[cap-talk] Polaris: Virus Safe Computing for Windows XP

Jonathan S. Shapiro shap at eros-os.org
Mon Dec 6 18:02:59 EST 2004

On Mon, 2004-12-06 at 13:33 -0800, David Wagner wrote:
> I have to say that this kind of reliance on "security through obscurity"
> is a giant step back from what I understood to be the goals of the
> capability community.

This seems terribly harsh on several grounds:

1. Alan et al. are not the community.

2. They have substantially reduced the scope of the defensive problem.
This is good progress forward. The question is not whether there is a
hole. The question is whether the hole is, in principle, fixable. I
absolutely agree that they cannot credibly claim to have solved the
problem. They *can* usefully report that they have made progress and
identify what is left to be done. The conference presentation problem
lies in making the right claims.

> I hope you and others won't completely give up your efforts to
> build truly secure systems and do it right...

I also would hate to see progress stagnate, but (with apologies in
advance to Alan) I have somewhat mixed feelings about seeing that work
done at HP. Like most companies, HP has a well-motivated tendency to
make intellectual property proprietary. In the context of security, this
doesn't advance the public interest (and doing so isn't HP's job). In
light of this, I find myself in the awkward position of sincerely
wishing Alan and his group the best of success at an interpersonal
level, and simultaneously wishing that we (collectively) do not suffer
the misfortune that they discover and patent anything truly


More information about the cap-talk mailing list