Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bad Security Driving Out the Good

Posted by kdawson on from the no-lemonade-for-you dept.

Bruce Schneier has up at Wired a typically thoughtful piece on how, in the security market as in others, the lemons are winning out over the good products. Schneier harks back to "The Market For Lemons," the 1970s work of economist George Akerlof, to explain why the market's invisible hand pushes most of the best products into the abyss: "With so many mediocre security products on the market, and the difficulty of coming up with a strong quality signal, vendors don't have strong incentives to invest in developing good products. And the vendors that do tend to die a quiet and lonely death."

8 of 215 comments (clear)

  1. Money. by Sorthum · · Score: 5, Insightful

    As TFA states, it's easy for someone to create a security product which they themselves cannot break. Hiring external testers can be a huge expense if done right, and when companies rely more on hype than on technical brilliance, they end up getting screwed. SecuStick is rare only in that its crappy security made headlines.

  2. Vista by Toe,+The · · Score: 5, Insightful

    Well... that explains why Vista is selling.

    (Yeah I know... flamebait. But it had to be said.)

  3. This story 2400 years old. by qazsedcft · · Score: 5, Insightful

    Socrates in the 400s BC was already complaining about how sophistry is winning over logic and reason. The world will never change.

    1. Re:This story 2400 years old. by kisrael · · Score: 5, Interesting

      The Earth is degenerating today. Bribery and corruption abound.
      Children no longer obey their parents, every man wants to write a book,
      and it is evident that the end of the world is fast approaching."
      --Assyrian tablet, c. 2800 BCE (allegedly)

      --
      SO YOU'RE GOING TO DIE: The Comic for Dealing with Death
  4. Re:The way of the world by BSAtHome · · Score: 5, Insightful

    You are right; it is not security/xyz that sells, but the perception of securty/xyz. That is where the marketers come in.

  5. Good vs Good Enough by Archangel+Michael · · Score: 5, Insightful

    There is an invisible line between being good (as in above average) and good enough (as in gets the job done).

    All things equal, people will choose good over good enough, however all things are not equal. Better products tend to cost more, better service costs more. Cheap products that do mostly marginal job wins the price war and hence wins the market.

    There are always going to be niche markets that serve people who KNOW quality and service, most people don't care enough. They'll just choose whatever is cheapest at the moment from brands that they know (even if cheap), as long (and this is key) the quality is "good enough".

    Which is why if I were making a product line, I'd make two different and distinct products, one "good enough" and one with better higher quality/service. I'd even go so far as to make sure by brand distinction that people would knwo "cheap, but good enough" from "good" by using strong branding.

    Take McDonalds vs any higher quality hamburger shop (Red Robin, White Castle etc), which one is "good enough" vs good. Why don't more people choose the better burger?? It is because McDonalds is "good enough". And in spite of everyone complaining about McDonalds employee quality of service, it is "good enough" to keep going back.

    --
    Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
  6. Computer Security - The Problem for Joe Blow by Grashnak · · Score: 5, Insightful

    I feel there is a basic problem when we consider computer security for the average user (not people who have professional or legal obligations to protect their data). There are now two types of average users, those who are so dumb they don't have any security at all (no firewall, no anti-virus, open Wi-Fi etc). These people need to be educated. On the other hand, there is an increasing population of average users who have been turned into paranoid security freaks.

    Most people have no need of a USB key that self-destructs. They don't need to encrypt their hard drives, on which they probably store nothing more sensitive than their really bad first novel draft. They don't need a 26 character Hex password on their operating system. I suspect that a much higher percentage of these normal people lose their data because they can't remember the password to access the data than lose it due to not having tight enough encryption protection. They are out there having to reformat their drive because they can't remember their login password, or having their laptop explode because they installed the new "Explodo-Crypt" device and then accidently had the caps lock key on when they tried to access it.

    People need to get effective security solutions for their REALISTIC needs.

    --
    Life needs more saving throws.
  7. The best Marketing = Religion by LibertineR · · Score: 5, Insightful
    Tech Companies should learn this and never forget it.

    Endless promotion, Endless recruitment, Constant attack on competition.

    Persuasive spokespersons, Constant reminders of what you WONT get if you dont buy, and buy NOW.

    An answer to every question or challenge about your product, and when that wont work, promote FAITH in the organization, and patience in the reciept of what you are really wanted.

    Unashamed, unabashed belief in your product as THE ONLY real solution.

    This is Evangelism, and it works better than anything else, regardless of whether you really have the goods or not.