Bear in mind that the rootkit code appears to be of dubious quality. I have pointed out before that running multiple kernel patches is very risky. I doubt you would have the problem of several rootkits hogging too much CPU, because your system would fail to boot much before CPU hogging would become an issue.
Stop using POP3 and move to IMAP instead. Then you can choose what parts of an email are actually downloaded. Better yet, you can nuke those 110k mails directly without opening them.
An example goes a long way. Take Linux kernel rootkits for instance. Once a (let's assume well-programmed) rootkit is in place, it will intercept all system I/O that would reveal its presence. The data the I/O returns is then modified to remove all traces of the rootkit's existence. For intents and purposes, the rootkit isn't there. Except it is.
The only reliable way to avoid this is to "bootstrap" the kernel from a trusted hardware component that makes sure that the kernel being loaded does not contain a rootkit.
So, to put it briefly, you need the trusted (as in the "can violate policy" sense) component to establish your initial trust in the software you are running.
Bruce also refers to Ross Anderson's TCPA/Palladium FAQ, which is well worth a read. Of particular/. interest is question 18, cryptically titled "Ugh. What else?":
"TCPA will undermine the General Public License (GPL), under which many free and open source software products are distributed."
"You will still be free to make modifications to the modified code, but you won't be able to get a certificate that gets you into the TCPA system."
A lot of background information can also be found from Ross' page about
Economics and Security.
You should ask yourself the question "if a computer can run code in a protected environment, whose code would you be willing to let into the computer?" Once it's there, it is protected - even from you.
Bruce's "enlightenment" is of course a good thing, and he is brilliant in his way of presenting security issues for the masses. However, security engineering is far from a new field, and many of the principles are well established.
Take a look at Ross Anderson's home page, read a few of his classics like "Why Cryptosystems Fail", "Programming Satan's Computer" and "The Cocain Auction Protocol".
Ross' book "Security Engineering - A Guide to Building Dependable Distributed Systems" should be mandatory reading for anyone who writes code for networked computers - no matter what kind of computers.
I feel that one of the biggest threats to Internet security today is the inability to learn from history. That is, after all, at the core of the engineering arts and sciences.
News stories like this one always tend to cloud the real issue. I admit, it's neat that Linux can run on an advanced tamper-resistant co-processor. But honestly, from an overall security perspective that's not really that interesting.
A processor like this just provides yet another way to do "reliable" digital signatures. Such signatures are getting increasing legal status. The real security threat is the fact that it's not really the user that is doing the signature, i.e. the RSA calculations, it's the device. Regardless of how secure the device is, if a trojan horse fools the user into giving his PIN to the device, the trojan can then make a legally binding "digital signature" using a "totally secure device". On any document of the trojan's choosing.
If you thought identity theft was bad, think again.
There actually is a really good reason why DVD+RW is the "best" format. The whole thing is fairly well explained at <http://www.dvdplusrw.org/video/comparison.html >, but I'll summarize it for those who never take the time to follow links.
Summary: DVD+RW is the only format that is able to properly record fully DVD-Video compatible MPEG-2 with Variable Bit Rate (VBR) encoding.
Basically, if you want to make DVD-Video disks with the full DVD-Video quality, you can either use DVD+RW or send your incompatible DVD-RW disks to a shop for some very expensive mastering into actual DVD-Video.
Now, for people who think SVCDs with 2.5 Mbit/s is OK, this really is not much of an issue. But real DVD-Video uses VBR with a maximum transfer rate of up to 10 Mbit/s. I personally want to author my DVD-Video disks with material filmed with my miniDV handycam without having to reduce the resolution and the transfer rate.
DVD-RW seems to have added a "DVD-Video compatible" mode because of the specs that DVD+RW presented, but the DVD-RW "compatible" mode comes with several drawbacks. Constant Bit Rate, for one.
DVD+RW provides both DVD-Video backward compatibility and high-performance data recording. For me, that sounds like the best of both worlds. Now I just need to decide which drive to get, Philips or HP.
Slashdot Mirror
Bear in mind that the rootkit code appears to be of dubious quality. I have pointed out before that running multiple kernel patches is very risky. I doubt you would have the problem of several rootkits hogging too much CPU, because your system would fail to boot much before CPU hogging would become an issue.
Stop using POP3 and move to IMAP instead. Then you can choose what parts of an email are actually downloaded. Better yet, you can nuke those 110k mails directly without opening them.
"POP3 considered harmful"
Prosessori ei kestänyt todella alhaisia lämpötiloja. Testit alkoivat rullaamaan huomattavasti paremmin, kun kulho ei ollutkaan aivan umpijäässä.
"The processor didn't handle really low temperatures. The tests ran significantly better when the bowl wasn't completely frozen."
So, now you know why we can't keep the processor outside - it would get too cold!
NB. Daily temperature maximums for Helsinki the last few weeks have rarely dipped below 25 C. Not that you would care, though. :)
The only reliable way to avoid this is to "bootstrap" the kernel from a trusted hardware component that makes sure that the kernel being loaded does not contain a rootkit.
So, to put it briefly, you need the trusted (as in the "can violate policy" sense) component to establish your initial trust in the software you are running.
"TCPA will undermine the General Public License (GPL), under which many free and open source software products are distributed." "You will still be free to make modifications to the modified code, but you won't be able to get a certificate that gets you into the TCPA system."
A lot of background information can also be found from Ross' page about Economics and Security.
You should ask yourself the question "if a computer can run code in a protected environment, whose code would you be willing to let into the computer?" Once it's there, it is protected - even from you.
Take a look at Ross Anderson's home page, read a few of his classics like "Why Cryptosystems Fail", "Programming Satan's Computer" and "The Cocain Auction Protocol".
Ross' book "Security Engineering - A Guide to Building Dependable Distributed Systems" should be mandatory reading for anyone who writes code for networked computers - no matter what kind of computers.
I feel that one of the biggest threats to Internet security today is the inability to learn from history. That is, after all, at the core of the engineering arts and sciences.
News stories like this one always tend to cloud the real issue. I admit, it's neat that Linux can run on an advanced tamper-resistant co-processor. But honestly, from an overall security perspective that's not really that interesting.
A processor like this just provides yet another way to do "reliable" digital signatures. Such signatures are getting increasing legal status. The real security threat is the fact that it's not really the user that is doing the signature, i.e. the RSA calculations, it's the device. Regardless of how secure the device is, if a trojan horse fools the user into giving his PIN to the device, the trojan can then make a legally binding "digital signature" using a "totally secure device". On any document of the trojan's choosing.
If you thought identity theft was bad, think again.
Summary:
DVD+RW is the only format that is able to properly record fully DVD-Video compatible MPEG-2 with Variable Bit Rate (VBR) encoding.
Basically, if you want to make DVD-Video disks with the full DVD-Video quality, you can either use DVD+RW or send your incompatible DVD-RW disks to a shop for some very expensive mastering into actual DVD-Video.
Now, for people who think SVCDs with 2.5 Mbit/s is OK, this really is not much of an issue. But real DVD-Video uses VBR with a maximum transfer rate of up to 10 Mbit/s. I personally want to author my DVD-Video disks with material filmed with my miniDV handycam without having to reduce the resolution and the transfer rate.
DVD-RW seems to have added a "DVD-Video compatible" mode because of the specs that DVD+RW presented, but the DVD-RW "compatible" mode comes with several drawbacks. Constant Bit Rate, for one.
DVD+RW provides both DVD-Video backward compatibility and high-performance data recording. For me, that sounds like the best of both worlds. Now I just need to decide which drive to get, Philips or HP.