DH wrote :

One very common security model is that the security perimeter includes the PC and you're only concerned with transmission interception.

Definitely the wrong place to draw the dotted line if you're truly worried about your information.

MS is swiss cheese but most OS have some weakness in many configs.

How many people actually look at the source of the code they install on *nix machines??? How many of those who do are actually qualified to do security reviews? Cf. recent PGP bugs.

Not enough.

If you're really worried you'd use a sealed PDA (that you can control at all times) to capture/render and the PC is just for transport. [This applies Tim's modularity argument to hardware.]

I'd consider a Starium unit a dedicated PDA in this context.

Of course, both PDA and Starium remain succeptible to shoulder surfing, bugs, your windows modulating a laser, etc.

dh

Using an embedded system is not a new topic here. I think its the only viable method of securing data. On that note, given the little wireless gizmo of Tim's description, the device could have, via appropriate applications on the insecure host/transport gateway, access to a services on the host that would expand its list of resources without compromising security. The obvious useful resources are the network and mass storage though other i/o might be interesting. All storage of course would be encrypted and never available as plain text on the host. Any i/o used should not carry information that is to be kept private, only as a means to transport non-critical data into the PDA. What is required is a PDA that is open sourced all the way down to the HW. Is the Palm this way? I think I've asked this before but frankly I don't remember the answer. There are probably others that are OK. Yopy looks interesting. Which ones will still be around in a couple of years?