Your computer is tormented by a wicked god

Bootkits are why we can’t have nice things.

Computer security is really, really important. It was important decades ago, when computers were merely how we ran our financial system, aviation, and the power grid. Today, as more and more of us have our bodies inside of computers (cars, houses, etc) and computers in our body (implants), computer security is urgent.

Decades ago, security practitioners began a long argument about how best to address that looming urgency. The most vexing aspect of this argument was a modern, cybernetic variant on a debate that was as old as the ancient philosophers — a debate that Rene Descartes immortalized in the 17th Century.

You’ve doubtless heard the phrase, “I think therefore I am” (Cogito, ergo sum). It comes from Descartes’ 1637 Discourse on the Method, which asks the question, “How can we know things?” Or, more expansively, “Given that all my reasoning begins with things I encounter through my senses, and given that my senses are sometimes wrong, how can I know anything?”

Descartes’ answer: “I know God is benevolent, because when I conceive of God, I conceive of benevolence, and God gave me my conceptions. A benevolent God wouldn’t lead me astray. Thus, the things I learn through my senses and understand through my reason are…