Before I started using Linux and getting into frequent online discussions with other Linux users about security issues, I had no idea about computer security. I thought having a login and password was enough to keep the “bad guys” out, should my computer ever be stolen. Most people I know think the same. My dad (who actually is quite tech-savvy and can, unlike me, program in several languages and build his own computers from scratch) thought a fingerprint reader on his Thinkpad would keep people from accessing his files, but I showed him (with the aid of Knoppix CD) that that wasn’t the case.
The truth is that most computer “security” for home users is bogus and just security through obscurity. It may (or may not, depending on how resourceful they are) keep nosy family members and friends out, but it won’t stop someone who’s stolen your computer from getting to all your files. Having separate passwords and usernames on a home computer (as opposed to authenticated on a domain at work) is mainly a way to just make it slightly inconvenient for others using the same computer to snoop into your files.
If they had a little bit of knowledge and really wanted to snoop, however, they could. In the case of Mac OS X or Ubuntu, all it would take is booting into single-user mode and copying your files to their folders and changing ownership of those files. Or, if they didn’t want to be stealthy about it, they could change your password and log in as you. In Ubuntu, Mac OS X, and Windows, if you have a live CD (like Knoppix), you can boot it, mount the hard drive, and read any and all files on the computer.
Of course, in addition to having a username and password, there are other ways to slow down intruders and snooping friends from exploring your computer’s contents (setting a BIOS password, for example). Ultimately, though, once physical security is compromised, your computer’s contents have been also compromised… unless your drive is encrypted.
Of course, if one single person learns anything new from reading this, then the obscurity is that much less obscure now than before, but this understanding leads to the next question of “Is security through obscurity better than no security at all?” The Pidgin developers seem to think it’s not, as you can read in their justification for storing instant messaging passwords in plain text. In answer to the question “But surely something is better than nothing, right?” they say No. When a Pidgin user looks at her accounts.xml file, she can tell immediately that it’s a sensitive file and should be treated as such. When an application attempts to ‘trick’ the user into thinking its passwords are secure by obfuscating it in some way, the user assumes it’s safe.
In one sense, I agree with this. I don’t believe in giving users a false sense of security. In another sense, though, I think what they’re saying is ridiculous. Most users of instant messaging programs never look to see whether their passwords are stored in plain text or not, so they will almost always assume it’s safe. What would make much more sense by their line of reasoning would be to have a huge warning the first time you launch up Pidgin saying “Instant messaging is never secure, and that’s why we store your password in plain text.”
I’m a little ambivalent about all this, if you couldn’t tell. On the one hand, I do believe that for most purposes (keeping snooping family members and friends out), having usernames and passwords for unencrypted data serves its purpose. In this regard, security through obscurity works. On the other hand, this does give people a false sense of security, as they may think that not having an autologin will prevent laptop thieves from getting their data. People won’t be careful when it comes to their data and the real “bad guys.” On a lighter note, they may think that forgetting their administrative password means they have to reinstall the entire operating system instead of just resetting the password.
I guess if it really comes down to it, I believe in education. I believe people should know what is secure and what is not secure. What do people think? I know I have a lot of tech-savvy folks (people who know a lot more than I do) who read this blog. Is it ever the case that security through obscurity is better than no security at all?