Computer and Network Security is Hard - Too Hard

When I was attending school and then working in academia, I did a considerable amount of computer and network security research and work. It was interesting to say the least, but the technical work was not what made the biggest impression on me. Instead, the basic hopelessness of the situation ended up driving me out of that field.

What do I mean by hopelessness? It's the way the battle lines are drawn today when it comes to security. Both sides are fighting the same basic battle on the same turf with continuously escalating measures and countermeasures. The hopelessness is the apparently never-ending nature of the conflict. There was (and still is) no apparent way out of this - you just have to soldier on.

We Don't Know What We Don't Know

This perspective is at the enterprise level where you actually have a fighting chance at managing the problem. It gets much much worse when you look at it at the mass consumer level. Most people don't have a ghost of a chance of keeping malware and other "bad things" from happening to their systems. The enormity and intractability of that problem is downright depressing.

I believe this situation is one reason why Apple is on the right track with iOS. Many technical types decry the closed and locked down nature of iOS. On the contrary, this is a boon for your average computer user. Their ability to inadvertantly compromise their device is reduced to almost zero - saving them much lost time and potentially protecting them from financial loss.

So is that the answer to this never-ending arms race? We just keep locking down and neutering our devices (i.e. reducing the vulnerability "surface area") until crackers (the proper term for these villians) can't cause us any more grief?

Guerilla Fighting

I'd like to believe there is some other way out of this mess. And based on the current situation, it will probably have to involve an aspect of "asymetric warfare" - something that changes the situation so dramatically that computer and network security are no longer so hard. And if that does come to pass, maybe someday security will actually become fun again.