Replies

As someone who quit the tech industry over (in part) the white-wash that is “security,” I’ll offer this observation:

The single biggest impediment to real security are users.

Real security requires constant vigilance and (to use a somewhat ‘extreme’ description of behavior) paranoia. In the online world, yes, there are people who “out to get you.” All the time, every day, on every platform, for all manner of reasons.

When we in the computer hardware/software/networking industries try to impose some “mandated” security, all we get is a ration of crap from users.

I’ll give you an example: automatically enforced password changes. This is so simple to implement, yet yields such a big payback, you’d have to wonder “Why aren’t automatic password changes enforced all over corporate systems?” Well, because the users howl when you force them to change passwords. They come up with all manner of silly reasons why they can’t remember a new password.

Of course, any hacker worth their salt knows that the easiest line of attack on a multi-user system (and on laptops with passwords) is you try the name of the users: spouse, kid, pet dog, mother, father, etc. IN a guess chain of about 5 passwords, you’re into at least a third of accounts.

Let’s take browser security as another example, but switch our focus to development groups: Java was created by Sun’s engineers to be pretty secure. In the original design of Java, they put a LOT of effort into security.

But instead of working with Sun to make Java the standard client-side scripting language in browsers, Netscape created what is today called “JavaScript” (never mind the “Java” part of “JavaScript” - it resembles Java in only superficial ways). Java is a lot more secure than JavaScript.

Look at MS’s stubborn adherence to “active content” - the idea that you can receive a email message or surf to a web page and the message or page can cause things to execute on your computer. This is a security hole so big you can drive a M1 Abrams through it. MSFT has added one slap-dash change on top of other slap-dash changes in this idea - when the most secure thing to do would be eliminate it entirely. MSFT wants to keep their “active content” as a sales feature, and many users now want active content because it means you can have pretty dumb users. Consider the Windows Update script and how powerful it is. You can have your users just surf to the proper URL and the user’s computer is then updated. No training necessary, the scripting does everything. The solution to this would be to require users to bridge the gap between content downloading and execution. People don’t want to do it.

Lastly, let’s talk about programmers/engineers. They’re HARDLY blameless here for their slothful attitude towards security. What is the predominate programming language today? C and its successor, C++.

Having people write large, critical applications in C is like giving kids amped up on Jolt cola a handgun with which to play their shoot-em-up video games.

Having people write large, critical applications with C++ is like giving them a couple of pounds of high quality Peruvian Marching Dust and a squad automatic weapons. The results are predictable.

Could programmers create secure s/w in C/C++? Sure - with a GREAT deal of attention to detail. A faster way of getting programmers to think about security and reliability by enforcement would be to have them start writing software in Ada or a similarly strongly-typed language, or some programming environment that encourages or imposes constraint-based programming. Ah, but having the compiler or environment “enforce” good, consistent tight programming practice gets all manner of belllyaching from programmers - so we don’t do it until it is an application where people will almost certainly die from programming mistakes.

As you said, we can’t achieve a “completely secure system” - but the gap between where we are and a “reasonably secure system” is huge - and largely one of choice that we’d rather be standing on this side of the canyon with those who want to pillage and plunder because it is more convenient.