Slashdot Mirror

← Back to Stories (view on slashdot.org)

Do We Really Need a Security Industry?

Posted by CmdrTaco on from the only-if-software-had-no-bugs dept.

netbuzz noted that Bruce Schneir's latest column discusses the security industry where he points out that "The primary reason the IT security industry exists is because IT products and services aren't naturally secure. If computers were already secure against viruses, there wouldn't be any need for antivirus products. If bad network traffic couldn't be used to attack computers, no one would bother buying a firewall. If there were no more buffer overflows, no one would have to buy products to protect against their effects. If the IT products we purchased were secure out of the box, we wouldn't have to spend billions every year making them secure."

7 of 297 comments (clear)

  1. "Schneir"? by sczimme · · Score: 5, Informative


    At least spell his name correctly: Schneier.

    --
    I want to drag this out as long as possible. Bring me my protractor.
  2. Geese Louise, this is stupid. by mcmonkey · · Score: 2, Informative

    The primary reason the IT security industry exists is because IT products and services aren't naturally secure.

    Do we really need locksmiths? If buildings were naturally secure (aka didn't have doors or windows), we wouldn't need locksmiths.

    However, people need to get in to and out of buildings, so we need doors. And sometimes we need to control which people are going in to and out of a building. So we need locksmiths.

    So, if your IT systems are powered down, unplugged, encased in carbonite, and buried at the bottom of the sea, then the answer is no, you do not need a security industry. Or, at the other end, if all your IT doors and windows are open, and you don't care who comes in and out, then again, you do not really a security industry.

    But if you want some people to have access to your computer, but not others. Or you want to control the level of access people have, then yes, you do need a security industry.

  3. Network protocols are NOT secure by snowleopard10101 · · Score: 1, Informative

    The whole TCP/IP stack was NOT designed taking security under consideration. Therefore, we either need an external security mechenism (such as firewalls, IDSs, IT department, etc.), OR we need to design new secure network protocols and change every single node in The Internet. Now, obviously we can't change every single node in The Internet, can we?

  4. Virri? Where'd that extra R come from? by Corpuscavernosa · · Score: 3, Informative

    In the English language, the standard plural of virus is viruses. This is the most frequently occurring form of the plural, and refers to both a biological virus and a computer virus.

    The less frequent variations viri and virii are virtually unknown in edited prose, and no major dictionary recognizes them as alternative forms. Their occurrence can be variously attributed to hypercorrection formed by analogy to Latin plurals such as alumni or false analogy to Latin plurals such as radii; idiosyncratic use as jargon among a group, such as computer hackers; and deliberate word play, such as on BBSs (see, e.g.: leet).

    From Wikipedia, your source for all things accurate.

    --
    We figured out a long time ago that it's easier to elect seven judges than to elect 132 legislators.
  5. Virii is not a word by Anonymous Coward · · Score: 3, Informative

    Virii isn't a word. It's not the Latin plural of "virus". It would be the plural of "virius", if that were a word, which it isn't. Quite plainly, "virus" has no Latin plural. "Viri" is the plural of "vir", which means 'man'. In Latin, it was a catch-all for "poison". It has no plural in the same way the English word "everyone" has no plural.

    There are entire wikipedia articles on this issue. What you're doing is wrong, and I've modded you down for being an idiot. The correct plural is "viruses". Start using it. It's in your own best interest, after all. Anyone who knows the most basic amount of real Latin will laugh at you the moment you utter the word.

  6. Re:I have a better question... by CrankyOldBastard · · Score: 2, Informative

    Bruce Schneier is not "a columnist". He invented the firewall, is is one of the more clued people regarding IT security in the world.

  7. The Analogy is Perfectly Valid by Valdrax · · Score: 2, Informative

    The core argument of the analogy is:
    If people behaved properly, we wouldn't need an entire field of work to clean up after them.

    If people coded properly, we wouldn't need security products.
    If people obeyed the law, we wouldn't need cops.
    In other words, "No kidding, Schneier. Welcome to the real world, where people don't act ln an ideal manner."

    You're reading things far too literally (focusing on the details in the difference in security modesl) to get the core message.

    --
    If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").