The right way to talk about computer security

Seth Gordon suggests that we shouldn't talk about computer security as it was a war game or a disease problem.

People who are familiar with computer security understand where the dramatic metaphor ends and where prosaic reality begins. If I have a physical firewall around my computer, and someone lights a physical fire outside of it, the safety of my computer depends on the resources of the arsonist: with the right chemicals, any firewall can be turned to rubble. If I have an electronic "firewall" between my computer and the public Internet, and the firewall is configured to block all incoming traffic, the world's most brilliant network engineers with the world's most powerful computers will not be able to override the firewall simply by sending packets to it over the Internet.

But try to think like someone who doesn't know much about computer security, doesn't have the time or inclination to learn, and doesn't know how to interpret the metaphors. Microsoft is the largest and wealthiest software company in the world, and Windows and Office are their flagship products. Surely, if they are vulnerable to computer viruses, then any comparable products from any competitor must be at least as vulnerable. Any claim that an operating system written by a bunch of volunteers is more secure than Windows doesn't deserve a moment's serious consideration

(via David Weinberger)

About this Entry

This page contains a single entry by Ask Bjørn Hansen published on September 20, 2003 5:32 PM.

If you liked Verisign's Sitefinder ... was the previous entry in this blog.

From the minds of the Direct Marketing Association is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.


OpenID accepted here Learn more about OpenID
Powered by Movable Type 4.38
/* bf */