Saturday, August 30, 2014

Security 101


1. Any competent programmer can devise a nonsequential, noisy encryption scheme that unlocks by algorithm, not key, and thus cannot be defeated by any method.

2. Such a run-of-the-mill coder can also devise a virus that cannot be detected by any method.

3. No complicated software can be certified virus, malware, and trojan-free with 100% certainty, even if the source code is exhaustively reviewed by a national security agency over a period of a hundred years and with a billion-dollar budget. (If you are in any doubt about this, review #1 & #2.)

4. No complicated software can be certified to be free of all present and future security vulnerabilities, intentional or unintentional.

5. People who download programs or operating systems from Pirate Bay are either kidding themselves or don't care because they have taken precautions such as running the software in a sandbox, etc.

6. People who think it is fine and dandy to install software from China, etc. are in the same boat as the #5 group.

The bottom line is this--and everyone using the Internet today needs to know this not now, but yesterday--computer programs are just as complicated, diverse, and potentially harmful and untrustworthy as human beings. Therefore, the same rules apply. Consider the source, reputation, and available references. Take precautions and reduce risk. And continue observing.

No comments:

techlorebyigor is my personal journal for ideas & opinions