[OLPC Security] security / anti-virus faq

Michael Stone michael at laptop.org
Wed Nov 21 15:10:14 EST 2007 

Todd,

The appropriate venue for questions like this is the security mailing list:

  security at lists.laptop.org

> I'm assuming that if there's *any* chance that a virus/exploit can be
> written, that the autoupdate/patch thing might solve some of this -- but
> wondering if anyone is having conversations about talking to avg about
> writing anti-virus software?

Work on implementing Bitfrost has been a higher priority for us because
we believe that this work addresses one of the root causes of the
computer security problem posed by viruses - that users have no
convenient way to run benign software with only the authority it needs. 

The Bitfrost spec and accompanying wiki pages should give you some
helpful background on our reasons for making this choice. Also, if you
think of ways to clarify the text, please submit patches for review to
the security mailing list.

> Documentation team can help "translate" information if we can get security
> people to answer these, perhaps on wiki?

Where the answers are given doesn't reallly matter so long as the
"security people" you're thinking of learn that a question has been
posed in a timely fashion.

I recommend directly soliciting feedback by catching one of us on IRC and
pointing us at the location where the question lives.

> Q: Will there be computer viruses on the xo? If so, what defense is there?
> Q: Is there anti-virus software? If not, why?
> Q: Will there be anti-virus software available?
> Q: Will there be phishing attacks?
> Q: Can I get Norton Anti-virus for the xo?
> Q: Can I shop online safely on the xo?
> Q: Is the mesh safe for my kids to be on?
> Q: Will there be child predators on the mesh?
> Q: Can we make a protected portion of the mesh, with background checks like
> Second Life does for their teen version?

I can't give useful answers to these questions without knowing more
about what audience is going to be reading them and without knowing why
they are being posed.

In particular, how much do you value simplicity and concision vs.
precision, accuracy, and comprehensiveness?

Michael

More information about the Security mailing list