[extropy-chat] Privacy, Security?? Don't make me laugh.

BillK pharos at gmail.com
Wed Nov 24 21:06:28 UTC 2004


On Wed, 24 Nov 2004 10:57:09 -0800 (PST), "Hal Finney" wrote:
> 
> I am more optimistic about security.  My view is that we (the pro-security
> forces) have only begun to fight.  SP2 shows that Windows can become
> genuinely more secure.  Open source alternatives are agile and responsive
> to security threats.
> 
> Security, like spam, has only become a major issue for individual users
> in the last couple of years.  It takes a while for the net community to
> respond, just as it takes a while for the body's immune system to respond
> to an infection.  But eventually I believe we will see an effective and
> indeed overwhelming response from security technology, and the result
> will be a far more secure networking infrastructure.
> 


You are indeed more optimistic than me about security. But then as
part of the computer security industry, that's what they pay you for.
You are hardly going to talk yourself out of a job, are you? And, of
course, every little helps - it is just insufficient to stop the tide.

I have a fair bit of computer industry experience (note modest Brit
understatement ;) ) and it sounds like whistling in the wind to me.
The problem is not the few thousand knowledgeable people that work in
the computer industry. It is the great unwashed millions out there.

Yes, plugging the ten years' worth of bad design holes in Windows is a
good thing. 
Yes, switching to FireBadger is a good thing. (I use it myself).

But, read my original post again. The problem isn't mainly the loopholes in
Windows or the techie tricks that take advantage of unwary people. The
more technically secure you try to make the system then the more
unusable it will become for the multitudes. They will lose patience
and switch off or bypass the stringent security.

Bruce Schneier wrote in his book Secrets and Lies:
Digital Security in a Networked World (John Wiley, ISBN 0-471-25311-1):
    -  "Security is not a product, it's a process." 
    -  Moreover, security is not a technology problem - it's a people and
management problem. 
    -  "If you think technology can solve your security problems, then you
don't understand the problems and you don't understand the technology."


BillK



More information about the extropy-chat mailing list