Talk:Computer security

Cleanup

I am performing a cleanup of the article by fixing grammatical errors, rewording wordy and poorly organized sentences and citing some references. I'm also adding an Applications section to the article to expand it. Soloxide (talk) 22:14, 14 April 2008 (UTC)

That's a good idea and a commendable ambition. It's a very good article but it does need a lot of work! Dr Roots (talk) 13:31, 16 July 2008 (UTC)

Problems

I think this article could be improved: There is no mention how computer security relates to computer safety. In particular, some definitions of computer security require the presence of an attacker, otherwise a random disk failure is also considered a security issue - sometimes it is, but more conventionally it would be an issue of reliability. And in a nuclear powerplant or aircraft it would be an issue of computer saftey. It would be a good idea if this article expands on these differences.

Also: The claims in "This forms the foundation for a secure operating system which, if certain critical parts are designed and implemented correctly, can ensure the absolute impossibility of penetration by hostile elements" overstates the abilities of secure operating systems. Features that people nowadays expect of all useful operating systems (playing multimedia files, running networked processes) are quite hard to secure. Eliminating side channels is really quite difficult and there exist arguments that trusted applications are unavoidable (see the RAID paper "Interfacing Trusted Applications with Intrusion Detection Systems") —Preceding unsigned comment added by 41.243.70.48 (talk) 03:46, 11 April 2011 (UTC)

Early history of security by design

This section currently cites Multics as the first system designed to be secure from the start. I seriously wonder what the IBM people would say about this. Dr Roots (talk) 13:32, 16 July 2008 (UTC)

MBTA vs. Anderson

I would appreciate if anyone could lend a hand in fleshing out the MBTA vs. Anderson case. Madcoverboy (talk) 18:56, 15 August 2008 (UTC)

American-centric

can someone edit the articale to make it less tied to jsut the USA and give it a more global perspective? —Preceding unsigned comment added by 194.197.118.236 (talk) 09:00, 14 February 2011 (UTC)

Any sources you'd recommend that would provide this perspective? --Pnm (talk) 16:31, 14 February 2011 (UTC)

The mathness

The otherwise very well formulated introduction has a quirky stmt:

For this reason, computer security is often more technical and mathematical than some computer science fields.^{[citation needed]}

OK, so maybe the stmt needs citations, but foremost it needs clarification: some computer fields, does that regards the technology, or could it also refer to usages? If the later, then certainly true, since all computer technology is immersed by maths oriented topics, although those topics could be avoided by not adressing them. In my thinking, a well performed security analysis requires a huge disproof apparatus against errors occurring, applied to each subfunctionality of an analysed functionality and also applied to the dynamic whole of all collaborating subfunctionalities. Since the subfunctionalities might very well behave erroneous, except under the strictures imposed by the execution inherent in the full functionality executing, the error disproof to be performed might be math-level complex. So the statement is very true under this interpretation, but I think this interpretation must be formulated into the sentence. ... said: Rursus (bork²) 12:46, 17 January 2009 (UTC)

Computer Security Agency

The c.s.a[computer security agency] is a corporation that detects bugs and viruses in computer networks. It was designed to help save peoples identity and personal information. It also protects large corporations from people who wish to steal money or homework answers. —Preceding unsigned comment added by 71.201.171.53 (talk) 02:44, 12 September 2009 (UTC)

Computer security policy

Hi! I recently added a policy section to the article (and some info on the Kill switch bill.) I think this section needs to be expanded and include all important legislative and regulatory efforts related to computer security. Anybody want to discuss this? Anybody want to help? Lemme know! Thanks! P@ddington (talk) 17:25, 26 June 2010 (UTC)

Web browser flaw secretly bares all

This http://www.thenewstribune.com/2010/12/05/1452951/visited-porn-web-browser-flaw.html contains information that should be included in this wiki article. Question is where should it be inserted - thanks for any suggestions or actions. Ottawahitech (talk) 20:54, 8 December 2010 (UTC)

That's more of a privacy issue than a security issue. Knowledge of whether you have visited a competitor's website will not help anyone compromise your machine. Nothing you do online is 'secret', so you shouldn't be surprised - lots of people have access to records of every site you visit. (Only the content is encrypted on https sites, not the fact that you visited. On http sites, both can become public knowledge.) --Nigelj (talk) 15:25, 9 December 2010 (UTC)

End User Protection Flawed feedback

For those antivirus, malware, trojan and other os similar protection, i write this. The industry even after many decades hasn't invested into unpacking installers and archives. It was done corrctly on 1980s computer, but took a huge step back for computer os's since then and still. While some do do some simple checking into archives and zip type compressed installers. No protector software as yet today is capable of looking into the many other archive types and installers that exists and have been.

How can a protection software protect a pc if it relies only to protect at instance of install. Makes a mokery of scanning a pc for what they protect against. If they knew how to do this, then would find more unwanted virial, malware, trojan and others. And less false positives using a database and unpackers to look inside each and every archive and installer during a system scan.

Or put another way why bother with system scanning of drives if there is no protection. And the resources used for active protection is so high because of this. If these softwares could do a system drive scanning and find nearly if not all, then that would be what those software were intended to protect before executing or opening the container with data in them.

Of course by doing this would make those archives and installers with unwanted data in them easier to identify. Since they will make then unpack-able to sandboxes that the protectors use. By subterfuge or passwording them. I would say that any archive that is like that if unpacking archives and installers ever does happen for these software. For them to be treated as unwanted. This will not only protect the pc but could help make those who put in the bad code to think twice.

The way i protect myself now, is if i cannot unpack any archive or installer i zero erase it many times. I do have some tools to unpack that every day users would not have. Yet do not unpack tools for all so don't try or install many new softwares because of this. If only the protection softwares were developed corrctly in the first place, to protect all the data and able to check all data fully unpacked.

Unsigned comment moved from article to talk page. --Shirt58 (talk) 10:56, 23 May 2011 (UTC)