A mistake amateur security people always make

A small percentage of people do bad things, this is human nature, thieves existed ever since people had things that can be stolen.

And today where almost every technology product is connected to the entire world via the internet a lot of those technology products need to be secured against bad people.

The first thing security people typically try to do is to detect and block the bad things – this can be spam, viruses and other malware or even more sophisticated attacks.

Every detection system by its very nature has two ways it can fail – it can fail to detect the bad thing (this is called a “false negative”) or it can detect a good thing as bad (“false positive”).

false negatives are very visible and obvious failure and sometimes it has disastrous results – an example of a false negative is a spam message gets in your inbox or a virus gets into your computer.

Because false negatives are so obviously bad security people work very hard to avoid them, often amateur security people work takes things too far and create a system that avoids false negatives by creating lots of false positives.

False positives tend to be much less visible, for example an e-mail message that gets lost, and they almost never have disastrous results – from a security point of view.

So what if we detect a valid e-mail as spam once in a while, you are still very well protected from those evil spammers – but what if this mistakenly blocked e-mail was from someone who wants to buy a million dollar worth of products from you? does it still seems like a good tradeoff?

So what if innocent software sometimes get detected as malware, the important thing is that we don’t let actual malware into your computer – but what about the damage to the reputation of the maker of that software you misdetected?

Internet explorer has a very clever security system called “Smart Filter”, if something is popular and bad the antivirus vendors probably already took care of it already – so it blocks everything that isn’t popular with a “might be harmful” message – this is a very nice way to block unknown bad stuff but it also, by design, blocks every good small unpopular software on the internet.

I sell Giraffe Upload, a niche software product with a very small audience – you can guess how I just love Microsoft classifies my product as “might be harmful”, even with yaTimer (that is popular enough to not be harmful) I’m nervous every time I release a new version because as a new file IE never seen before it will be blocked again for who knows how long.

Everything is life is a tradeoff, when security people who don’t see the big picture makes those tradeoffs for you they give you systems that are more secure but less useful – don’t let them.

Experienced security people often understand false positives damage the system they are protecting and do very good work in preventing them – but there aren’t enough of those people, not even in big security companies that should know better.

posted @ Monday, April 8, 2013 11:26 PM

Comments on this entry:

No comments posted yet.

Your comment:

 (will not be displayed)

Please add 3 and 3 and type the answer here: