Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Six Dumbest Ideas in Computer Security

Posted by Zonk on from the don't-hire-catbert dept.

Frater 219 writes "The IT industry spends a huge amount of money on security -- and yet worms, spyware, and other relatively mindless attacks are still able to create massive havoc. Why? Marcus Ranum suggests that we've all been spending far too much time and effort on provably ineffective security measures. It may come as a surprise that anti-virus software, penetration testing, and user education are three of "The Six Dumbest Ideas in Computer Security"."

3 of 792 comments (clear)

  1. Highly applicable by gunpowda · · Score: 5, Informative
    The Internet has given a whole new form of elbow-room to the badly socialized borderline personality.

    Woah, he's not talking about Slashdot?

  2. Re:He mixed up hacking and cracking by TLLOTS · · Score: 4, Informative

    I think you misunderstood his point with #4. My understanding of what he was saying was that time spent learning how to hack into a system with xyz could be better spent simply learning about good security practices (such as how to prevent a buffer overflow). Rather than spending the rest of your life learning about each new exploit, you simply focus on why those exploits are occuring, and fixing them at the source, rather than trying to simply keep patching.

  3. Re:Dumber Article... by Krunch · · Score: 5, Informative
    One of the points basically comes down to "write perfect code".
    No, it comes down to "build a perfect design".
    Of course I fricking want to install it
    But maybe you don't want it to connect to the network or touch the filesystem.
    --
    No GNU has been Hurd during the making of this comment.