Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Security

Do We Really Need a Security Industry? 297

Posted by CmdrTaco from the only-if-software-had-no-bugs dept.
netbuzz noted that Bruce Schneir's latest column discusses the security industry where he points out that "The primary reason the IT security industry exists is because IT products and services aren't naturally secure. If computers were already secure against viruses, there wouldn't be any need for antivirus products. If bad network traffic couldn't be used to attack computers, no one would bother buying a firewall. If there were no more buffer overflows, no one would have to buy products to protect against their effects. If the IT products we purchased were secure out of the box, we wouldn't have to spend billions every year making them secure."
This discussion has been archived. No new comments can be posted.

Do We Really Need a Security Industry? More

Do We Really Need a Security Industry?

Comments Filter:

  • "Schneir"? (Score:5, Informative)

    by sczimme ( 603413 ) on Thursday May 03, 2007 @04:14PM (#18978221)

    At least spell his name correctly: Schneier [schneier.com].

  • Geese Louise, this is stupid. (Score:3, Informative)

    by mcmonkey ( 96054 ) on Thursday May 03, 2007 @04:23PM (#18978459) Homepage

    The primary reason the IT security industry exists is because IT products and services aren't naturally secure.

    Do we really need locksmiths? If buildings were naturally secure (aka didn't have doors or windows), we wouldn't need locksmiths.

    However, people need to get in to and out of buildings, so we need doors. And sometimes we need to control which people are going in to and out of a building. So we need locksmiths.

    So, if your IT systems are powered down, unplugged, encased in carbonite, and buried at the bottom of the sea, then the answer is no, you do not need a security industry. Or, at the other end, if all your IT doors and windows are open, and you don't care who comes in and out, then again, you do not really a security industry.

    But if you want some people to have access to your computer, but not others. Or you want to control the level of access people have, then yes, you do need a security industry.

  • Network protocols are NOT secure (Score:1, Informative)

    by snowleopard10101 ( 964540 ) on Thursday May 03, 2007 @04:28PM (#18978581) Homepage
    The whole TCP/IP stack was NOT designed taking security under consideration. Therefore, we either need an external security mechenism (such as firewalls, IDSs, IT department, etc.), OR we need to design new secure network protocols and change every single node in The Internet. Now, obviously we can't change every single node in The Internet, can we?

  • Virri? Where'd that extra R come from? (Score:3, Informative)

    by Corpuscavernosa ( 996139 ) on Thursday May 03, 2007 @05:02PM (#18979211)

    In the English language, the standard plural of virus is viruses. This is the most frequently occurring form of the plural, and refers to both a biological virus and a computer virus.

    The less frequent variations viri and virii are virtually unknown in edited prose, and no major dictionary recognizes them as alternative forms. Their occurrence can be variously attributed to hypercorrection formed by analogy to Latin plurals such as alumni or false analogy to Latin plurals such as radii; idiosyncratic use as jargon among a group, such as computer hackers; and deliberate word play, such as on BBSs (see, e.g.: leet).

    From Wikipedia [wikipedia.org], your source for all things accurate.

  • Virii is not a word (Score:3, Informative)

    by Anonymous Coward on Thursday May 03, 2007 @05:06PM (#18979289)
    Virii isn't a word. It's not the Latin plural of "virus". It would be the plural of "virius", if that were a word, which it isn't. Quite plainly, "virus" has no Latin plural. "Viri" is the plural of "vir", which means 'man'. In Latin, it was a catch-all for "poison". It has no plural in the same way the English word "everyone" has no plural.

    There are entire wikipedia articles on this issue. What you're doing is wrong, and I've modded you down for being an idiot. The correct plural is "viruses". Start using it. It's in your own best interest, after all. Anyone who knows the most basic amount of real Latin will laugh at you the moment you utter the word.

  • Re:I have a better question... (Score:3, Informative)

    by CrankyOldBastard ( 945508 ) on Thursday May 03, 2007 @10:25PM (#18983081)
    Bruce Schneier is not "a columnist". He invented the firewall, is is one of the more clued people regarding IT security in the world.

  • The Analogy is Perfectly Valid (Score:3, Informative)

    by Valdrax ( 32670 ) on Thursday May 03, 2007 @11:51PM (#18983621)
    The core argument of the analogy is:
    If people behaved properly, we wouldn't need an entire field of work to clean up after them.

    If people coded properly, we wouldn't need security products.
    If people obeyed the law, we wouldn't need cops.
    In other words, "No kidding, Schneier. Welcome to the real world, where people don't act ln an ideal manner."

    You're reading things far too literally (focusing on the details in the difference in security modesl) to get the core message.

Slashdot Top Deals

"I've seen it. It's rubbish." -- Marvin the Paranoid Android

Close