[danssig]

>Furthermore - as Wil explained - being fast with the fire extinguisher is probably a better tactic than trying to monitor and disallow all things that may lead to fire.

I disagree here. In the case of humans, it doesn't cost much to put fire extinguishers at regular intervals and have people just use them in the case of a fire. If a first starts we'll notice it. On a computer, it won't "just notice". You would have to have some virus scanner scanning every action all the time. This is what makes Windows so much slower and I would really hate to see it come to Mac.

I wish the SELinux approach would become more popular.

[Tloewald]

Being fast with a fire extinguisher is no substitute for fire prevention :-)

The point about all security models is that you need multiple redundant systems not one silver bullet. My house is built to fire safety codes, the materials are tested and approved individually, we have fire alarms, fire extinguishers, a fire hydrant nearby and a fire department to use it, and we have fire insurance. Most houses are like this and houses still burn down.

Shipley's argument is that code signing is all you need. It's not quite the same as advocating fire extinguishers as the only line of defense against house fire, more like simply relying on your builder's credentials.

[po]

A bit of confusion: when I said 'fast with the fire extinguisher', I wasn't talking about users but about Apple. Malware is only practical if you can infect hundreds if not thousands of machines. If Apple can effectively kill malware that is discovered, then it ruins the economics behind it. So to apply my somewhat lacking analogy, even though the systems are horribly vulnerable and there is nothing a user can or should do if a fire starts, nobody is out there going around starting fires because they get put out by Apple quickly, with some cost to them and before the fire is useful.