Anonymous (a frequent commenter on my blog) asked a good question regarding my blog post on patching a critical secruity flaw in Microsoft IE. I thought I'd answer it in a new post...
This game of cat and mouse in security can't go on forever. (Or can it?) What do you see as the future of software security? Do you see a point where a single elegant solution will address most, if not all, exploits?
No, the game won't go on forever--at some point the Sun will explode. To think that the current state of insecurity is anomolous, and that the prior period of relative quiet was more normal, is backward. During the initial 6 years of internet growth the criminals hadn't yet organized, studied, and employed state of the art technology for developing and sharing exploits. That honeymoon is over. Exposure to cyber fraud, looting and mayhem is the normal state of affairs for a world in which the internet plays such a pervasive role.
Things that could could happen before the sun explodes to curb innovative and dangerous computer attacks:
(i) single world government that effectively tracks and prosecutes computer crimes everywhere
(ii) technical stagnation, in which new technologies are NOT regularly deployed
(iii) destruction or obsolescence of the internet.
I'm not holding by breath.
Sure, we will eventually tame any given vector of attack (e.g. email virus, spam, port scan, SQL injection, etc.) at least down to a nuisance level through a combination of technology, legislation/prosecution, profiling (which barely exists today), education and behavioral change.
(For a nice analogy to this phenomenon, read Earth Abides, in which humanity mostly dies off, and the earth offers up a fresh playground in which species compete for dominance. One by one new species explode to the point of over-population, and just as quickly die off in the face of predators and competitors.)
But criminals, embued with human ingenuity, will always plot new vectors, as I demonstrated to my wife here. You can wish it will stop, but you might as well also wish for world peace, an afterlife, or 18 consecutive birdies.
No comments:
Post a Comment