us just how bad the windows internal protocols really are. There is no securing this system with Digital Rights management or any other encryption scheme. Any security method placed on top of a such bad messaging protocol will fail miserably because even if the encryption or other security suite is perfect... windows isn't. And the system will be compromised by drilling down into windows... not through the security system.