Friday, March 21, 2008

the balance between security and complexity

security software makes us less secure?... while i'm in complete agreement that complexity is the enemy of security, i find the idea that the security agents we install on our systems necessarily make them less secure instead of more secure is oversimplified nonsense...

one wonders if those promulgating the idea have ever balanced a checkbook because (in dennis fisher's explanation at least) the positive contributions those tools make to the net security change are apparently absent...

security agent software (also known as as security tools), when used properly most certainly have a beneficial impact on security - they implement access controls, they enforce policies, they detect malicious agents, etc...

security agents also add complexity to the system, making the system more difficult to model and therefore more likely to have vulnerabilities...

but if you only look at the downside of security tools you wind up with a completely unbalanced perspective... you need to consider both their positive and negative impact on a system in order to draw rational conclusions about the overall impact...

0 comments: