Thursday, October 17, 2013

Computer Security vs the World

Information is the currency of the Information Age. And just like bank robbers and safe crackers of the past, there are those with criminal tendencies who will strive to gain access to information they should not have. So we secure our computer systems and information stores, trying to protect our hoards from prying eyes and illegal downloads. The real problem lies in finding a balance between securing a system and keeping a system usable. Systems need to be secure to protect the information they contain and to prevent misuse. But if the security becomes overbearing, even legitimate users are likely to turn it off or find ways to bypass it. Figure 1 shows one of Windows Vista's UAC (User Account Control) prompts, which seemed to pop up for every choice on the operating system. Many people turned UAC off completely because the prompts became so annoying.

Figure 1 - Windows Vista User Account Control Prompt

In The Cuckoo's Egg, Clifford Stoll recounts the tale of how he discovered and tracked a computer hacker through his system back in the early days of interconnected computers. Many of the security holes the hacker used were there because System Administrators had not secured their systems correctly. They left default accounts active, or used software with bugs that created security loopholes. Often the reason for the security blunders was to make access for legitimate users more convenient. Unfortunately this also had the side effect of unlocking the door for intruders as well.

So what can be done? Where is the balance between usability and security to be found? A Google search for security vs usability gives 1,730,000 results, none of them giving a real definitive answer. People are thinking about it though, so at least we're moving in the right direction.
Posted by at
Labels: , , , ,

4 comments:

  1. UnknownOctober 17, 2013 at 2:06 PM

    I remember that security feature to Vista being a large annoyance to users. A similar feature still exists in Windows 8 where the system will freeze for a second and ask for permission to continue installing an application. I agree that there needs to be a balance of security and usability. I believe there are some security features that can be automated so you get the best of both. Have a password keeper that will let you have one password you can remember and have the password keeper keep track of long and unusual passwords.

    ReplyDelete
  2. Jeff AndersenOctober 22, 2013 at 8:19 AM

    I can sympathize with the science researchers who built their highly usable systems with trust in mind, only to have the harsh reality of hackers dispel their notions of an open Internet.

    ReplyDelete
  3. Nozomu OkudaOctober 25, 2013 at 9:05 AM

    The problem reminds me of a quote: "Human cause problems. Get rid of the humans, and you get rid of the problems." -- Joseph Stalin

    ReplyDelete
  4. Nick PopeOctober 29, 2013 at 7:22 AM

    I start to wonder if username/password is even the best solution. It think we need to really rethink what security means and find creative ways to secure systems. Short range radio transmitters are a good example of this. TouchID is another example of less invasive, and higher security methods.

    ReplyDelete

Subscribe to: Post Comments (Atom)