Josh makes some good points but I still think the analogy is a good one. It is easy to get carried away when we try to compare network/OS/Workstation security to physical/human security and the IT security community (antivirus vendors in particular) have a tendancy to overblow their job descriptions. After all, nobody thus far has has ever died from a virus attack, although I will admit to not being surprised if more than a few bottom lines may have suffered in terms of lost time and data loss.

But I still think the building analogy works if only because the metaphor in real life can be looked at in so many ways. Sure, a dog by itself isn't going to bring down a building; nor is a Baegle virus about to bring down any individual piece of hardware or take down the internet. But a little dog sporting a note that says he's infected with some biological contagion or biological agent could do some serious damage to the inhabitants of the lower floors of a large bulding, most notably the postal center, security and facilities, which are usually located on those floors. Moreover, even if this doggie didn't get beyond the first floor, if he managed to infect these folks, the building would have to be shut down and all of the inhabitants would need to be evacuated for an indeterminate amount of time, even if the contagion turned out not to be that serious or to be a hoax.

The point about the operating system is dead on. It is human nature to accept a certain amount of risk in exchange for a certain amount of benefit, as evidenced by the fact that highway fatalities remain one of the leading causes of death in most of the industrialized world even though new roads are still being built. I don't see any prospect of this changing soon and those who say that they favor going to less user-friendly solutions, need to offer better solutions than telling people who have already dedicated their time to suddenly drop everything to retrain themselves on EMACS. No offense to RMS intended, but this tends to get to the core question of freedom. There are those who believe that freedom means having the power to make your own path; but for most of us it means having the power to choose to continue on the paths we have chosen. We need to continue to find a reasonable balance.



[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/228/25441#25441