Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bad Security Driving Out the Good

Posted by kdawson on from the no-lemonade-for-you dept.

Bruce Schneier has up at Wired a typically thoughtful piece on how, in the security market as in others, the lemons are winning out over the good products. Schneier harks back to "The Market For Lemons," the 1970s work of economist George Akerlof, to explain why the market's invisible hand pushes most of the best products into the abyss: "With so many mediocre security products on the market, and the difficulty of coming up with a strong quality signal, vendors don't have strong incentives to invest in developing good products. And the vendors that do tend to die a quiet and lonely death."

5 of 215 comments (clear)

  1. The best understatement of the year so far? by ZorroXXX · · Score: 4, Informative
    Written by no other than Bruce Schneier:

    ... but even I couldn't tell you if Kingston's offering is better than Secustick. ... And if I can't tell the difference, most consumers won't be able to either.
    --
    When you are sure of something, you probably are wrong (search for "Unskilled and Unaware of It").
  2. Re:marketing by Turn-X+Alphonse · · Score: 3, Informative

    I completely disagree.

    My parents both wish to learn more but they just don't understand what thinks mean. They think "memory" (RAM) is used to hold data (Hard drive space), so getting more RAM must mean they can store more files. Logically this works, memory = storage in the classic sense and this is why marketing works. Saying "More 255 QUQUTALUU memory!" and "wow a massive 20 gig hard drive" makes it seem like these things are big and impressive, where as people who know see it's complete crap.

    Maybe if we stopped calling people lazy and taught them just the basics (what RAM does, what a hard drive does etc.) they would understand marketing for the bullshit it is and see through it. But instead we sit here going "lol idiots, too lazy! idiots!" and end up having to slave over their mistakes.

    --
    I like muppets.
  3. Re:Money. by cyphercell · · Score: 4, Informative

    Secustick is rare in that they admitted that their device was insecure when the flaw was discovered (highly commendable). This is something I see happening at work quite often, you simply don't talk about your mistakes or anyone elses, because people are so damn neurotic about it. You have to very carefully say what you're trying to say, or people will get defensive and supervisors get offensive. Quality takes a back seat because people don't have an f*ing clue what the difference is between accountability and guilt/incompetence. Secustick is holding themselves accountable, but I'm sure many see them as a joke.

    --
    Under the influence of Post-Cyberpunk Gonzo Journalism
  4. The real issue with imbalance of information by spun · · Score: 2, Informative

    The imbalance of information problem isn't about the fact that an individual needs perfect information to participate successfully. You can read the paper mentioned for the real reasons that this form of market failure is a problem, but I'll try to summarize.

    Sellers of used cars have more information about the true value of their car than buyers do. Therefore, buyers must assume that the car is of lesser value than the seller states. As a group, they will offer less than a fair value for the car. This drives some of the more honest sellers who were telling the truth about the value of their car out of the market. This raises the proportion of dishonest to honest sellers, so buyers are even more likely to undervalue the car, perpetuating the cycle.

    It is a systemic problem, not an individual problem regarding idiots getting screwed over.

    --
    - None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
  5. his dates are off by Wilpower · · Score: 3, Informative

    > In the late 1980s and early 1990s, there were more than a hundred competing firewall products. No there wasn't. I owned a firewall consulting firm back then. In the early 90's there were less than half a dozen firewalls products to choose from. There was very little interest in them until Al Gore made his "Information Super Hi Way" speech around 94? > The few that "won" weren't the most secure firewalls; they were the ones that were easy to set up, easy to use and didn't annoy users too much. That may have been true for the consumer personal firewalls that started coming out in the late 90's, but it wasn't a factor for corporate server like firewalls. We were of the opinion that Gauntlet, the commercial product based off the firewall toolkit, a proxy based, open source firewall from Trusted Information Systems was the most secure firewall at the time. However Firewall One, a statefull packet filtering firewall from Checkpoint, was the clear winner in number of units sold. It had nothing to do with ease of use. Firewall One ran on a Sun. Most corporate accounts had at least some Suns. If you already had Sun's 7/24 support, they included it for your firewall at no extra charge. Any other firewall would have involved paying for 2nd 7/24 support contract. The closest they got to an ease of use issue was the resistance to bringing another flavor of Unix like BSD or Linux into their shop. My how things have changed :-)