Wednesday, May 28, 2014

Costly defence

I found an interesting article yesterday about the huge number of security flaws in the computer code that our society is so dependent on.  The basic idea is that the code base that supports all of our downloading of cat pictures and pornography is incredibly vulnerable and even though we have a lot of clever folks patching it up as fast as they can we simply can't avoid exposing ourselves to the destructive urges of hackers.

It is true that much of the code out there sucks.  Once a piece of code becomes standard everyone builds around it even if it isn't very good.  We end up pushing code out the door as fast as possible and doing so based on release dates rather than quality control.  We focus on sizzle instead of steak and make sure that it is big, bright, and pretty instead of secure because the end user can't tell if it is secure anyway.

The author is aghast at this state of affairs.  I on the other hand think it really isn't such a big deal.  Look at the buildings we build.  Do we cover every window in bars?  Build our walls of solid concrete?  Install barbed wire, electric fences, and fingerprint locks on the doors?  Of course not.  We don't want people to break into our houses and steal our stuff but the cost of protecting our stuff in ways like that greatly exceeds the expected cost of burglaries.

Consider one area in which we absolutely do go bonkers for maximum security - airport security checkpoints.  They have porno scanners, patdowns, and chemical sniffers.  They take away your water because it is in a bottle larger than 100ml.  They take away your nail clippers because they could be used as a weapon.  They make you take off your shoes because you might somehow slip a bomb into your soles or something?  Virtually everyone agrees that airline security is an absolute nightmare and doesn't prevent anywhere near enough disasters to warrant its existence; this is what maximum security looks like.

It is a good thing to write better code.  It is also excellent to have planes arrive at their destination intact, and to have our houses not be broken into.  In all cases though it isn't true that we need perfect defence, but rather that we should make a sensible calculation as to the probability of loss and the cost of protection against that loss.  Striving for perfection is a fine thing to do in art but it makes terrible public policy.

The fact is that a determined attacker can take down nearly any system and the cost of making it slightly harder for them rapidly becomes prohibitive.  What regular people actually want out of their code is that it be mostly secure most of the time and show up quickly and cheaply.  That may not appeal to the aesthetic desires of those who write that code but it does reflect the way we build everything else, and the desires of the populace who will end up using it and suffering through its failures.

No comments:

Post a Comment