Security is not the most important thing to most people

June 2, 2013

I'm a security aware sysadmin and yet yesterday I casually admitted that I made less-secure choices because the really secure option was too annoying and potentially inconvenient. In fact this is not the only case where I make this tradeoff, picking a less secure but more convenient option.

This shouldn't really surprise people. In real life security is almost never the most important thing to people, even to security aware people. Even aware, knowledgeable people prioritize other things over security; we disable SELinux, we use fixed-keyed IPSec tunnels, we almost never try to verify new SSH host keys through out of band methods, and so on.

(This is somewhat distinct from how users don't care about security; this is people who care about security but only so far.)

One of the many reasons for this is that most people are not operating in a high-threat environment. We aren't being specifically targeted by attackers and if we take basic broad precautions we'll probably never experience a security breach. This biases almost everyone towards a tradeoff that I can describe as 'availability over security' and it also makes painful security precautions have a very low return on investment; we're being asked to invest potentially a lot of work and aggravation in exchange for what is in practice a very small gain.

(The worst case is when being 'truly secure', whatever that means, means not doing something that we want to do. When I couldn't get IKE rekeying working on my IPSec tunnel, the really secure thing would have been to say 'well, that means no IPSec tunnel at all'. Very few people are going to make that sort of tradeoff.)

(Yes, I know, I bang on this particular drum a lot. That's because I still think that a lot of people in computing have very mistaken attitudes on what security really means and how it can be achieved, attitudes that result in mistake after mistake.)

Written on 02 June 2013.
« Why I do IPSec improperly and reduce my security
SELinux's toxic mistake »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Sun Jun 2 23:42:46 2013
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.