Can we ever be secure?
First, let’s start by defining what computer security is commonly understood to be.
Defining computer security
The data contents of a computer are vulnerable to few risks until it becomes networked (connected in come fashion to other computers). As the use of computer networks, especially the Internet has become ever more pervasive, the concept of computer security has expanded to denote issues pertaining to the networked use of computers and their resources.
Computer security is not an end goal but a process of preventing and detecting unauthorized use of your computer and data. Software security entails the protection of software assets that include the operating system, email, personal documents, user names; passwords, etc. Preventive measures are the steps to help you stop unauthorized users from accessing any part of your computer system. Whereas, detection helps you to determine if someone has actually attempted to break into your system, to what success they achieved, and what they may have done.
For the everyday Internet user, privacy is perhaps the most important aspect of computer security. Although users may feel that they have nothing to hide when they are registering with an Internet site or service, privacy on the Internet is about protecting one's personal information, even if the information does not seem sensitive. With of the ease of which information in electronic format can be shared among companies, and because small pieces of related information from different sources can be easily linked together to form a composite, it is now very important that individuals are able to maintain control over what information is collected about them, how it is used, who may use it, and what purpose it is used for.
Now, let’s take a look at the complexities of computer security.
The difficulty of securing computers
Computer security is a compromise between safety and freedom; just as are most other areas of day to day life. However, there are some aspects of computer security that cause difficulties unique to the field.
When connected to the Internet, millions of people around the world have access to the preverbal “front door “of your computer. If the door is unlocked or has insufficient strength to protect against a motivated attacker, your computer can be compromised in milliseconds from anywhere in the world with near anonymity. Firewalls can and do, limit access to computers through the network. However, with the purpose of a network being to communicate, foiling communications just breaks the network. When it is possible to define the types of communications that are desired, then firewall rules can be formulated that limit access to only those communications. However, this is nearly impossible to do in organizations consisting of a diverse population with diverse jobs, needs, and desires. Without a block on communications, we're dependent upon social mores and the threat of punishment to prevent this type of behavior. If we can't prevent it, we're dependent upon imperfect technology and our own reaction times to clean up any mess. Even if we have firewalls, some form of communications must get through.
Additionally, today's computers have dozens of applications, tens of thousands of files, and tens of millions of lines of code. The components are supplied by varied vendors and the PC user has hundreds of configuration options. Then consider a hacker only has to find one single opening! Completely ridding the computer of every hole would involve testing every line of code, in every possible application configuration, with every possible operator action. In today's vendor “rush-to-market” enthusiasm, this just isn't going to be happen. There will be holes for hackers to get in and they'll have to be patched as they're found. Even if all the holes could be plugged, hackers often piggyback through authorized doors. When you run a new program or allow programs to be run by your browser or email reader, it provides a way for hackers to get in without having to find an obscure hole.
Today's computers prime design goals are "ease of use" and functionality. They try to let their operators do what they want with as few steps as possible. They often come out of the box in their most lenient configuration. Sometimes, this makes them as susceptible to risk as would a public sporting event, public transportation, or your local grocery store. They are subject to a wide variety of risks due to their free access.
Computers can be scanned and probed from around the world virtually without fear of breaking any laws. Networks can be mapped and vulnerability databases created that can be used later by automated exploitation tools to compromise and/or disable systems in milliseconds. If we want to retain full network functionality and access, we're accepting the risk of being the target of such behavior.
Even if the laws exist, jurisdictional issues may render them ineffective. Political considerations or misunderstandings may result in contradicting, vague, or otherwise troublesome legislation. Law enforcement agencies and prosecutors are hesitant to pursue crimes having hard to estimate or relatively low financial losses which may involve expensive, complex, and time consuming investigations.
Finally, with more than a ˝ billion people on the Internet and a great deal of them relatively new and inexperienced, it is difficult to educate them on acceptable behavior. That is, assuming we could get a majority, let alone, everyone to agree on what acceptable behavior constitutes.
Summary
Okay, back to the question, “Can we ever be secure?”
Well, [cough] reasonably, yes, certainly. It does require assuming responsibility. Today’s computer user doesn’t have a luxury of time to learn how to care for and operate your home computer. When you attach it to the Internet for the first time, it instantly becomes a target for intruders. You need to be ready right from the start.
You have to continually work to quality check everything that can go wrong. In the same way that you are responsible for having insurance when you drive a car, you need to also be responsible for your home computer’s security.
This website is the product of many, many hours presenting articles of insight, information, prevention tools, and “How-Tos” related to computer and internet security (sitemap). However proud of our content, we here at RHorizons fully understand we are neither the panacea for computer security nor “the authoritative word” on the subject. That is why we recommend and encourage you to follow links provided to other quality private, commercial, and governmental websites related to security.
 |
