On Mon, Feb 18, 2008 at 03:34:50PM -0800, Hallam-Baker, Phillip wrote: > In the scenario I gave, the data I wish to stop the kids accessing > is already on my network, net nanny is totally useless in this > instance. Let us imagine that I have a configuration that consists > of one Vista machine and one Home Server on which there is stored a > collection of ripped DVDs of video nasties, you know The Sound of > Music, Care Bears Movie etc. some of the nastiest films I have > seen. I do not with the kids tastes to be corrupted by this rubbish. Heh. From the Capitol Step's, "All I Want For Christmas Is A Tax Increase" album: http://www.amazon.com/gp/music/wma-pop-up/B000003JOO001001/ref=mu_sam_wma_001_001 > Security cannot be effective when it is provided in the form of a > DIY assembly required project. But thats what the field has been > doing. I'm afraid it's worse than that. As long as we provide general purpose computers, and some insiders that are determined to bring home databases filled with SSN so they can do work in the evenings, or children who know more about computers than their parents and who are determined download videos of "Barney does Dallas", I'd claim is pretty much impossible to solve the particular security problem which you are worried about. And I'm not sure people are really willing to accept computers with the sorts of controls that would prevent these sorts of attacks on data. Look at the resistence to Microsoft's Palladium project by people such as Ross Anderson. (http://www.cl.cam.ac.uk/%7Erja14/tcpa-faq.html) Most consumers are far more focused on the sorts of abuse that could be perpetrated by Hollywood, the Music Industry, and Microsoft, rather than problems with databases filled with US Military personnel's credit information getting stolen out of unsecured laptops of incompentent government bureaucrats. One could have a debate about whether this is a correct assessment of risks by the consumer and by organizations like EFF and EPIC, but it's reality that won't be easily changed. In any case, this is a bit of a rathole from the original discussion, I suspect.... - Ted _______________________________________________ Ietf@xxxxxxxx http://www.ietf.org/mailman/listinfo/ietf