As a computer security guy, I disagree substantially. Yes, newer versions of popular operating systems and server programs are usually more secure than older versions; it’s easier to hack into Windows 95 than Windows 7. But this is happening within a larger ecosystem that’s becoming less secure: More important control systems are being connected to the Internet, more old, unsecured/unsecurable systems are as well, and these sets have a huge overlap. There are more programmers writing more programs for more platforms than ever before, making the same old security mistakes; embedded systems are taking a larger role in our economy and daily lives. And attacks just keep getting better.
If you’re thinking there are generalizable defenses against sneaky stuff with code, check out what mere humans come up with in the underhanded C competition. Those tricks are hard to detect for dedicated experts who know there’s something evil within a few lines of C code. Alterations that sophisticated would never be caught in the wild—hell, it took years to figure out that the most popular crypto program running on one of the more secure OS’s was basically worthless.
Sure we are, we just don’t care very much. The method of “Put the computer in a box and don’t let anyone open the box” (alternately, only let one person open the box) was developed decades ago and is quite secure.
As a computer security guy, I disagree substantially. Yes, newer versions of popular operating systems and server programs are usually more secure than older versions; it’s easier to hack into Windows 95 than Windows 7. But this is happening within a larger ecosystem that’s becoming less secure: More important control systems are being connected to the Internet, more old, unsecured/unsecurable systems are as well, and these sets have a huge overlap. There are more programmers writing more programs for more platforms than ever before, making the same old security mistakes; embedded systems are taking a larger role in our economy and daily lives. And attacks just keep getting better.
If you’re thinking there are generalizable defenses against sneaky stuff with code, check out what mere humans come up with in the underhanded C competition. Those tricks are hard to detect for dedicated experts who know there’s something evil within a few lines of C code. Alterations that sophisticated would never be caught in the wild—hell, it took years to figure out that the most popular crypto program running on one of the more secure OS’s was basically worthless.
Humans are not good at securing computers.
Sure we are, we just don’t care very much. The method of “Put the computer in a box and don’t let anyone open the box” (alternately, only let one person open the box) was developed decades ago and is quite secure.
I would call that securing a turing machine. A computer, colloquially, has accessible inputs and outputs, and its value is subject to network effects.
Also, if you put the computer in a box developed decades ago, the box probably isn’t TEMPEST compliant.