Home > Two lessons in computer security

Two lessons in computer security

If you’ve landed on this page, it’s probably because you’ve come to realize there is no click-through solution to information security and so have been searching like a maniac for some real solution.

Indeed, it’s the “click to solve my current problem†mentality which is largely the reason the internet is so insecure to begin with.

Here is the first part of a concoction of lessons I’m putting together of what I’ve learned in computer security.

So security lesson #1 is: Don’t click!

Unfortunately, there’s only 2 alternatives to Don’t click, which is A. pay someome to take care of security or B. Understand things and take care of security yourself.

Though in a huge organization option A may be necessary on some level, it can never be real solution, since who do you trust? Even security firms are being publicly hacked these days (which just begs the question of how many more are covert-hacked, an issue we’ll deal with shortly).

But probably you can’t afford a high top level security consultancy to come in and vett your system and train you and your people to implement best practices. And any partial or non-expert requires understanding computer security to evaluate how secure it is and whether it’s being done right.

So this security guide starts with the basics so you can at least know what people are talking about and the major issues to deal with. Bringing us to:

Security lesson #2: Research before implementing something.

Research the issues as you come to understand them, on this site and other sites. Run searches like "Thing is Bad", "Thing is good", "Thing vs other thing" etc to get a survey of the different opinions concerning the thing in question.

Now, getting back to who can you trust, when it comes to computers the answer is surprisingly few. Even people that are trying to do their best may make a simple mistake which creates a huge security flaw, and not just people you’re working with, but people writing the software you’re using.

Software is so complicated that it’s impossible for any one expert to go through any average program and say it’s totally secure, much less a huge complicated system of programs working together. Indeed, software is so complicated that any claim to security should be viewed as highly dubious whoever it is, like free energy devices. The only solution is the "open the hood" approach. If anyone can look under the hood and verify for themselves the claim, only then do we start to have faith some outrageous claim is true.

But not only do many software companies not make it easy for others to verify, they make it impossibly hard. Unlike a chair or a hammer that any organization can buy and test for themselves the makers claims, software can be encrypted and obfuscated in many ways to make it essentially impossible to "see how it works".

 


copyright 2006 - 2020 Eerik Wissenz