Intriguing article in the never‑ending battle…

How the human immune system inspired a new approach to email security. (https://go.theregister.com/feed/www.theregister.com/2020/12/01/how_the_human_immune_system/)

How about they design a computer that can't be compromised by opening an email msg. See why scanning email for badness doesn't work.

The Six Dumbest Ideas in Computer Security (https://www.ranum.com/security/computer_security/editorials/dumb/)

The Six Dumbest Ideas in Computer Security

Interesting article. I especially appreciate the link within it to Richard Feynman's Personal Observations on Reliability of Shuttle. Richard Feynman is an intellectual hero of mine and his observations about the Challenger disaster are not only professionally cogent but easy to read. For interested parties, here's the link to the genuine article: https://www.history.nasa.gov/rogersrep/v2appf.htm

It makes for sad but enlightening reading.

As for your linked article itself, I agree with some parts but not with others. It was written 15 years ago when the IT world was a simpler place. We are now addicted to social media like pathetic junkies, phished and spear phished by evil actors highly proficient in social engineering and attacked by ransomware so pernicious that it lurks until it has mapped out our whole infrastructure so that it can attack even our backups. Moreover, the threats have evolved from clearly invasive malware to spyware by design wherein the platform we are installing is itself the actual culprit.

Very different world.

I find the parts about e-mail persuasive. Stripping and jailing all attachments may be a viable enterprise tactic, but even this does not address spear phishing contrivances with no attachments.

I disagree with the author's denunciation of "Penetrate and Patch". In fact, I think his critique absurdly naïve. Modern OSes have become so large and complex that it is simply not realistic to produce unhackable code. I'm afraid it will always be a running battle with white hats on one side versus black hats on the other. And this dynamic does not exist simply because the white hats can't be bothered to write proper code. You can carry on the process of testing to the extent that code never gets released at all and still not catch the potential holes that some clever bad guy will discover and exploit. However, if the author means by "Your software and systems should be secure by design and should have been designed with flaw-handling in mind", then doesn't Linux already do this with its updates/upgrades? Yet this system depends on the process of "Penetrate and Patch". How else can it work?

> .. Modern OSes have become so large and complex that it is simply not realistic to produce unhackable code ..

It's not the code, it's the underlying hardware/software platform. As in the innovators seem unable to design a MMU that can sucessfully isolate processes.